Bug 328707 - Allow only valid IP/Hostname for Proxy Config, r=mconley,necko-reviewers,valentin

Differential Revision: https://phabricator.services.mozilla.com/D198425
2024-11-24 05:11:16 +00:00 · 2024-01-22 14:28:41 +00:00 · 2024-01-22 14:28:41 +00:00 · 14dff606df
commit 14dff606df
parent 4259a99082
5 changed files with 86 additions and 7 deletions
--- a/browser/components/preferences/dialogs/connection.js
+++ b/browser/components/preferences/dialogs/connection.js
@ -83,7 +83,7 @@ var gConnectionsDialog = {
      "network.proxy.share_proxy_settings"
    );

-    // If the port is 0 and the proxy server is specified, focus on the port and cancel submission.
+    // If the proxy server (when specified) is invalid or the port is set to 0 then cancel submission.
    for (let prefName of ["http", "ssl", "socks"]) {
      let proxyPortPref = Preferences.get(
        "network.proxy." + prefName + "_port"
@ -93,14 +93,21 @@ var gConnectionsDialog = {
      // all ports except the HTTP and SOCKS port
      if (
        proxyPref.value != "" &&
-        proxyPortPref.value == 0 &&
        (prefName == "http" || prefName == "socks" || !shareProxiesPref.value)
      ) {
-        document
-          .getElementById("networkProxy" + prefName.toUpperCase() + "_Port")
-          .focus();
-        event.preventDefault();
-        return;
+        if (proxyPortPref.value == 0) {
+          document
+            .getElementById("networkProxy" + prefName.toUpperCase() + "_Port")
+            .focus();
+          event.preventDefault();
+          return;
+        } else if (!Services.io.isValidHostname(proxyPref.value)) {
+          document
+            .getElementById("networkProxy" + prefName.toUpperCase())
+            .focus();
+          event.preventDefault();
+          return;
+        }
      }
    }

--- a/browser/components/preferences/tests/browser.toml
+++ b/browser/components/preferences/tests/browser.toml
@ -62,6 +62,8 @@ skip-if = ["verify && debug && (os == 'linux' || os == 'mac')"]

 ["browser_connection_bug388287.js"]

+["browser_connection_valid_hostname.js"]
+
 ["browser_containers_name_input.js"]

 ["browser_contentblocking.js"]
--- a/browser/components/preferences/tests/browser_connection_valid_hostname.js
+++ b/browser/components/preferences/tests/browser_connection_valid_hostname.js
@ -0,0 +1,55 @@
+/* Any copyright is dedicated to the Public Domain.
+   http://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+add_task(async function test_valid_hostname() {
+  await openPreferencesViaOpenPreferencesAPI("general", { leaveOpen: true });
+  const connectionURL =
+    "chrome://browser/content/preferences/dialogs/connection.xhtml";
+  let dialog = await openAndLoadSubDialog(connectionURL);
+  let dialogElement = dialog.document.getElementById("ConnectionsDialog");
+
+  let oldNetworkProxyType = Services.prefs.getIntPref("network.proxy.type");
+  registerCleanupFunction(function () {
+    Services.prefs.setIntPref("network.proxy.type", oldNetworkProxyType);
+    Services.prefs.clearUserPref("network.proxy.share_proxy_settings");
+    for (let proxyType of ["http", "ssl", "socks"]) {
+      Services.prefs.clearUserPref("network.proxy." + proxyType);
+      Services.prefs.clearUserPref("network.proxy." + proxyType + "_port");
+      if (proxyType == "http") {
+        continue;
+      }
+      Services.prefs.clearUserPref("network.proxy.backup." + proxyType);
+      Services.prefs.clearUserPref(
+        "network.proxy.backup." + proxyType + "_port"
+      );
+    }
+  });
+
+  let proxyType = dialog.Preferences.get("network.proxy.type");
+  let httpPref = dialog.Preferences.get("network.proxy.http");
+  let httpPortPref = dialog.Preferences.get("network.proxy.http_port");
+  proxyType.value = 1;
+  httpPortPref.value = 1234;
+
+  httpPref.value = "bad://hostname";
+  let beforeAcceptCalled = BrowserTestUtils.waitForEvent(
+    dialogElement,
+    "beforeaccept"
+  );
+  dialogElement.acceptDialog();
+  let event = await beforeAcceptCalled;
+  Assert.ok(event.defaultPrevented, "The dialog was not accepted");
+
+  httpPref.value = "goodhostname";
+  beforeAcceptCalled = BrowserTestUtils.waitForEvent(
+    dialogElement,
+    "beforeaccept"
+  );
+  dialogElement.acceptDialog();
+  event = await beforeAcceptCalled;
+  Assert.ok(!event.defaultPrevented, "The dialog was accepted");
+
+  gBrowser.removeCurrentTab();
+});
--- a/netwerk/base/nsIIOService.idl
+++ b/netwerk/base/nsIIOService.idl
@ -228,6 +228,14 @@ interface nsIIOService : nsISupports
     */
    boolean hostnameIsSharedIPAddress(in nsIURI aURI);

+    /**
+     * Checks if a hostname is valid.
+     *
+     * @param AUTF8String hostname is the hostname to validate
+     * @return true if the hostname is valid, else false
+     */
+    boolean isValidHostname(in AUTF8String hostname);
+
    /**
     * While this is set, IOService will monitor an nsINetworkLinkService
     * (if available) and set its offline status to "true" whenever
--- a/netwerk/base/nsIOService.cpp
+++ b/netwerk/base/nsIOService.cpp
@ -962,6 +962,13 @@ nsIOService::HostnameIsSharedIPAddress(nsIURI* aURI, bool* aResult) {
  return NS_OK;
 }

+NS_IMETHODIMP
+nsIOService::IsValidHostname(const nsACString& inHostname, bool* aResult) {
+  *aResult = net_IsValidHostName(inHostname);
+
+  return NS_OK;
+}
+
 NS_IMETHODIMP
 nsIOService::GetProtocolFlags(const char* scheme, uint32_t* flags) {
  NS_ENSURE_ARG_POINTER(scheme);