another patch for bug 110418; r=morse, sr=alecf

2024-11-27 14:52:16 +00:00 · 2001-11-20 00:17:37 +00:00 · 2001-11-20 00:17:37 +00:00 · 6376fb70cb
commit 6376fb70cb
parent 683dc74507
1 changed files with 24 additions and 9 deletions
--- a/netwerk/base/src/nsURLParsers.cpp
+++ b/netwerk/base/src/nsURLParsers.cpp
@ -474,6 +474,8 @@ nsAuthURLParser::ParseAuthority(const char *auth, PRInt32 authLen,
                                PRUint32 *hostnamePos, PRInt32 *hostnameLen,
                                PRInt32 *port)
 {
+    nsresult rv;
+
    NS_PRECONDITION(auth, "null pointer");

    if (authLen < 0)
@ -482,21 +484,24 @@ nsAuthURLParser::ParseAuthority(const char *auth, PRInt32 authLen,
    const char *p = (const char *) memchr(auth, '@', authLen);
    if (p) {
        // auth = <user-info@server-info>
-        ParseUserInfo(auth, p - auth,
-                      usernamePos, usernameLen,
-                      passwordPos, passwordLen);
-        ParseServerInfo(p + 1, authLen - (p - auth + 1),
-                        hostnamePos, hostnameLen,
-                        port);
+        rv = ParseUserInfo(auth, p - auth,
+                           usernamePos, usernameLen,
+                           passwordPos, passwordLen);
+        if (NS_FAILED(rv)) return rv;
+        rv = ParseServerInfo(p + 1, authLen - (p - auth + 1),
+                             hostnamePos, hostnameLen,
+                             port);
+        if (NS_FAILED(rv)) return rv;
        OFFSET_RESULT(hostname, p + 1 - auth);
    }
    else {
        // auth = <server-info>
        SET_RESULT(username, 0, -1);
        SET_RESULT(password, 0, -1);
-        ParseServerInfo(auth, authLen,
-                        hostnamePos, hostnameLen,
-                        port);
+        rv = ParseServerInfo(auth, authLen,
+                             hostnamePos, hostnameLen,
+                             port);
+        if (NS_FAILED(rv)) return rv;
    }
    return NS_OK;
 }
@ -559,6 +564,16 @@ nsAuthURLParser::ParseServerInfo(const char *serverinfo, PRInt32 serverinfoLen,
        if (port)
           *port = -1;
    }
+
+    // hostname's must not contain '%' chars, as these could lead to security
+    // problems if the hostname is ever unescaped.
+    if (hostnameLen && memchr(serverinfo, '%', *hostnameLen)) {
+        SET_RESULT(hostname, 0, -1);
+        if (port)
+           *port = -1;
+        return NS_ERROR_MALFORMED_URI;
+    }
+
    return NS_OK;
 }