From ae14556114dcae29f679db7c15f0bc9b707bb89a Mon Sep 17 00:00:00 2001 From: janekptacijarabaci Date: Sun, 15 Apr 2018 07:29:18 +0200 Subject: moebius#130: URL parser - fix: don't allow empty host name https://github.com/MoonchildProductions/moebius/issues/130 --- netwerk/base/nsStandardURL.cpp | 31 +++++++++++++++++++++---------- 1 file changed, 21 insertions(+), 10 deletions(-) (limited to 'netwerk/base') diff --git a/netwerk/base/nsStandardURL.cpp b/netwerk/base/nsStandardURL.cpp index bc1350f28..983e938ca 100644 --- a/netwerk/base/nsStandardURL.cpp +++ b/netwerk/base/nsStandardURL.cpp @@ -1483,6 +1483,11 @@ nsStandardURL::SetSpec(const nsACString &input) rv = BuildNormalizedSpec(spec); } + // Make sure that a URLTYPE_AUTHORITY has a non-empty hostname. + if (mURLType == URLTYPE_AUTHORITY && mHost.mLen == -1) { + rv = NS_ERROR_MALFORMED_URI; + } + if (NS_FAILED(rv)) { Clear(); // If parsing the spec has failed, restore the old URL @@ -3092,20 +3097,26 @@ nsStandardURL::SetFile(nsIFile *file) rv = net_GetURLSpecFromFile(file, url); if (NS_FAILED(rv)) return rv; - SetSpec(url); + uint32_t oldURLType = mURLType; + uint32_t oldDefaultPort = mDefaultPort; + rv = Init(nsIStandardURL::URLTYPE_NO_AUTHORITY, -1, url, nullptr, nullptr); - rv = Init(mURLType, mDefaultPort, url, nullptr, nullptr); + if (NS_FAILED(rv)) { + // Restore the old url type and default port if the call to Init fails. + mURLType = oldURLType; + mDefaultPort = oldDefaultPort; + return rv; + } // must clone |file| since its value is not guaranteed to remain constant - if (NS_SUCCEEDED(rv)) { - InvalidateCache(); - if (NS_FAILED(file->Clone(getter_AddRefs(mFile)))) { - NS_WARNING("nsIFile::Clone failed"); - // failure to clone is not fatal (GetFile will generate mFile) - mFile = nullptr; - } + InvalidateCache(); + if (NS_FAILED(file->Clone(getter_AddRefs(mFile)))) { + NS_WARNING("nsIFile::Clone failed"); + // failure to clone is not fatal (GetFile will generate mFile) + mFile = nullptr; } - return rv; + + return NS_OK; } //---------------------------------------------------------------------------- -- cgit v1.2.3 From f138ec95d9d2c9faba019e52467beeed2a73b4f5 Mon Sep 17 00:00:00 2001 From: janekptacijarabaci Date: Sun, 15 Apr 2018 08:09:17 +0200 Subject: moebius#131: URL parser - stop preserving empty passwords https://github.com/MoonchildProductions/moebius/issues/131 --- netwerk/base/nsStandardURL.cpp | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) (limited to 'netwerk/base') diff --git a/netwerk/base/nsStandardURL.cpp b/netwerk/base/nsStandardURL.cpp index 983e938ca..21c4cf7fd 100644 --- a/netwerk/base/nsStandardURL.cpp +++ b/netwerk/base/nsStandardURL.cpp @@ -781,11 +781,13 @@ nsStandardURL::BuildNormalizedSpec(const char *spec) i = AppendSegmentToBuf(buf, i, spec, username, mUsername, &encUsername, useEncUsername, &diff); ShiftFromPassword(diff); - if (password.mLen >= 0) { + if (password.mLen > 0) { buf[i++] = ':'; i = AppendSegmentToBuf(buf, i, spec, password, mPassword, &encPassword, useEncPassword, &diff); ShiftFromHost(diff); + } else { + mPassword.mLen = -1; } buf[i++] = '@'; } @@ -1621,7 +1623,7 @@ nsStandardURL::SetUserPass(const nsACString &input) usernameLen), esc_Username | esc_AlwaysCopy, buf, ignoredOut); - if (passwordLen >= 0) { + if (passwordLen > 0) { buf.Append(':'); passwordLen = encoder.EncodeSegmentCount(userpass.get(), URLSegment(passwordPos, @@ -1629,6 +1631,8 @@ nsStandardURL::SetUserPass(const nsACString &input) esc_Password | esc_AlwaysCopy, buf, ignoredOut); + } else { + passwordLen = -1; } if (mUsername.mLen < 0) buf.Append('@'); @@ -1659,8 +1663,10 @@ nsStandardURL::SetUserPass(const nsACString &input) // update positions and lengths mUsername.mLen = usernameLen; mPassword.mLen = passwordLen; - if (passwordLen) + if (passwordLen > 0) { mPassword.mPos = mUsername.mPos + mUsername.mLen + 1; + } + return NS_OK; } -- cgit v1.2.3