Bug 1819172 - cap max-age from HTTP Strict Transport Security headers at 100 years r=jschanck

Differential Revision: https://phabricator.services.mozilla.com/D172602

security/manager/ssl/nsSiteSecurityService.cpp

@@ -557,6 +557,9 @@ static uint32_t ParseSSSHeaders(const nsCString& aHeader,
   return nsISiteSecurityService::Success;
 }
 
+// 100 years is wildly longer than anyone will ever need.
+const uint64_t sMaxMaxAgeInSeconds = UINT64_C(60 * 60 * 24 * 365 * 100);
+
 nsresult nsSiteSecurityService::ProcessSTSHeader(
     nsIURI* aSourceURI, const nsCString& aHeader,
     const OriginAttributes& aOriginAttributes, uint64_t* aMaxAge,
@@ -590,6 +593,11 @@ nsresult nsSiteSecurityService::ProcessSTSHeader(
     return NS_ERROR_FAILURE;
   }
 
+  // Cap the specified max-age.
+  if (maxAge > sMaxMaxAgeInSeconds) {
+    maxAge = sMaxMaxAgeInSeconds;
+  }
+
   nsAutoCString hostname;
   nsresult rv = GetHost(aSourceURI, hostname);
   NS_ENSURE_SUCCESS(rv, rv);

security/manager/ssl/tests/unit/test_sss_enumerate.js

@@ -5,7 +5,7 @@
 
 do_get_profile(); // must be done before instantiating nsIX509CertDB
 
-const SECS_IN_A_WEEK = 7 * 24 * 60 * 60 * 1000;
+const SECS_IN_A_WEEK = 7 * 24 * 60 * 60;
 const TESTCASES = [
   {
     hostname: "a.pinning.example.com",

security/manager/ssl/tests/unit/test_sts_parser.js

@@ -87,6 +87,9 @@ function run_test() {
   );
   testSuccess('max-age=100; unrelated="quoted \\"thingy\\""', 100, false);
 
+  // Test a max-age greater than 100 years. It will be capped at 100 years.
+  testSuccess("max-age=4294967296", 60 * 60 * 24 * 365 * 100, false);
+
   // SHOULD FAIL:
   // invalid max-ages
   testFailure("max-age");