From 59741b54f41422a9bd73e3fb05bfd2c0d843409c Mon Sep 17 00:00:00 2001 From: "darin%meer.net" Date: Tue, 8 Nov 2005 19:18:14 +0000 Subject: [PATCH] fixes bug 315411 "fail to check the IDN is in whitelist if user inputs un-normalized URL in URL bar" patch by Masayuki Nakano , r=jshin, sr=darin --- netwerk/base/src/nsStandardURL.cpp | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/netwerk/base/src/nsStandardURL.cpp b/netwerk/base/src/nsStandardURL.cpp index d5aadfcd427..c9ccc0ba61d 100644 --- a/netwerk/base/src/nsStandardURL.cpp +++ b/netwerk/base/src/nsStandardURL.cpp @@ -864,10 +864,24 @@ nsStandardURL::ACEtoDisplayIDN(const nsCSubstring &host, nsCString &result) /* static */ nsresult nsStandardURL::UTF8toDisplayIDN(const nsCSubstring &host, nsCString &result) { - if (gShowPunycode || !IsInWhitelist(host)) + // We have to normalize the hostname before testing against the domain + // whitelist. See bug 315411. + + nsCAutoString temp; + if (gShowPunycode || NS_FAILED(gIDN->Normalize(host, temp))) return gIDN->ConvertUTF8toACE(host, result); - return gIDN->Normalize(host, result); + PRBool isACE = PR_FALSE; + gIDN->IsACE(temp, &isACE); + + // If host is converted to ACE by the normalizer, then the host may contain + // unsafe characters. See bug 283016, bug 301694, and bug 309311. + + if (!isACE && !IsInWhitelist(temp)) + return gIDN->ConvertUTF8toACE(temp, result); + + result = temp; + return NS_OK; } /* static */ PRBool @@ -876,6 +890,8 @@ nsStandardURL::IsInWhitelist(const nsCSubstring &host) PRInt32 pos; PRBool safe; + // XXX This code uses strings inefficiently. + if (gIDNWhitelistPrefBranch && (pos = nsCAutoString(host).RFind(".")) != kNotFound && NS_SUCCEEDED(gIDNWhitelistPrefBranch-> @@ -2423,7 +2439,6 @@ nsStandardURL::GetFile(nsIFile **result) if (NS_FAILED(rv)) return rv; - #if defined(PR_LOGGING) if (LOG_ENABLED()) { nsCAutoString path;