bug 415034 prevent URIs with userinfo but no username. r=biesi, sr=bsmedberg, blocking1.9+

netwerk/base/src/nsStandardURL.cpp

@@ -1126,7 +1126,7 @@ nsStandardURL::SetUserPass(const nsACString &input)
 
     if (userpass.IsEmpty()) {
         // remove user:pass
-        if (mUsername.mLen >= 0) {
+        if (mUsername.mLen > 0) {
             if (mPassword.mLen > 0)
                 mUsername.mLen += (mPassword.mLen + 1);
             mUsername.mLen++;
@@ -1263,7 +1263,7 @@ nsStandardURL::SetPassword(const nsACString &input)
         NS_ERROR("cannot set password on no-auth url");
         return NS_ERROR_UNEXPECTED;
     }
-    if (mUsername.mLen < 0) {
+    if (mUsername.mLen <= 0) {
         NS_ERROR("cannot set password without existing username");
         return NS_ERROR_FAILURE;
     }

netwerk/base/src/nsURLParsers.cpp

@@ -531,9 +531,16 @@ nsAuthURLParser::ParseUserInfo(const char *userinfo, PRInt32 userinfoLen,
     if (userinfoLen < 0)
         userinfoLen = strlen(userinfo);
 
+    if (userinfoLen == 0)
+        return NS_ERROR_MALFORMED_URI;
+
     const char *p = (const char *) memchr(userinfo, ':', userinfoLen);
     if (p) {
         // userinfo = <username:password>
+        if (p == userinfo) {
+            // must have a username!
+            return NS_ERROR_MALFORMED_URI;
+        }
         SET_RESULT(username, 0, p - userinfo);
         SET_RESULT(password, p - userinfo + 1, userinfoLen - (p - userinfo + 1));
     }