Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-26 06:11:37 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

bug 415034 prevent URIs with userinfo but no username. r=biesi, sr=bsmedberg, blocking1.9+

Browse Source
This commit is contained in:
dveditz@cruzio.com 2008-02-20 17:24:41 -08:00
parent e9dc3f5dbe
commit 1fd9ee2659
2 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
netwerk/base/src/nsStandardURL.cpp
View File

@ -1126,7 +1126,7 @@ nsStandardURL::SetUserPass(const nsACString &input)
if (userpass.IsEmpty()) { if (userpass.IsEmpty()) {
// remove user:pass // remove user:pass
if (mUsername.mLen >= 0) { if (mUsername.mLen > 0) {
if (mPassword.mLen > 0) if (mPassword.mLen > 0)
mUsername.mLen += (mPassword.mLen + 1); mUsername.mLen += (mPassword.mLen + 1);
mUsername.mLen++; mUsername.mLen++;
@ -1263,7 +1263,7 @@ nsStandardURL::SetPassword(const nsACString &input)
NS_ERROR("cannot set password on no-auth url"); NS_ERROR("cannot set password on no-auth url");
return NS_ERROR_UNEXPECTED; return NS_ERROR_UNEXPECTED;
} }
if (mUsername.mLen < 0) { if (mUsername.mLen <= 0) {
NS_ERROR("cannot set password without existing username"); NS_ERROR("cannot set password without existing username");
return NS_ERROR_FAILURE; return NS_ERROR_FAILURE;
} }

7
netwerk/base/src/nsURLParsers.cpp
View File

@ -531,9 +531,16 @@ nsAuthURLParser::ParseUserInfo(const char *userinfo, PRInt32 userinfoLen,
if (userinfoLen < 0) if (userinfoLen < 0)
userinfoLen = strlen(userinfo); userinfoLen = strlen(userinfo);
if (userinfoLen == 0)
return NS_ERROR_MALFORMED_URI;
const char *p = (const char *) memchr(userinfo, ':', userinfoLen); const char *p = (const char *) memchr(userinfo, ':', userinfoLen);
if (p) { if (p) {
// userinfo = <username:password> // userinfo = <username:password>
if (p == userinfo) {
// must have a username!
return NS_ERROR_MALFORMED_URI;
}
SET_RESULT(username, 0, p - userinfo); SET_RESULT(username, 0, p - userinfo);
SET_RESULT(password, p - userinfo + 1, userinfoLen - (p - userinfo + 1)); SET_RESULT(password, p - userinfo + 1, userinfoLen - (p - userinfo + 1));
} }