Last Comment Bug 377808 - 0x7d ("}") should be disallowed in hostnames
: 0x7d ("}") should be disallowed in hostnames
: verified1.8.1.12
Product: Core
Classification: Components
Component: Networking (show other bugs)
: 1.8 Branch
: All All
: -- normal (vote)
: ---
Assigned To: Jesse Ruderman
: Patrick McManus [:mcmanus]
Depends on:
Blocks: 309128
  Show dependency treegraph
Reported: 2007-04-17 14:14 PDT by Brian Ryner (not reading)
Modified: 2008-03-10 14:25 PDT (History)
8 users (show)
dveditz: wanted1.8.1.x+
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

patch: add } to blacklist, keep ~ on blacklist (1.81 KB, patch)
2008-01-15 16:05 PST, Jesse Ruderman
cbiesinger: review+
dveditz: superreview+
dveditz: approval1.8.1.12+
Details | Diff | Splinter Review
Branch version of patch (1.58 KB, patch)
2008-01-18 13:22 PST, Jesse Ruderman
no flags Details | Diff | Splinter Review

Description Brian Ryner (not reading) 2007-04-17 14:14:10 PDT
The comments in net_IsValidHostName() say that the character "}" (0x7d) is disallowed, but the invalid character list actually contains 0x7e ("~") instead.  Probably it should contain both characters.

(marking security sensitive just in case, but I have no idea if this can be exploited somehow)
Comment 1 Jesse Ruderman 2008-01-15 16:05:45 PST
Created attachment 297274 [details] [diff] [review]
patch: add } to blacklist, keep ~ on blacklist

I checked that the rest of the blacklist comment matches the actual blacklist, and it does.
Comment 2 Jesse Ruderman 2008-01-15 16:09:53 PST
The patch in bug 355181 is better.

*** This bug has been marked as a duplicate of bug 355181 ***
Comment 3 Daniel Veditz [:dveditz] 2008-01-15 22:42:26 PST
Rather than dupe it, let's take this as a minimal 1.8-branch fix.
Comment 4 Daniel Veditz [:dveditz] 2008-01-16 13:32:35 PST
Comment on attachment 297274 [details] [diff] [review]
patch: add } to blacklist, keep ~ on blacklist

sr=dveditz, not sure that's good enough for r= here.
Comment 5 Daniel Veditz [:dveditz] 2008-01-17 23:59:23 PST
Comment on attachment 297274 [details] [diff] [review]
patch: add } to blacklist, keep ~ on blacklist

approved for, a=dveditz
Comment 6 Daniel Veditz [:dveditz] 2008-01-18 11:20:09 PST
wanted (patch approved) but not blocking if it doesn't make it.
Comment 7 Jesse Ruderman 2008-01-18 13:22:42 PST
Created attachment 297848 [details] [diff] [review]
Branch version of patch
Comment 8 Jesse Ruderman 2008-01-18 13:28:53 PST
Landed on branch.
Comment 9 Stephen Donner [:stephend] 2008-01-30 11:32:45 PST
I'm verifying via Bonsai, since that seems the best use of my time (and is accurate):

Replacing fixed1.8.1.12 with verified1.8.1.12
Comment 10 Jesse Ruderman 2008-03-10 14:25:07 PDT
Michal Novotny fixed this on trunk in bug 355181.

Note You need to log in before you can comment on or make changes to this bug.