Fixing bug 250909. Make ftp: URIs containing %00 invalid. r=bzbarsky@mit.edu, sr=darin@meer.net

2004-07-30 02:45:46 +00:00 · 2004-07-30 02:45:46 +00:00 · 32c70bc52a
--- a/netwerk/protocol/ftp/src/nsFtpConnectionThread.cpp
+++ b/netwerk/protocol/ftp/src/nsFtpConnectionThread.cpp
@ -2197,17 +2197,18 @@ nsFtpState::Init(nsIFTPChannel* aChannel,
    if (NS_FAILED(rv)) return rv;

    // Skip leading slash
-    char* fwdPtr = path.BeginWriting();
+    char *fwdPtr = path.BeginWriting();
    if (fwdPtr && (*fwdPtr == '/'))
        fwdPtr++;
    if (*fwdPtr != '\0') {
        // now unescape it... %xx reduced inline to resulting character
-        NS_UnescapeURL(fwdPtr);
-        mPath.Assign(fwdPtr);
+        PRInt32 len = NS_UnescapeURL(fwdPtr);
+        mPath.Assign(fwdPtr, len);

-        // return an error if we find a CR or LF in the path
+#ifdef DEBUG
        if (mPath.FindCharInSet(CRLF) >= 0)
-            return NS_ERROR_MALFORMED_URI;
+            NS_ERROR("NewURI() should've prevented this!!!");
+#endif
    }

    // pull any username and/or password out of the uri
--- a/netwerk/protocol/ftp/src/nsFtpProtocolHandler.cpp
+++ b/netwerk/protocol/ftp/src/nsFtpProtocolHandler.cpp
@ -64,6 +64,7 @@
 #include "nsIPrefService.h"
 #include "nsIPrefBranchInternal.h"
 #include "nsIObserverService.h"
+#include "nsEscape.h"

 //-----------------------------------------------------------------------------

@ -189,11 +190,19 @@ nsFtpProtocolHandler::NewURI(const nsACString &aSpec,
                             nsIURI *aBaseURI,
                             nsIURI **result)
 {
-    // FindCharInSet isn't available right now for nsACstrings
-    // so we use FindChar instead
+    nsCAutoString spec(aSpec);
+    char *fwdPtr = spec.BeginWriting();

-    // ftp urls should not have \r or \n in them
-    if (aSpec.FindChar('\r') >= 0 || aSpec.FindChar('\n') >= 0)
+    // now unescape it... %xx reduced inline to resulting character
+
+    PRInt32 len = NS_UnescapeURL(fwdPtr);
+
+    // NS_UnescapeURL() modified spec's buffer, truncate to ensure
+    // spec knows its new length.
+    spec.Truncate(len);
+
+    // return an error if we find a NUL, CR, or LF in the path
+    if (spec.FindCharInSet(CRLF) >= 0 || spec.FindChar('\0') >= 0)
        return NS_ERROR_MALFORMED_URI;

    nsresult rv;