aboutsummaryrefslogtreecommitdiffstats
path: root/www/firefox/files
diff options
context:
space:
mode:
authorpav <pav@FreeBSD.org>2005-09-11 01:24:31 +0800
committerpav <pav@FreeBSD.org>2005-09-11 01:24:31 +0800
commit2a9444045bb385e9ddbe953d56c2ceb430f22d3c (patch)
treea972650fb9cdcae2c1a3f84d20716d651852c3a1 /www/firefox/files
parent237c31fb3140faf8bda7f3ab4a51350f77f78709 (diff)
downloadfreebsd-ports-gnome-2a9444045bb385e9ddbe953d56c2ceb430f22d3c.tar.gz
freebsd-ports-gnome-2a9444045bb385e9ddbe953d56c2ceb430f22d3c.tar.zst
freebsd-ports-gnome-2a9444045bb385e9ddbe953d56c2ceb430f22d3c.zip
- Patch a security vulnerability (DoS, remote execution) in IDN
(internationalized domain names) subsystem, also known as "hyphen domain name bug" Submitted by: Marcus Grando Obtained from: Mozilla Project CVS, https://bugzilla.mozilla.org/show_bug.cgi?query_format=specific&order=relevance+desc&bug_status=__open__&id=307259 Security: CAN-2005-2871 http://secunia.com/advisories/16764/
Diffstat (limited to 'www/firefox/files')
-rw-r--r--www/firefox/files/patch-CAN-2005-2871104
1 files changed, 104 insertions, 0 deletions
diff --git a/www/firefox/files/patch-CAN-2005-2871 b/www/firefox/files/patch-CAN-2005-2871
new file mode 100644
index 000000000000..eca8515adbdb
--- /dev/null
+++ b/www/firefox/files/patch-CAN-2005-2871
@@ -0,0 +1,104 @@
+Index: netwerk/base/src/nsStandardURL.cpp
+===================================================================
+RCS file: /cvs/mozilla/netwerk/base/src/nsStandardURL.cpp,v
+retrieving revision 1.60.16.2
+diff -p -u -1 -2 -r1.60.16.2 nsStandardURL.cpp
+--- netwerk/base/src/nsStandardURL.cpp 17 Feb 2005 23:40:53 -0000 1.60.16.2
++++ netwerk/base/src/nsStandardURL.cpp 9 Sep 2005 16:34:46 -0000
+@@ -403,24 +403,25 @@ nsStandardURL::AppendToBuf(char *buf, PR
+ // 4- update url segment positions and lengths
+ nsresult
+ nsStandardURL::BuildNormalizedSpec(const char *spec)
+ {
+ // Assumptions: all member URLSegments must be relative the |spec| argument
+ // passed to this function.
+
+ // buffers for holding escaped url segments (these will remain empty unless
+ // escaping is required).
+ nsCAutoString encUsername;
+ nsCAutoString encPassword;
+ nsCAutoString encHost;
++ PRBool useEncHost;
+ nsCAutoString encDirectory;
+ nsCAutoString encBasename;
+ nsCAutoString encExtension;
+ nsCAutoString encParam;
+ nsCAutoString encQuery;
+ nsCAutoString encRef;
+
+ //
+ // escape each URL segment, if necessary, and calculate approximate normalized
+ // spec length.
+ //
+ PRInt32 approxLen = 3; // includes room for "://"
+@@ -440,34 +441,36 @@ nsStandardURL::BuildNormalizedSpec(const
+ approxLen += encoder.EncodeSegmentCount(spec, mBasename, esc_FileBaseName, encBasename);
+ approxLen += encoder.EncodeSegmentCount(spec, mExtension, esc_FileExtension, encExtension);
+ approxLen += encoder.EncodeSegmentCount(spec, mParam, esc_Param, encParam);
+ approxLen += encoder.EncodeSegmentCount(spec, mQuery, esc_Query, encQuery);
+ approxLen += encoder.EncodeSegmentCount(spec, mRef, esc_Ref, encRef);
+ }
+
+ // do not escape the hostname, if IPv6 address literal, mHost will
+ // already point to a [ ] delimited IPv6 address literal.
+ // However, perform Unicode normalization on it, as IDN does.
+ mHostEncoding = eEncoding_ASCII;
+ if (mHost.mLen > 0) {
++ useEncHost = PR_FALSE;
+ const nsCSubstring& tempHost =
+ Substring(spec + mHost.mPos, spec + mHost.mPos + mHost.mLen);
+ if (IsASCII(tempHost))
+ approxLen += mHost.mLen;
+ else {
+ mHostEncoding = eEncoding_UTF8;
+ if (gIDNService &&
+- NS_SUCCEEDED(gIDNService->Normalize(tempHost, encHost)))
++ NS_SUCCEEDED(gIDNService->Normalize(tempHost, encHost))) {
+ approxLen += encHost.Length();
+- else {
++ useEncHost = PR_TRUE;
++ } else {
+ encHost.Truncate();
+ approxLen += mHost.mLen;
+ }
+ }
+ }
+
+ //
+ // generate the normalized URL string
+ //
+ mSpec.SetLength(approxLen + 32);
+ char *buf;
+ mSpec.BeginWriting(buf);
+@@ -483,25 +486,30 @@ nsStandardURL::BuildNormalizedSpec(const
+ mAuthority.mPos = i;
+
+ // append authority
+ if (mUsername.mLen > 0) {
+ i = AppendSegmentToBuf(buf, i, spec, mUsername, &encUsername);
+ if (mPassword.mLen >= 0) {
+ buf[i++] = ':';
+ i = AppendSegmentToBuf(buf, i, spec, mPassword, &encPassword);
+ }
+ buf[i++] = '@';
+ }
+ if (mHost.mLen > 0) {
+- i = AppendSegmentToBuf(buf, i, spec, mHost, &encHost);
++ if (useEncHost) {
++ mHost.mPos = i;
++ mHost.mLen = encHost.Length();
++ i = AppendToBuf(buf, i, encHost.get(), mHost.mLen);
++ } else
++ i = AppendSegmentToBuf(buf, i, spec, mHost);
+ net_ToLowerCase(buf + mHost.mPos, mHost.mLen);
+ if (mPort != -1 && mPort != mDefaultPort) {
+ nsCAutoString portbuf;
+ portbuf.AppendInt(mPort);
+ buf[i++] = ':';
+ i = AppendToBuf(buf, i, portbuf.get(), portbuf.Length());
+ }
+ }
+
+ // record authority length
+ mAuthority.mLen = i - mAuthority.mPos;
+