bug 415034 prevent URIs with userinfo but no username. r=biesi, sr=bsmedberg, blocking1.9+

This commit is contained in:
dveditz@cruzio.com 2008-02-20 17:24:41 -08:00
parent e9dc3f5dbe
commit 1fd9ee2659
2 changed files with 9 additions and 2 deletions

View File

@ -1126,7 +1126,7 @@ nsStandardURL::SetUserPass(const nsACString &input)
if (userpass.IsEmpty()) {
// remove user:pass
if (mUsername.mLen >= 0) {
if (mUsername.mLen > 0) {
if (mPassword.mLen > 0)
mUsername.mLen += (mPassword.mLen + 1);
mUsername.mLen++;
@ -1263,7 +1263,7 @@ nsStandardURL::SetPassword(const nsACString &input)
NS_ERROR("cannot set password on no-auth url");
return NS_ERROR_UNEXPECTED;
}
if (mUsername.mLen < 0) {
if (mUsername.mLen <= 0) {
NS_ERROR("cannot set password without existing username");
return NS_ERROR_FAILURE;
}

View File

@ -531,9 +531,16 @@ nsAuthURLParser::ParseUserInfo(const char *userinfo, PRInt32 userinfoLen,
if (userinfoLen < 0)
userinfoLen = strlen(userinfo);
if (userinfoLen == 0)
return NS_ERROR_MALFORMED_URI;
const char *p = (const char *) memchr(userinfo, ':', userinfoLen);
if (p) {
// userinfo = <username:password>
if (p == userinfo) {
// must have a username!
return NS_ERROR_MALFORMED_URI;
}
SET_RESULT(username, 0, p - userinfo);
SET_RESULT(password, p - userinfo + 1, userinfoLen - (p - userinfo + 1));
}