Sanitize default user agents.

Fixes bumptech#2331.

Author: sjudd

library/src/main/java/com/bumptech/glide/load/model/LazyHeaders.java

@@ -1,5 +1,6 @@
 package com.bumptech.glide.load.model;
 
+import android.support.annotation.VisibleForTesting;
 import android.text.TextUtils;
 import java.util.ArrayList;
 import java.util.Collections;
@@ -99,7 +100,7 @@ public int hashCode() {
   @SuppressWarnings("PMD.FieldDeclarationsShouldBeAtStartOfClass")
   public static final class Builder {
     private static final String USER_AGENT_HEADER = "User-Agent";
-    private static final String DEFAULT_USER_AGENT = System.getProperty("http.agent");
+    private static final String DEFAULT_USER_AGENT = getSanitizedUserAgent();
     private static final Map<String, List<LazyHeaderFactory>> DEFAULT_HEADERS;
 
     // Set Accept-Encoding header to do our best to avoid gzip since it's both inefficient for
@@ -221,6 +222,31 @@ private Map<String, List<LazyHeaderFactory>> copyHeaders() {
       }
       return result;
     }
+
+    /**
+     * Ensures that the default header will pass OkHttp3's checks for header values.
+     *
+     * <p>See #2331.
+     */
+    @VisibleForTesting
+    static String getSanitizedUserAgent() {
+      String defaultUserAgent = System.getProperty("http.agent");
+      if (TextUtils.isEmpty(defaultUserAgent)) {
+        return defaultUserAgent;
+      }
+
+      int length = defaultUserAgent.length();
+      StringBuilder sb = new StringBuilder(defaultUserAgent.length());
+      for (int i = 0; i < length; i++) {
+        char c = defaultUserAgent.charAt(i);
+        if ((c > '\u001f' || c == '\t') && c < '\u007f') {
+          sb.append(c);
+        } else {
+          sb.append('?');
+        }
+      }
+      return sb.toString();
+    }
   }
 
   static final class StringHeaderFactory implements LazyHeaderFactory {

library/src/test/java/com/bumptech/glide/load/model/LazyHeadersTest.java

@@ -35,6 +35,43 @@ public void tearDown() {
     }
   }
 
+  // Tests for #2331.
+  @Test
+  public void getSanitizedUserAgent_withInvalidAgent_returnsAgentWithInvalidCharactersRemoved() {
+    String invalidUserAgent =
+        "Dalvik/2.1.0 (Linux; U; Android 5.0; P98 4G八核版(A8H8) Build/LRX21M)";
+    String validUserAgent = "Dalvik/2.1.0 (Linux; U; Android 5.0; P98 4G???(A8H8) Build/LRX21M)";
+    System.setProperty(DEFAULT_USER_AGENT_PROPERTY, invalidUserAgent);
+    assertThat(LazyHeaders.Builder.getSanitizedUserAgent()).isEqualTo(validUserAgent);
+  }
+
+  @Test
+  public void getSanitizedUserAgent_withValidAgent_returnsUnmodifiedAgent() {
+    String validUserAgent = "Dalvik/2.1.0 (Linux; U; Android 5.0; P98 4G(A8H8) Build/LRX21M)";
+    System.setProperty(DEFAULT_USER_AGENT_PROPERTY, validUserAgent);
+    assertThat(LazyHeaders.Builder.getSanitizedUserAgent()).isEqualTo(validUserAgent);
+  }
+
+  @Test
+  public void getSanitizedUserAgent_withMissingAgent_returnsNull() {
+    System.clearProperty(DEFAULT_USER_AGENT_PROPERTY);
+    assertThat(LazyHeaders.Builder.getSanitizedUserAgent()).isNull();
+  }
+
+  @Test
+  public void getSanitizedUserAgent_withEmptyStringAgent_returnsEmptyString() {
+    String userAgent = "";
+    System.setProperty(DEFAULT_USER_AGENT_PROPERTY, userAgent);
+    assertThat(LazyHeaders.Builder.getSanitizedUserAgent()).isEqualTo(userAgent);
+  }
+
+  @Test
+  public void getSanitizedUserAgent_withWhitespace_returnsWhitespaceString() {
+    String userAgent = "  \t";
+    System.setProperty(DEFAULT_USER_AGENT_PROPERTY, userAgent);
+    assertThat(LazyHeaders.Builder.getSanitizedUserAgent()).isEqualTo(userAgent);
+  }
+
   @Test
   public void testIncludesEagerHeaders() {
     Map<String, String> headers = new Builder()