moebius#130: URL parser - fix: don't allow empty host name

https://github.com/MoonchildProductions/moebius/issues/130
pull/1/head
janekptacijarabaci 4 years ago committed by Roy Tam
parent aa1df43166
commit 196fddddb6
  1. 6
      docshell/test/unit/test_nsDefaultURIFixup_info.js
  2. 5
      dom/html/test/test_bug558788-1.html
  3. 12
      dom/url/tests/test_url.html
  4. 12
      extensions/cookie/test/unit/test_bug526789.js
  5. 31
      netwerk/base/nsStandardURL.cpp
  6. 24
      netwerk/test/unit/test_URIs.js
  7. 8
      netwerk/test/unit/test_standardurl.js
  8. 2
      services/fxaccounts/tests/xpcshell/test_oauth_grant_client.js
  9. 2
      services/fxaccounts/tests/xpcshell/test_profile_client.js
  10. 11
      testing/web-platform/meta/XMLHttpRequest/open-url-bogus.htm.ini
  11. 3
      testing/web-platform/meta/url/url-constructor.html.ini
  12. 1
      toolkit/components/passwordmgr/test/unit/test_logins_search.js
  13. 2
      toolkit/components/places/UnifiedComplete.js
  14. 4
      toolkit/components/places/nsNavHistory.cpp

@ -426,8 +426,6 @@ var testcases = [ {
protocolChange: true,
}, {
input: "?'.com",
fixedURI: "http:///?%27.com",
alternateURI: "http://www..com/?%27.com",
keywordLookup: true,
protocolChange: true,
}, {
@ -436,14 +434,10 @@ var testcases = [ {
protocolChange: true
}, {
input: "?mozilla",
fixedURI: "http:///?mozilla",
alternateURI: "http://www..com/?mozilla",
keywordLookup: true,
protocolChange: true,
}, {
input: "??mozilla",
fixedURI: "http:///??mozilla",
alternateURI: "http://www..com/??mozilla",
keywordLookup: true,
protocolChange: true,
}, {

@ -154,13 +154,14 @@ function checkInputURL()
sendString("ttp://mozilla.org");
checkValidApplies(element);
for (var i=0; i<13; ++i) {
for (var i=0; i<10; ++i) {
synthesizeKey("VK_BACK_SPACE", {});
checkValidApplies(element);
}
synthesizeKey("VK_BACK_SPACE", {});
for (var i=0; i<4; ++i) {
// "http://" is now invalid
for (var i=0; i<7; ++i) {
checkInvalidApplies(element);
synthesizeKey("VK_BACK_SPACE", {});
}

@ -398,6 +398,18 @@
is(url.href, "scheme://tmp\\test");
</script>
<script>
/** Test for Bug 1275746 **/
SimpleTest.doesThrow(() => { var url = new URL("http:"); }, "http: is not a valid URL");
SimpleTest.doesThrow(() => { var url = new URL("http:///"); }, "http: is not a valid URL");
var url = new URL("file:");
is(url.href, "file:///", "Parsing file: should work.");
url = new URL("file:///");
is(url.href, "file:///", "Parsing file:/// should work.");
</script>
<script>
var url = new URL("scheme:path/to/file?query#hash");
is(url.href, "scheme:path/to/file?query#hash");

@ -79,23 +79,11 @@ function run_test() {
cm.removeAll();
// test that setting an empty or '.' http:// host results in a no-op
var uri = NetUtil.newURI("http://baz.com/");
var emptyuri = NetUtil.newURI("http:///");
var doturi = NetUtil.newURI("http://./");
do_check_eq(uri.asciiHost, "baz.com");
do_check_eq(emptyuri.asciiHost, "");
do_check_eq(doturi.asciiHost, ".");
cs.setCookieString(emptyuri, null, "foo2=bar", null);
do_check_eq(getCookieCount(), 0);
cs.setCookieString(doturi, null, "foo3=bar", null);
do_check_eq(getCookieCount(), 0);
cs.setCookieString(uri, null, "foo=bar", null);
do_check_eq(getCookieCount(), 1);
do_check_eq(cs.getCookieString(uri, null), "foo=bar");
do_check_eq(cs.getCookieString(emptyuri, null), null);
do_check_eq(cs.getCookieString(doturi, null), null);
do_check_eq(cm.countCookiesFromHost(""), 0);
do_check_throws(function() {

