Closed
Bug 377808
Opened 18 years ago
Closed 17 years ago
0x7d ("}") should be disallowed in hostnames
Categories
(Core :: Networking, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: bryner, Assigned: jruderman)
References
Details
(Keywords: verified1.8.1.12)
Attachments
(2 files)
|
1.81 KB,
patch
|
Biesinger
:
review+
dveditz
:
superreview+
dveditz
:
approval1.8.1.12+
|
Details | Diff | Splinter Review |
|
1.58 KB,
patch
|
Details | Diff | Splinter Review |
The comments in net_IsValidHostName() say that the character "}" (0x7d) is disallowed, but the invalid character list actually contains 0x7e ("~") instead. Probably it should contain both characters.
(marking security sensitive just in case, but I have no idea if this can be exploited somehow)
|
Assignee | |
Comment 1•17 years ago
|
||
I checked that the rest of the blacklist comment matches the actual blacklist, and it does.
Attachment #297274 -
Flags: review?(cbiesinger)
|
|
Assignee | |
Updated•17 years ago
|
Assignee: nobody → jruderman
|
|
Assignee | |
Comment 2•17 years ago
|
||
The patch in bug 355181 is better.
Group: security
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
|
||
Comment 3•17 years ago
|
||
Rather than dupe it, let's take this as a minimal 1.8-branch fix.
Status: RESOLVED → REOPENED
Flags: wanted1.8.1.x+
Flags: blocking1.8.1.12?
Resolution: DUPLICATE → ---
Version: unspecified → 1.8 Branch
|
|
||
Comment 4•17 years ago
|
||
Comment on attachment 297274 [details] [diff] [review]
patch: add } to blacklist, keep ~ on blacklist
sr=dveditz, not sure that's good enough for r= here.
Attachment #297274 -
Flags: superreview+
|
||
Updated•17 years ago
|
Attachment #297274 -
Flags: review?(cbiesinger) → review+
|
||
Updated•17 years ago
|
Attachment #297274 -
Flags: approval1.8.1.12?
|
|
||
Comment 5•17 years ago
|
||
Comment on attachment 297274 [details] [diff] [review]
patch: add } to blacklist, keep ~ on blacklist
approved for 1.8.1.12, a=dveditz
Attachment #297274 -
Flags: approval1.8.1.12? → approval1.8.1.12+
|
|
||
Comment 6•17 years ago
|
||
wanted (patch approved) but not blocking if it doesn't make it.
Flags: blocking1.8.1.12?
|
|
Assignee | |
Comment 7•17 years ago
|
||
|
||
Comment 9•17 years ago
|
||
I'm verifying via Bonsai, since that seems the best use of my time (and is accurate):
http://bonsai.mozilla.org/cvsview2.cgi?diff_mode=context&whitespace_mode=show&file=nsURLHelper.cpp&branch=MOZILLA_1_8_BRANCH&root=/cvsroot&subdir=mozilla/netwerk/base/src&command=DIFF_FRAMESET&rev1=1.60.2.4&rev2=1.60.2.5
Replacing fixed1.8.1.12 with verified1.8.1.12
Keywords: fixed1.8.1.12 → verified1.8.1.12
|
|
Assignee | |
Comment 10•17 years ago
|
||
Michal Novotny fixed this on trunk in bug 355181.
Status: REOPENED → RESOLVED
Closed: 17 years ago → 17 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•