Closed Bug 661036 Opened 13 years ago Closed 13 years ago

nsWebSocket::SetProtocol allows U+0020

Categories

(Core :: Networking: WebSockets, defect)

Product:
Core
Component:
Networking: WebSockets
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla7

People

(Reporter: dchanm+bugzilla, Assigned: mcmanus)

Details

Attachments

(1 file)

no spaces 1
17.65 KB, patch
briansmith
: review+
Biesinger
: review+
Details | Diff | Splinter Review 
SetProtocol checks that the supplied nsString contains only characters between 0x0020 and 0x007E inclusive [1]. The spec defines valid characters as between 0x0021 and 0x007E inclusive [2]. 

This likely won't cause any functional issues due to 0x0020 being the space character.


[1] - http://mxr.mozilla.org/mozilla-central/source/content/base/src/nsWebSocket.cpp#1060
[2] - http://tools.ietf.org/html/draft-ietf-hybi-thewebsocketprotocol-07 5.1.10 page 29
That's a good catch - that code is leftover from the -76 implementation when the space was legal.

Unfortunately most of our tests use sub-protocols with spaces in them :(
Assignee: nobody → mcmanus
Summary: nsWebSocket::SetProtocol allowed characters off by one → nsWebSocket::SetProtocol allows U+0020
Attached patch no spaces 1Splinter Review 
1] fixes issue
2] updates existing tests that accidentally violated that clause
3] adds new test that intentionally violates that clause (part of test-5)
Attachment #536653 - Flags: review?(bsmith)
Attachment #536653 - Flags: review?(bsmith) → review?(cbiesinger)
Comment on attachment 536653 [details] [diff] [review]
no spaces 1

This looks good to me. Sorry I didn't review it earlier; for some reason I got no email about the review request.
Attachment #536653 - Flags: review?(cbiesinger) → review+
Whiteboard: [inbound]
http://hg.mozilla.org/mozilla-central/rev/53418bef40e9
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Whiteboard: [inbound]
Target Milestone: --- → mozilla7
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: