From fa4080a0a7654b98295215185bb2180e647d8638 Mon Sep 17 00:00:00 2001 From: Valentin Gosu Date: Wed, 25 May 2016 16:23:38 +0200 Subject: [PATCH] Bug 1272284 - Encode C0 controls in path, query and hash r=mcmanus MozReview-Commit-ID: 1zGRjVmAWts --- netwerk/base/nsStandardURL.cpp | 17 +++---------- netwerk/test/unit/test_standardurl.js | 36 +++++++++++++++++++++++++++ 2 files changed, 40 insertions(+), 13 deletions(-) diff --git a/netwerk/base/nsStandardURL.cpp b/netwerk/base/nsStandardURL.cpp index c6aec07069d5..1409c7591e8a 100644 --- a/netwerk/base/nsStandardURL.cpp +++ b/netwerk/base/nsStandardURL.cpp @@ -1307,11 +1307,6 @@ nsStandardURL::SetSpec(const nsACString &input) return NS_ERROR_MALFORMED_URI; } - // NUL characters aren't allowed in the filtered URI. - if (filteredURI.Contains('\0')) { - return NS_ERROR_MALFORMED_URI; - } - // Make a backup of the curent URL nsStandardURL prevURL(false,false); prevURL.CopyMembers(this, eHonorRef); @@ -2525,7 +2520,7 @@ nsStandardURL::SetFilePath(const nsACString &input) int32_t dirLen, baseLen, extLen; nsresult rv; - rv = mParser->ParseFilePath(filepath, -1, + rv = mParser->ParseFilePath(filepath, flat.Length(), &dirPos, &dirLen, &basePos, &baseLen, &extPos, &extLen); @@ -2614,7 +2609,7 @@ nsStandardURL::SetQuery(const nsACString &input) return NS_OK; } - int32_t queryLen = strlen(query); + int32_t queryLen = flat.Length(); if (query[0] == '?') { query++; queryLen--; @@ -2664,10 +2659,6 @@ nsStandardURL::SetRef(const nsACString &input) LOG(("nsStandardURL::SetRef [ref=%s]\n", ref)); - if (input.Contains('\0')) { - return NS_ERROR_MALFORMED_URI; - } - if (mPath.mLen < 0) return SetPath(flat); @@ -2694,7 +2685,7 @@ nsStandardURL::SetRef(const nsACString &input) ref++; refLen--; } - + if (mRef.mLen < 0) { mSpec.Append('#'); ++mPath.mLen; // Include the # in the path. @@ -2765,7 +2756,7 @@ nsStandardURL::SetFileName(const nsACString &input) URLSegment basename, extension; // let the parser locate the basename and extension - rv = mParser->ParseFileName(filename, -1, + rv = mParser->ParseFileName(filename, flat.Length(), &basename.mPos, &basename.mLen, &extension.mPos, &extension.mLen); if (NS_FAILED(rv)) return rv; diff --git a/netwerk/test/unit/test_standardurl.js b/netwerk/test/unit/test_standardurl.js index 234c46d1113b..f8ffac069cc1 100644 --- a/netwerk/test/unit/test_standardurl.js +++ b/netwerk/test/unit/test_standardurl.js @@ -356,3 +356,39 @@ add_test(function test_trim_C0_and_space() Assert.throws(() => { url.spec = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19 "; }, "set empty spec"); run_next_test(); }); + +// This tests that C0-and-space characters in the path, query and ref are +// percent encoded. +add_test(function test_encode_C0_and_space() +{ + function toHex(d) { + var hex = d.toString(16); + if (hex.length == 1) + hex = "0"+hex; + return hex.toUpperCase(); + } + + for (var i=0x0; i<=0x20; i++) { + // These characters get filtered - they are not encoded. + if (String.fromCharCode(i) == '\r' || + String.fromCharCode(i) == '\n' || + String.fromCharCode(i) == '\t') { + continue; + } + var url = stringToURL("http://example.com/pa" + String.fromCharCode(i) + "th?qu" + String.fromCharCode(i) +"ery#ha" + String.fromCharCode(i) + "sh"); + do_check_eq(url.spec, "http://example.com/pa%" + toHex(i) + "th?qu%" + toHex(i) + "ery#ha%" + toHex(i) + "sh"); + } + + // Additionally, we need to check the setters. + var url = stringToURL("http://example.com/path?query#hash"); + url.filePath = "pa\0th"; + do_check_eq(url.spec, "http://example.com/pa%00th?query#hash"); + url.query = "qu\0ery"; + do_check_eq(url.spec, "http://example.com/pa%00th?qu%00ery#hash"); + url.ref = "ha\0sh"; + do_check_eq(url.spec, "http://example.com/pa%00th?qu%00ery#ha%00sh"); + url.fileName = "fi\0le.name"; + do_check_eq(url.spec, "http://example.com/fi%00le.name?qu%00ery#ha%00sh"); + + run_next_test(); +});