Bug 602780. Fix handling of hosts in NS_SecurityCompareURIs. r=jst, a=blocker,jst

2025-02-23 19:09:49 +00:00 · 2010-10-15 17:55:53 -04:00 · 2010-10-15 17:55:53 -04:00 · 7e51113e58
commit 7e51113e58
parent 7ef8bdbec1
2 changed files with 58 additions and 1 deletions
--- a/netwerk/base/public/nsNetUtil.h
+++ b/netwerk/base/public/nsNetUtil.h
@ -51,6 +51,7 @@

 #include "nsCRT.h"
 #include "nsIURI.h"
+#include "nsIStandardURL.h"
 #include "nsIInputStream.h"
 #include "nsIOutputStream.h"
 #include "nsISafeOutputStream.h"
@ -1629,7 +1630,7 @@ NS_SecurityHashURI(nsIURI* aURI)

    nsCAutoString host;
    PRUint32 hostHash = 0;
-    if (NS_SUCCEEDED(baseURI->GetHost(host)))
+    if (NS_SUCCEEDED(baseURI->GetAsciiHost(host)))
        hostHash = nsCRT::HashCode(host.get());

    // XOR to combine hash values
@ -1735,6 +1736,13 @@ NS_SecurityCompareURIs(nsIURI* aSourceURI,
        return PR_FALSE;
    }

+    nsCOMPtr<nsIStandardURL> targetURL(do_QueryInterface(targetBaseURI));
+    nsCOMPtr<nsIStandardURL> sourceURL(do_QueryInterface(sourceBaseURI));
+    if (!targetURL || !sourceURL)
+    {
+        return PR_FALSE;
+    }
+
 #ifdef MOZILLA_INTERNAL_API
    if (!targetHost.Equals(sourceHost, nsCaseInsensitiveCStringComparator() ))
 #else
--- a/netwerk/test/unit/test_compareURIs.js
+++ b/netwerk/test/unit/test_compareURIs.js
@ -0,0 +1,49 @@
+Components.utils.import("resource://gre/modules/NetUtil.jsm");
+
+function do_info(text, stack) {
+  if (!stack)
+    stack = Components.stack.caller;
+
+  dump("TEST-INFO | " + stack.filename + " | [" + stack.name + " : " +
+       stack.lineNumber + "] " + text + "\n");
+}
+function run_test()
+{
+    var tests = [
+	[ "http://mozilla.org/", "http://mozilla.org/somewhere/there", true ],
+	[ "http://mozilla.org/", "http://www.mozilla.org/", false ],
+	[ "http://mozilla.org/", "http://mozilla.org:80", true ],
+	[ "http://mozilla.org/", "http://mozilla.org:90", false ],
+	[ "http://mozilla.org", "https://mozilla.org", false ],
+	[ "http://mozilla.org", "https://mozilla.org:80", false ],	
+	[ "http://mozilla.org:443", "https://mozilla.org", false ],
+	[ "https://mozilla.org:443", "https://mozilla.org", true ],
+	[ "https://mozilla.org:443", "https://mozilla.org/somewhere/", true ],
+	[ "about:", "about:", false ],
+	[ "data:text/plain,text", "data:text/plain,text", false ],
+	[ "about:blank", "about:blank", false ],
+	[ "about:", "http://mozilla.org/", false ],
+	[ "about:", "about:config", false ],
+	[ "about:text/plain,text", "data:text/plain,text", false ],
+	[ "jar:http://mozilla.org/!/", "http://mozilla.org/", true ],
+	[ "view-source:http://mozilla.org/", "http://mozilla.org/", true ]
+    ];
+
+    var secman = Components.classes["@mozilla.org/scriptsecuritymanager;1"].getService(Components.interfaces.nsIScriptSecurityManager);
+
+    tests.forEach(function(aTest) {
+        do_info("Comparing " + aTest[0] + " to " + aTest[1]);
+
+	var uri1 = NetUtil.newURI(aTest[0]);
+	var uri2 = NetUtil.newURI(aTest[1]);
+
+	var equal;
+	try {
+	    secman.checkSameOriginURI(uri1, uri2, false);
+	    equal = true;
+	} catch (e) {
+	    equal = false
+	}
+	do_check_eq(equal, aTest[2]);
+    });
+}