diff options
author | wolfbeast <mcwerewolf@gmail.com> | 2018-03-17 13:22:41 +0100 |
---|---|---|
committer | wolfbeast <mcwerewolf@gmail.com> | 2018-03-17 13:22:41 +0100 |
commit | 41bd3e2599696771485c9dc75a7e27b94c0597fb (patch) | |
tree | 120e03adef2d3551ad6e86561b747dfbbccd713c | |
parent | 191ec5415b5bc6f06cc5cd7b1d907575eb928332 (diff) | |
download | UXP-41bd3e2599696771485c9dc75a7e27b94c0597fb.tar UXP-41bd3e2599696771485c9dc75a7e27b94c0597fb.tar.gz UXP-41bd3e2599696771485c9dc75a7e27b94c0597fb.tar.lz UXP-41bd3e2599696771485c9dc75a7e27b94c0597fb.tar.xz UXP-41bd3e2599696771485c9dc75a7e27b94c0597fb.zip |
Add extra check for path traversal sanity.
-rw-r--r-- | chrome/nsChromeRegistry.cpp | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/chrome/nsChromeRegistry.cpp b/chrome/nsChromeRegistry.cpp index 0aa7f3f14..e88aca41f 100644 --- a/chrome/nsChromeRegistry.cpp +++ b/chrome/nsChromeRegistry.cpp @@ -238,6 +238,12 @@ nsChromeRegistry::Canonify(nsIURL* aChromeURL) // path is already unescaped once, but uris can get unescaped twice const char* pos = path.BeginReading(); const char* end = path.EndReading(); + // Must start with [a-zA-Z0-9]. + if (!('a' <= *pos && *pos <= 'z') && + !('A' <= *pos && *pos <= 'Z') && + !('0' <= *pos && *pos <= '9')) { + return NS_ERROR_DOM_BAD_URI; + } while (pos < end) { switch (*pos) { case ':': |