@ -1483,6 +1483,11 @@ nsStandardURL::SetSpec(const nsACString &input)
rv = BuildNormalizedSpec(spec);
}
// Make sure that a URLTYPE_AUTHORITY has a non-empty hostname.
if (mURLType == URLTYPE_AUTHORITY && mHost.mLen == -1) {
rv = NS_ERROR_MALFORMED_URI;
}
if (NS_FAILED(rv)) {
Clear();
// If parsing the spec has failed, restore the old URL
@ -3092,20 +3097,26 @@ nsStandardURL::SetFile(nsIFile *file)
rv = net_GetURLSpecFromFile(file, url);
if (NS_FAILED(rv)) return rv;
SetSpec(url);
uint32_t oldURLType = mURLType;
uint32_t oldDefaultPort = mDefaultPort;
rv = Init(nsIStandardURL::URLTYPE_NO_AUTHORITY, -1, url, nullptr, nullptr);
rv = Init(mURLType, mDefaultPort, url, nullptr, nullptr);
if (NS_FAILED(rv)) {
// Restore the old url type and default port if the call to Init fails.
mURLType = oldURLType;
mDefaultPort = oldDefaultPort;
return rv;
}
// must clone |file| since its value is not guaranteed to remain constant
if (NS_SUCCEEDED(rv)) {
InvalidateCache();
if (NS_FAILED(file->Clone(getter_AddRefs(mFile)))) {
NS_WARNING("nsIFile::Clone failed");
// failure to clone is not fatal (GetFile will generate mFile)
mFile = nullptr;
}
InvalidateCache();
if (NS_FAILED(file->Clone(getter_AddRefs(mFile)))) {
NS_WARNING("nsIFile::Clone failed");
// failure to clone is not fatal (GetFile will generate mFile)
mFile = nullptr;
}
return rv;
return NS_OK;
}
//----------------------------------------------------------------------------

@ -92,18 +92,6 @@ var gTests = [
ref: "",
relativeURI: "data/text/plain,2",
nsIURL: true, nsINestedURI: false },
{ spec: "ftp://",
scheme: "ftp",
prePath: "ftp://",
path: "/",
ref: "",
nsIURL: true, nsINestedURI: false },
{ spec: "ftp:///",
scheme: "ftp",
prePath: "ftp://",
path: "/",
ref: "",
nsIURL: true, nsINestedURI: false },
{ spec: "ftp://ftp.mozilla.org/pub/mozilla.org/README",
scheme: "ftp",
prePath: "ftp://ftp.mozilla.org",
@ -135,18 +123,6 @@ var gTests = [
path: "//mozilla.org/",
ref: "",
nsIURL: false, nsINestedURI: false },
{ spec: "http://",
scheme: "http",
prePath: "http://",
path: "/",
ref: "",
nsIURL: true, nsINestedURI: false },
{ spec: "http:///",
scheme: "http",
prePath: "http://",
path: "/",
ref: "",
nsIURL: true, nsINestedURI: false },
{ spec: "http://www.example.com/",
scheme: "http",
prePath: "http://www.example.com",

@ -346,6 +346,14 @@ add_test(function test_backslashReplacement()
run_next_test();
});
add_test(function test_authority_host()
{
Assert.throws(() => { stringToURL("http:"); }, "TYPE_AUTHORITY should have host");
Assert.throws(() => { stringToURL("http:///"); }, "TYPE_AUTHORITY should have host");
run_next_test();
});
add_test(function test_trim_C0_and_space()
{
var url = stringToURL("\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f http://example.com/ \x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f ");

@ -143,7 +143,7 @@ add_test(function serverErrorResponse () {
add_test(function networkErrorResponse () {
let client = new FxAccountsOAuthGrantClient({
serverURL: "http://",
serverURL: "http://domain.dummy",
client_id: "abc123"
});
Services.prefs.setBoolPref("identity.fxaccounts.skipDeviceRegistration", true);

@ -268,7 +268,7 @@ add_test(function server401ResponsePersists () {
add_test(function networkErrorResponse () {
let client = new FxAccountsProfileClient({
serverURL: "http://",
serverURL: "http://domain.dummy",
fxa: mockFxa,
});
client.fetchProfile()

@ -1,11 +0,0 @@
[open-url-bogus.htm]
type: testharness
[XMLHttpRequest: open() - bogus URLs (http:)]
expected: FAIL
[XMLHttpRequest: open() - bogus URLs (ftp:)]
expected: FAIL
[XMLHttpRequest: open() - bogus URLs (http:////////////)]
expected: FAIL

@ -219,6 +219,3 @@
[Parsing: <http://example.com/foo/%2e./%2e%2e/.%2e/%2e.bar> against <about:blank>]
expected: FAIL
[Parsing: <http:> against <https://example.org/foo/bar>]
expected: FAIL

@ -192,7 +192,6 @@ add_task(function test_search_all_full_case_sensitive()
{
checkAllSearches({ hostname: "http://www.example.com" }, 1);
checkAllSearches({ hostname: "http://www.example.com/" }, 0);
checkAllSearches({ hostname: "http://" }, 0);
checkAllSearches({ hostname: "example.com" }, 0);
checkAllSearches({ formSubmitURL: "http://www.example.com" }, 2);

@ -1245,7 +1245,7 @@ Search.prototype = {
// * If the protocol differs we should not match. For example if the user
// searched https we should not return http.
try {
let prefixURI = NetUtil.newURI(this._strippedPrefix);
let prefixURI = NetUtil.newURI(this._strippedPrefix + match.token);
let finalURI = NetUtil.newURI(match.url);
if (prefixURI.scheme != finalURI.scheme)
return false;

@ -949,6 +949,10 @@ nsresult // static
nsNavHistory::AsciiHostNameFromHostString(const nsACString& aHostName,
nsACString& aAscii)
{
aAscii.Truncate();
if (aHostName.IsEmpty()) {
return NS_OK;
}
// To properly generate a uri we must provide a protocol.
nsAutoCString fakeURL("http://");
fakeURL.Append(aHostName);

Loading…
Cancel
Save