mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-26 06:11:37 +00:00
bug 415034 prevent URIs with userinfo but no username. r=biesi, sr=bsmedberg, blocking1.9+
This commit is contained in:
parent
e9dc3f5dbe
commit
1fd9ee2659
@ -1126,7 +1126,7 @@ nsStandardURL::SetUserPass(const nsACString &input)
|
||||
|
||||
if (userpass.IsEmpty()) {
|
||||
// remove user:pass
|
||||
if (mUsername.mLen >= 0) {
|
||||
if (mUsername.mLen > 0) {
|
||||
if (mPassword.mLen > 0)
|
||||
mUsername.mLen += (mPassword.mLen + 1);
|
||||
mUsername.mLen++;
|
||||
@ -1263,7 +1263,7 @@ nsStandardURL::SetPassword(const nsACString &input)
|
||||
NS_ERROR("cannot set password on no-auth url");
|
||||
return NS_ERROR_UNEXPECTED;
|
||||
}
|
||||
if (mUsername.mLen < 0) {
|
||||
if (mUsername.mLen <= 0) {
|
||||
NS_ERROR("cannot set password without existing username");
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
|
@ -531,9 +531,16 @@ nsAuthURLParser::ParseUserInfo(const char *userinfo, PRInt32 userinfoLen,
|
||||
if (userinfoLen < 0)
|
||||
userinfoLen = strlen(userinfo);
|
||||
|
||||
if (userinfoLen == 0)
|
||||
return NS_ERROR_MALFORMED_URI;
|
||||
|
||||
const char *p = (const char *) memchr(userinfo, ':', userinfoLen);
|
||||
if (p) {
|
||||
// userinfo = <username:password>
|
||||
if (p == userinfo) {
|
||||
// must have a username!
|
||||
return NS_ERROR_MALFORMED_URI;
|
||||
}
|
||||
SET_RESULT(username, 0, p - userinfo);
|
||||
SET_RESULT(password, p - userinfo + 1, userinfoLen - (p - userinfo + 1));
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user