From 3b0123aa12675decc11332704997e29a819eb8ff Mon Sep 17 00:00:00 2001
From: Moonchild <moonchild@palemoon.org>
Date: Wed, 29 Jul 2020 01:21:13 +0000
Subject: [network/dom] Improve sanitization of download filenames.

---
 netwerk/base/nsBaseChannel.cpp            | 6 ++++++
 netwerk/protocol/http/HttpBaseChannel.cpp | 6 ++++++
 2 files changed, 12 insertions(+)

(limited to 'netwerk')

diff --git a/netwerk/base/nsBaseChannel.cpp b/netwerk/base/nsBaseChannel.cpp
index 2575fac04..51caa546e 100644
--- a/netwerk/base/nsBaseChannel.cpp
+++ b/netwerk/base/nsBaseChannel.cpp
@@ -579,6 +579,12 @@ NS_IMETHODIMP
 nsBaseChannel::SetContentDispositionFilename(const nsAString &aContentDispositionFilename)
 {
   mContentDispositionFilename = new nsString(aContentDispositionFilename);
+
+  // For safety reasons ensure the filename doesn't contain null characters and
+  // replace them with underscores. We may later pass the extension to system
+  // MIME APIs that expect null terminated strings.
+  mContentDispositionFilename->ReplaceChar(char16_t(0), '_');
+
   return NS_OK;
 }
 
diff --git a/netwerk/protocol/http/HttpBaseChannel.cpp b/netwerk/protocol/http/HttpBaseChannel.cpp
index a53022f71..bf8e17537 100644
--- a/netwerk/protocol/http/HttpBaseChannel.cpp
+++ b/netwerk/protocol/http/HttpBaseChannel.cpp
@@ -562,6 +562,12 @@ NS_IMETHODIMP
 HttpBaseChannel::SetContentDispositionFilename(const nsAString& aContentDispositionFilename)
 {
   mContentDispositionFilename = new nsString(aContentDispositionFilename);
+
+  // For safety reasons ensure the filename doesn't contain null characters and
+  // replace them with underscores. We may later pass the extension to system
+  // MIME APIs that expect null terminated strings.
+  mContentDispositionFilename->ReplaceChar(char16_t(0), '_');
+
   return NS_OK;
 }
 
-- 
cgit v1.2.3