From 3c8dc87bafb464a803ab7a60f0c790cbc2f03602 Mon Sep 17 00:00:00 2001
From: "cbiesinger%gmx.at" <cbiesinger%gmx.at>
Date: Thu, 26 Jul 2007 04:04:21 +0000
Subject: [PATCH] 389580 don't allow escaped null bytes in URLs for external
 protocol handlers r=bzbarsky sr=dveditz

---
 uriloader/exthandler/nsExternalHelperAppService.cpp | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/uriloader/exthandler/nsExternalHelperAppService.cpp b/uriloader/exthandler/nsExternalHelperAppService.cpp
index d1bd09d9228..e25a5b8f765 100644
--- a/uriloader/exthandler/nsExternalHelperAppService.cpp
+++ b/uriloader/exthandler/nsExternalHelperAppService.cpp
@@ -1214,6 +1214,9 @@ NS_IMETHODIMP nsExternalHelperAppService::LoadURI(nsIURI * aURL, nsIPrompt * aPr
   nsCAutoString spec;
   aURL->GetSpec(spec);
 
+  if (spec.Find("%00") != -1)
+    return NS_ERROR_MALFORMED_URI;
+
   spec.ReplaceSubstring("\"", "%22");
   spec.ReplaceSubstring("`", "%60");