Bug 670333. Make sure that when parsing MIME header params we check for the actual presence of a '=' between the name and the value. r=bzbarsky

2024-09-13 09:24:08 -07:00 · 2011-07-11 15:27:26 -04:00 · 2011-07-11 15:27:26 -04:00 · 961da6fd61
commit 961da6fd61
parent 60856304e4
3 changed files with 51 additions and 1 deletions
--- a/netwerk/mime/nsMIMEHeaderParamImpl.cpp
+++ b/netwerk/mime/nsMIMEHeaderParamImpl.cpp
@ -221,6 +221,7 @@ nsMIMEHeaderParamImpl::GetParameterInternal(const char *aHeaderValue,
    const char *tokenEnd = 0;
    const char *valueStart = str;
    const char *valueEnd = 0;
+    PRBool seenEquals = PR_FALSE;

    NS_ASSERTION(!nsCRT::IsAsciiSpace(*str), "should be after whitespace.");

@ -231,7 +232,10 @@ nsMIMEHeaderParamImpl::GetParameterInternal(const char *aHeaderValue,

    // Skip over whitespace, '=', and whitespace
    while (nsCRT::IsAsciiSpace(*str)) ++str;
-    if (*str == '=') ++str;
+    if (*str == '=') {
+      ++str;
+      seenEquals = PR_TRUE;
+    }
    while (nsCRT::IsAsciiSpace(*str)) ++str;

    PRBool needUnquote = PR_FALSE;
@ -267,6 +271,7 @@ nsMIMEHeaderParamImpl::GetParameterInternal(const char *aHeaderValue,
    // a 'single' line value with no charset and lang.
    // If so, copy it and return.
    if (tokenEnd - tokenStart == paramLen &&
+        seenEquals &&
        !nsCRT::strncasecmp(tokenStart, aParamName, paramLen))
    {
      // if the parameter spans across multiple lines we have to strip out the
@ -286,6 +291,7 @@ nsMIMEHeaderParamImpl::GetParameterInternal(const char *aHeaderValue,
    // case B, C, and D
    else if (tokenEnd - tokenStart > paramLen &&
             !nsCRT::strncasecmp(tokenStart, aParamName, paramLen) &&
+             seenEquals &&
             *(tokenStart + paramLen) == '*')
    {
      const char *cp = tokenStart + paramLen + 1; // 1st char pass '*'
--- a/netwerk/test/unit/test_bug670333.js
+++ b/netwerk/test/unit/test_bug670333.js
@ -0,0 +1,43 @@
+/**
+ * Test for bug 670333: Content-Disposition parser does not require presence of "=" in params
+ */
+
+const Cr = Components.results
+
+var BS = '\\';
+var DQUOTE = '"'; 
+ 
+var tests = [
+                 [ /* sanity check */
+                  "Content-Disposition: attachment; filename*=UTF-8''foo-%41.html", 
+                  "foo-A.html"],
+                 [ /* the actual bug */
+                  "Content-Disposition: attachment; filename *=UTF-8''foo-%41.html", 
+                  Cr.NS_ERROR_INVALID_ARG],
+                 [ /* the actual bug, without 2231/5987 encoding */
+                  "Content-Disposition: attachment; filename X", 
+                  Cr.NS_ERROR_INVALID_ARG],
+                 [ /* sanity check with WS on both sides */
+                  "Content-Disposition: attachment; filename = foo-A.html", 
+                  "foo-A.html"],
+                ];
+
+function run_test() {
+
+  var mhp = Components.classes["@mozilla.org/network/mime-hdrparam;1"]
+                      .getService(Components.interfaces.nsIMIMEHeaderParam);
+
+  var unused = { value : null };
+
+  for (var i = 0; i < tests.length; ++i) {
+    dump("Testing " + tests[i] + "\n");
+    try {
+      do_check_eq(mhp.getParameter(tests[i][0], "filename", "UTF-8", true, unused),
+                  tests[i][1]);
+    }
+    catch (e) {
+      do_check_eq(e.result, tests[i][1]);
+    }
+  }
+}
+
--- a/netwerk/test/unit/xpcshell.ini
+++ b/netwerk/test/unit/xpcshell.ini
@ -69,6 +69,7 @@ tail =
 [test_bug660066.js]
 [test_bug651185.js]
 [test_bug667907.js]
+[test_bug670333.js]
 [test_cacheflags.js]
 [test_channel_close.js]
 [test_compareURIs.js]