bug 370445 prevent embedded nulls when setting location.hostname. r=bz, sr=dbaron, a=jay

2007-02-16 01:10:39 +00:00 · 2007-02-16 01:10:39 +00:00 · a86af11b7f
--- a/netwerk/base/src/nsSimpleURI.cpp
+++ b/netwerk/base/src/nsSimpleURI.cpp
@ -165,7 +165,7 @@ nsSimpleURI::SetSpec(const nsACString &aSpec)
    NS_EscapeURL(specPtr, specLen, esc_OnlyNonASCII|esc_AlwaysCopy, spec);

    PRInt32 pos = spec.FindChar(':');
-    if (pos == -1)
+    if (pos == -1 || !net_IsValidScheme(spec.get(), pos))
        return NS_ERROR_MALFORMED_URI;

    mScheme.Truncate();
@ -193,7 +193,13 @@ NS_IMETHODIMP
 nsSimpleURI::SetScheme(const nsACString &scheme)
 {
    NS_ENSURE_STATE(mMutable);
-    
+
+    const nsPromiseFlatCString &flat = PromiseFlatCString(scheme);
+    if (!net_IsValidScheme(flat)) {
+        NS_ERROR("the given url scheme contains invalid characters");
+        return NS_ERROR_MALFORMED_URI;
+    }
+
    mScheme = scheme;
    ToLowerCase(mScheme);
    return NS_OK;
--- a/netwerk/base/src/nsStandardURL.cpp
+++ b/netwerk/base/src/nsStandardURL.cpp
@ -516,6 +516,8 @@ nsStandardURL::BuildNormalizedSpec(const char *spec)
    if (mHost.mLen > 0) {
        const nsCSubstring& tempHost =
            Substring(spec + mHost.mPos, spec + mHost.mPos + mHost.mLen);
+        if (tempHost.FindChar('\0') != kNotFound)
+            return NS_ERROR_MALFORMED_URI;  // null embedded in hostname
        if ((useEncHost = NormalizeIDN(tempHost, encHost)))
            approxLen += encHost.Length();
        else
@ -1427,6 +1429,9 @@ nsStandardURL::SetHost(const nsACString &input)
        return NS_ERROR_UNEXPECTED;
    }

+    if (host && strlen(host) < flat.Length())
+        return NS_ERROR_MALFORMED_URI; // found embedded null
+
    // For consistency with SetSpec/nsURLParsers, don't allow spaces
    // in the hostname.
    if (strchr(host, ' '))
--- a/netwerk/base/src/nsURLHelper.cpp
+++ b/netwerk/base/src/nsURLHelper.cpp
@ -507,11 +507,12 @@ net_ExtractURLScheme(const nsACString &inURI,
 PRBool
 net_IsValidScheme(const char *scheme, PRUint32 schemeLen)
 {
-    // first char much be alpha
+    // first char must be alpha
    if (!nsCRT::IsAsciiAlpha(*scheme))
        return PR_FALSE;
-    
-    for (; schemeLen && *scheme; ++scheme, --schemeLen) {
+
+    // nsCStrings may have embedded nulls -- reject those too
+    for (; schemeLen; ++scheme, --schemeLen) {
        if (!(nsCRT::IsAsciiAlpha(*scheme) ||
              nsCRT::IsAsciiDigit(*scheme) ||
              *scheme == '+' ||