From cad53fa7ea54b661a41cd5e87da7fbd4fd102c97 Mon Sep 17 00:00:00 2001 From: "dveditz@cruzio.com" Date: Wed, 20 Feb 2008 17:24:41 -0800 Subject: [PATCH] bug 415034 prevent URIs with userinfo but no username. r=biesi, sr=bsmedberg, blocking1.9+ --- netwerk/base/src/nsStandardURL.cpp | 4 ++-- netwerk/base/src/nsURLParsers.cpp | 7 +++++++ 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/netwerk/base/src/nsStandardURL.cpp b/netwerk/base/src/nsStandardURL.cpp index 0d1ccf9252d..e64bb521e08 100644 --- a/netwerk/base/src/nsStandardURL.cpp +++ b/netwerk/base/src/nsStandardURL.cpp @@ -1126,7 +1126,7 @@ nsStandardURL::SetUserPass(const nsACString &input) if (userpass.IsEmpty()) { // remove user:pass - if (mUsername.mLen >= 0) { + if (mUsername.mLen > 0) { if (mPassword.mLen > 0) mUsername.mLen += (mPassword.mLen + 1); mUsername.mLen++; @@ -1263,7 +1263,7 @@ nsStandardURL::SetPassword(const nsACString &input) NS_ERROR("cannot set password on no-auth url"); return NS_ERROR_UNEXPECTED; } - if (mUsername.mLen < 0) { + if (mUsername.mLen <= 0) { NS_ERROR("cannot set password without existing username"); return NS_ERROR_FAILURE; } diff --git a/netwerk/base/src/nsURLParsers.cpp b/netwerk/base/src/nsURLParsers.cpp index d099c49067e..4ed66ef70a8 100644 --- a/netwerk/base/src/nsURLParsers.cpp +++ b/netwerk/base/src/nsURLParsers.cpp @@ -531,9 +531,16 @@ nsAuthURLParser::ParseUserInfo(const char *userinfo, PRInt32 userinfoLen, if (userinfoLen < 0) userinfoLen = strlen(userinfo); + if (userinfoLen == 0) + return NS_ERROR_MALFORMED_URI; + const char *p = (const char *) memchr(userinfo, ':', userinfoLen); if (p) { // userinfo = + if (p == userinfo) { + // must have a username! + return NS_ERROR_MALFORMED_URI; + } SET_RESULT(username, 0, p - userinfo); SET_RESULT(password, p - userinfo + 1, userinfoLen - (p - userinfo + 1)); }