1242961 - nsStandardURL still allows to build valid nsIURIs longer than network.standard-url.max-length

Status: RESOLVED FIXED

(Core :: Networking, defect)

Description

[Marco Bonardo [:mak]]

How I reached this point is explained in https://bugzilla.mozilla.org/show_bug.cgi?id=1240013#c6

Here is a sum up:

After bug 1135354 it should not be possible to build an nsIURI longer than net_GetURLMaxLength().
Unfortunately the patch in bug 1135354 addressed the SetSpec case and other cases going through SetSpec, but not the other cases that allow to build a valid nsIURI and then transform it into an invalid one. For example replacing the ref with a huge one.

This is a problem when some code assumes a spec from an nsIURI should always allow to rebuild a valid nsIURI.

I think I can try to make a patch.

Comment 1

[Marco Bonardo [:mak]]

Looks like the following APIs are unsafe regarding the spec length check, since they directly manipulate mSpec:

nsStandardURL::SetScheme
nsStandardURL::SetUserPass
nsStandardURL::SetUsername
nsStandardURL::SetPassword
nsStandardURL::SetHost
nsStandardURL::SetPort
nsStandardURL::SetQuery
nsStandardURL::SetRef
nsStandardURL::SetFileName
nsStandardURL::Read

Comment 2

[Marco Bonardo [:mak]]

Attachment: MozReview Request: Bug 1242961 - nsStandardURL still allows to build valid nsIURIs longer than network.standard-url.max-length. r=valentin

Review commit: https://reviewboard.mozilla.org/r/32763/diff/#index_header
See other reviews: https://reviewboard.mozilla.org/r/32763/

Comment 3

[Valentin Gosu [:valentin] (he/him)]

Comment on attachment 8713188 [details]
MozReview Request: Bug 1242961 - nsStandardURL still allows to build valid nsIURIs longer than network.standard-url.max-length. r=valentin

https://reviewboard.mozilla.org/r/32763/#review29595

This looks great! Thanks for adding unit tests.

Comment 4

[Pulsebot]

https://hg.mozilla.org/integration/fx-team/rev/ae0bcfbfe71d

Comment 5

[Phil Ringnalda (:philor)]

https://hg.mozilla.org/mozilla-central/rev/ae0bcfbfe71d