mozilla
/
pjs
зеркало из https://github.com/mozilla/pjs.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Fix 18886 - handle http 305 response correctly to close the potential 

security hole
This commit is contained in:
ruslan%netscape.com 2000-05-17 00:11:12 +00:00
Родитель adfe028e7d
Коммит e781f23303
2 изменённых файлов: 51 добавлений и 19 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

66
netwerk/protocol/http/src/nsHTTPChannel.cpp
Просмотреть файл

@ -1431,13 +1431,16 @@ nsresult nsHTTPChannel::ReportProgress(PRUint32 aProgress,
nsresult nsHTTPChannel::Redirect(const char *aNewLocation,
nsIChannel **aResult)
nsIChannel **aResult, PRInt32 aStatusCode)
{
nsresult rv;
nsCOMPtr<nsIURI> newURI;
nsCOMPtr<nsIChannel> channel;
PRBool checkSecurity = PR_TRUE;
nsXPIDLCString proxyHost;
PRInt32 proxyPort;
*aResult = nsnull;
//
@ -1446,22 +1449,42 @@ nsresult nsHTTPChannel::Redirect(const char *aNewLocation,
//
NS_WITH_SERVICE(nsIIOService, serv, kIOServiceCID, &rv);
if (NS_FAILED(rv)) return rv;
rv = serv->NewURI(aNewLocation, mURI, getter_AddRefs(newURI));
if (NS_FAILED(rv)) return rv;
PRBool eq = PR_FALSE;
rv = mURI->Equals(newURI, &eq);
if (eq)
if (aStatusCode == 305) // Use-Proxy
{
// loop detected
// ruslan/24884
rv = serv->NewURI(LOOPING_REDIRECT_ERROR_URI, mURI, getter_AddRefs(newURI));
if (NS_FAILED(rv)) return rv;
checkSecurity = PR_FALSE;
newURI = mURI;
nsCOMPtr<nsIURI> tmpURI;
rv = serv->NewURI(aNewLocation, mURI, getter_AddRefs(tmpURI));
if (NS_FAILED(rv))
return rv;
tmpURI -> GetHost (getter_Copies (proxyHost));
tmpURI -> GetPort (&proxyPort);
if (proxyPort == -1)
proxyPort = 80;
}
else
{
rv = serv->NewURI(aNewLocation, mURI, getter_AddRefs(newURI));
if (NS_FAILED(rv)) return rv;
PRBool eq = PR_FALSE;
rv = mURI->Equals(newURI, &eq);
if (eq)
{
// loop detected
// ruslan/24884
rv = serv->NewURI(LOOPING_REDIRECT_ERROR_URI, mURI, getter_AddRefs(newURI));
if (NS_FAILED(rv)) return rv;
checkSecurity = PR_FALSE;
}
}
//
// Move the Reference of the old location to the new one
@ -1525,6 +1548,7 @@ nsresult nsHTTPChannel::Redirect(const char *aNewLocation,
// Convey the referrer if one was used for this channel to the next one-
nsXPIDLCString referrer;
GetRequestHeader(nsHTTPAtoms::Referer, getter_Copies(referrer));
if (referrer && *referrer)
{
nsCOMPtr<nsIHTTPChannel> httpChannel = do_QueryInterface(channel);
@ -1532,6 +1556,14 @@ nsresult nsHTTPChannel::Redirect(const char *aNewLocation,
httpChannel->SetRequestHeader(nsHTTPAtoms::Referer, referrer);
}
if (aStatusCode == 305) // Use Proxy
{
nsCOMPtr<nsIProxy> httpProxy = do_QueryInterface(channel);
httpProxy -> SetProxyHost (proxyHost);
httpProxy -> SetProxyPort (proxyPort);
}
// Start the redirect...
nsIStreamListener *sl = mResponseDataListener;
nsHTTPFinalListener *fl = NS_STATIC_CAST (nsHTTPFinalListener*, sl);
@ -2125,11 +2157,11 @@ nsHTTPChannel::ProcessRedirection(PRInt32 aStatusCode)
mResponse->GetHeader(nsHTTPAtoms::Location, getter_Copies(location));
if (((301 == aStatusCode) || (302 == aStatusCode)) && (location))
if (((301 == aStatusCode) || (302 == aStatusCode) || (aStatusCode == 305)) && (location))
{
nsCOMPtr<nsIChannel> channel;
rv = Redirect(location, getter_AddRefs(channel));
rv = Redirect(location, getter_AddRefs(channel), aStatusCode);
if (NS_FAILED(rv)) return rv;
// Abort the current response... This will disconnect the consumer from

4
netwerk/protocol/http/src/nsHTTPChannel.h
Просмотреть файл

@ -47,7 +47,7 @@ class nsHTTPRequest;
class nsHTTPResponse;
class nsICachedNetData;
#define LOOPING_REDIRECT_ERROR_URI "chrome://necko/content/redirect_loop.xul"
#define LOOPING_REDIRECT_ERROR_URI "chrome://packages/core/necko/content/redirect_loop.xul"
// Utility functions- TODO share from nsURLHelpers...
nsresult
@ -90,7 +90,7 @@ public:
nsresult Init();
nsresult Open(PRBool bIgnoreCache=PR_FALSE);
nsresult Redirect(const char *aURL,
nsIChannel **aResult);
nsIChannel **aResult, PRInt32 aStatusCode);
nsresult ResponseCompleted(nsIStreamListener *aListener,
nsresult aStatus,