diff options
author | pav <pav@FreeBSD.org> | 2005-09-11 01:24:31 +0800 |
---|---|---|
committer | pav <pav@FreeBSD.org> | 2005-09-11 01:24:31 +0800 |
commit | 2a9444045bb385e9ddbe953d56c2ceb430f22d3c (patch) | |
tree | a972650fb9cdcae2c1a3f84d20716d651852c3a1 /www/firefox/files | |
parent | 237c31fb3140faf8bda7f3ab4a51350f77f78709 (diff) | |
download | freebsd-ports-gnome-2a9444045bb385e9ddbe953d56c2ceb430f22d3c.tar.gz freebsd-ports-gnome-2a9444045bb385e9ddbe953d56c2ceb430f22d3c.tar.zst freebsd-ports-gnome-2a9444045bb385e9ddbe953d56c2ceb430f22d3c.zip |
- Patch a security vulnerability (DoS, remote execution) in IDN
(internationalized domain names) subsystem, also known as "hyphen domain
name bug"
Submitted by: Marcus Grando
Obtained from: Mozilla Project CVS,
https://bugzilla.mozilla.org/show_bug.cgi?query_format=specific&order=relevance+desc&bug_status=__open__&id=307259
Security: CAN-2005-2871
http://secunia.com/advisories/16764/
Diffstat (limited to 'www/firefox/files')
-rw-r--r-- | www/firefox/files/patch-CAN-2005-2871 | 104 |
1 files changed, 104 insertions, 0 deletions
diff --git a/www/firefox/files/patch-CAN-2005-2871 b/www/firefox/files/patch-CAN-2005-2871 new file mode 100644 index 000000000000..eca8515adbdb --- /dev/null +++ b/www/firefox/files/patch-CAN-2005-2871 @@ -0,0 +1,104 @@ +Index: netwerk/base/src/nsStandardURL.cpp +=================================================================== +RCS file: /cvs/mozilla/netwerk/base/src/nsStandardURL.cpp,v +retrieving revision 1.60.16.2 +diff -p -u -1 -2 -r1.60.16.2 nsStandardURL.cpp +--- netwerk/base/src/nsStandardURL.cpp 17 Feb 2005 23:40:53 -0000 1.60.16.2 ++++ netwerk/base/src/nsStandardURL.cpp 9 Sep 2005 16:34:46 -0000 +@@ -403,24 +403,25 @@ nsStandardURL::AppendToBuf(char *buf, PR + // 4- update url segment positions and lengths + nsresult + nsStandardURL::BuildNormalizedSpec(const char *spec) + { + // Assumptions: all member URLSegments must be relative the |spec| argument + // passed to this function. + + // buffers for holding escaped url segments (these will remain empty unless + // escaping is required). + nsCAutoString encUsername; + nsCAutoString encPassword; + nsCAutoString encHost; ++ PRBool useEncHost; + nsCAutoString encDirectory; + nsCAutoString encBasename; + nsCAutoString encExtension; + nsCAutoString encParam; + nsCAutoString encQuery; + nsCAutoString encRef; + + // + // escape each URL segment, if necessary, and calculate approximate normalized + // spec length. + // + PRInt32 approxLen = 3; // includes room for "://" +@@ -440,34 +441,36 @@ nsStandardURL::BuildNormalizedSpec(const + approxLen += encoder.EncodeSegmentCount(spec, mBasename, esc_FileBaseName, encBasename); + approxLen += encoder.EncodeSegmentCount(spec, mExtension, esc_FileExtension, encExtension); + approxLen += encoder.EncodeSegmentCount(spec, mParam, esc_Param, encParam); + approxLen += encoder.EncodeSegmentCount(spec, mQuery, esc_Query, encQuery); + approxLen += encoder.EncodeSegmentCount(spec, mRef, esc_Ref, encRef); + } + + // do not escape the hostname, if IPv6 address literal, mHost will + // already point to a [ ] delimited IPv6 address literal. + // However, perform Unicode normalization on it, as IDN does. + mHostEncoding = eEncoding_ASCII; + if (mHost.mLen > 0) { ++ useEncHost = PR_FALSE; + const nsCSubstring& tempHost = + Substring(spec + mHost.mPos, spec + mHost.mPos + mHost.mLen); + if (IsASCII(tempHost)) + approxLen += mHost.mLen; + else { + mHostEncoding = eEncoding_UTF8; + if (gIDNService && +- NS_SUCCEEDED(gIDNService->Normalize(tempHost, encHost))) ++ NS_SUCCEEDED(gIDNService->Normalize(tempHost, encHost))) { + approxLen += encHost.Length(); +- else { ++ useEncHost = PR_TRUE; ++ } else { + encHost.Truncate(); + approxLen += mHost.mLen; + } + } + } + + // + // generate the normalized URL string + // + mSpec.SetLength(approxLen + 32); + char *buf; + mSpec.BeginWriting(buf); +@@ -483,25 +486,30 @@ nsStandardURL::BuildNormalizedSpec(const + mAuthority.mPos = i; + + // append authority + if (mUsername.mLen > 0) { + i = AppendSegmentToBuf(buf, i, spec, mUsername, &encUsername); + if (mPassword.mLen >= 0) { + buf[i++] = ':'; + i = AppendSegmentToBuf(buf, i, spec, mPassword, &encPassword); + } + buf[i++] = '@'; + } + if (mHost.mLen > 0) { +- i = AppendSegmentToBuf(buf, i, spec, mHost, &encHost); ++ if (useEncHost) { ++ mHost.mPos = i; ++ mHost.mLen = encHost.Length(); ++ i = AppendToBuf(buf, i, encHost.get(), mHost.mLen); ++ } else ++ i = AppendSegmentToBuf(buf, i, spec, mHost); + net_ToLowerCase(buf + mHost.mPos, mHost.mLen); + if (mPort != -1 && mPort != mDefaultPort) { + nsCAutoString portbuf; + portbuf.AppendInt(mPort); + buf[i++] = ':'; + i = AppendToBuf(buf, i, portbuf.get(), portbuf.Length()); + } + } + + // record authority length + mAuthority.mLen = i - mAuthority.mPos; + |