diff options
author | pav <pav@FreeBSD.org> | 2005-09-11 01:24:31 +0800 |
---|---|---|
committer | pav <pav@FreeBSD.org> | 2005-09-11 01:24:31 +0800 |
commit | 2a9444045bb385e9ddbe953d56c2ceb430f22d3c (patch) | |
tree | a972650fb9cdcae2c1a3f84d20716d651852c3a1 /www/seamonkey | |
parent | 237c31fb3140faf8bda7f3ab4a51350f77f78709 (diff) | |
download | freebsd-ports-gnome-2a9444045bb385e9ddbe953d56c2ceb430f22d3c.tar.gz freebsd-ports-gnome-2a9444045bb385e9ddbe953d56c2ceb430f22d3c.tar.zst freebsd-ports-gnome-2a9444045bb385e9ddbe953d56c2ceb430f22d3c.zip |
- Patch a security vulnerability (DoS, remote execution) in IDN
(internationalized domain names) subsystem, also known as "hyphen domain
name bug"
Submitted by: Marcus Grando
Obtained from: Mozilla Project CVS,
https://bugzilla.mozilla.org/show_bug.cgi?query_format=specific&order=relevance+desc&bug_status=__open__&id=307259
Security: CAN-2005-2871
http://secunia.com/advisories/16764/
Diffstat (limited to 'www/seamonkey')
-rw-r--r-- | www/seamonkey/Makefile | 2 | ||||
-rw-r--r-- | www/seamonkey/files/patch-CAN-2005-2871 | 92 |
2 files changed, 93 insertions, 1 deletions
diff --git a/www/seamonkey/Makefile b/www/seamonkey/Makefile index 6dd0c277e3eb..a08080b44197 100644 --- a/www/seamonkey/Makefile +++ b/www/seamonkey/Makefile @@ -7,7 +7,7 @@ PORTNAME?= mozilla PORTVERSION= 1.8.b1 -PORTREVISION?= 4 +PORTREVISION?= 5 PORTEPOCH?= 2 CATEGORIES?= www MASTER_SITES= ${MASTER_SITE_MOZILLA} diff --git a/www/seamonkey/files/patch-CAN-2005-2871 b/www/seamonkey/files/patch-CAN-2005-2871 new file mode 100644 index 000000000000..0fd2cc670932 --- /dev/null +++ b/www/seamonkey/files/patch-CAN-2005-2871 @@ -0,0 +1,92 @@ +Index: netwerk/base/src/nsStandardURL.cpp +=================================================================== +RCS file: /cvs/mozilla/netwerk/base/src/nsStandardURL.cpp,v +retrieving revision 1.82 +diff -p -u -1 -2 -r1.82 nsStandardURL.cpp +--- netwerk/base/src/nsStandardURL.cpp 20 Jun 2005 05:23:20 -0000 1.82 ++++ netwerk/base/src/nsStandardURL.cpp 9 Sep 2005 16:34:42 -0000 +@@ -458,24 +458,25 @@ nsStandardURL::AppendToBuf(char *buf, PR + // 4- update url segment positions and lengths + nsresult + nsStandardURL::BuildNormalizedSpec(const char *spec) + { + // Assumptions: all member URLSegments must be relative the |spec| argument + // passed to this function. + + // buffers for holding escaped url segments (these will remain empty unless + // escaping is required). + nsCAutoString encUsername; + nsCAutoString encPassword; + nsCAutoString encHost; ++ PRBool useEncHost; + nsCAutoString encDirectory; + nsCAutoString encBasename; + nsCAutoString encExtension; + nsCAutoString encParam; + nsCAutoString encQuery; + nsCAutoString encRef; + + // + // escape each URL segment, if necessary, and calculate approximate normalized + // spec length. + // + PRInt32 approxLen = 3; // includes room for "://" +@@ -497,25 +498,25 @@ nsStandardURL::BuildNormalizedSpec(const + approxLen += encoder.EncodeSegmentCount(spec, mParam, esc_Param, encParam); + approxLen += encoder.EncodeSegmentCount(spec, mQuery, esc_Query, encQuery); + approxLen += encoder.EncodeSegmentCount(spec, mRef, esc_Ref, encRef); + } + + // do not escape the hostname, if IPv6 address literal, mHost will + // already point to a [ ] delimited IPv6 address literal. + // However, perform Unicode normalization on it, as IDN does. + mHostEncoding = eEncoding_ASCII; + if (mHost.mLen > 0) { + const nsCSubstring& tempHost = + Substring(spec + mHost.mPos, spec + mHost.mPos + mHost.mLen); +- if (NormalizeIDN(tempHost, encHost)) ++ if ((useEncHost = NormalizeIDN(tempHost, encHost))) + approxLen += encHost.Length(); + else + approxLen += mHost.mLen; + } + + // + // generate the normalized URL string + // + mSpec.SetLength(approxLen + 32); + char *buf; + mSpec.BeginWriting(buf); + PRUint32 i = 0; +@@ -530,25 +531,30 @@ nsStandardURL::BuildNormalizedSpec(const + mAuthority.mPos = i; + + // append authority + if (mUsername.mLen > 0) { + i = AppendSegmentToBuf(buf, i, spec, mUsername, &encUsername); + if (mPassword.mLen >= 0) { + buf[i++] = ':'; + i = AppendSegmentToBuf(buf, i, spec, mPassword, &encPassword); + } + buf[i++] = '@'; + } + if (mHost.mLen > 0) { +- i = AppendSegmentToBuf(buf, i, spec, mHost, &encHost); ++ if (useEncHost) { ++ mHost.mPos = i; ++ mHost.mLen = encHost.Length(); ++ i = AppendToBuf(buf, i, encHost.get(), mHost.mLen); ++ } else ++ i = AppendSegmentToBuf(buf, i, spec, mHost); + net_ToLowerCase(buf + mHost.mPos, mHost.mLen); + if (mPort != -1 && mPort != mDefaultPort) { + nsCAutoString portbuf; + portbuf.AppendInt(mPort); + buf[i++] = ':'; + i = AppendToBuf(buf, i, portbuf.get(), portbuf.Length()); + } + } + + // record authority length + mAuthority.mLen = i - mAuthority.mPos; + |