Closed Bug 377808 Opened 17 years ago Closed 16 years ago

0x7d ("}") should be disallowed in hostnames

Categories

(Core :: Networking, defect)

1.8 Branch
defect
Not set
normal

Tracking

()

RESOLVED FIXED

People

(Reporter: bryner, Assigned: jruderman)

References

Details

(Keywords: verified1.8.1.12)

Attachments

(2 files)

The comments in net_IsValidHostName() say that the character "}" (0x7d) is disallowed, but the invalid character list actually contains 0x7e ("~") instead.  Probably it should contain both characters.

(marking security sensitive just in case, but I have no idea if this can be exploited somehow)
Blocks: 309128
I checked that the rest of the blacklist comment matches the actual blacklist, and it does.
Attachment #297274 - Flags: review?(cbiesinger)
Assignee: nobody → jruderman
The patch in bug 355181 is better.
Group: security
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → DUPLICATE
Rather than dupe it, let's take this as a minimal 1.8-branch fix.
Status: RESOLVED → REOPENED
Flags: wanted1.8.1.x+
Flags: blocking1.8.1.12?
Resolution: DUPLICATE → ---
Version: unspecified → 1.8 Branch
Comment on attachment 297274 [details] [diff] [review]
patch: add } to blacklist, keep ~ on blacklist

sr=dveditz, not sure that's good enough for r= here.
Attachment #297274 - Flags: superreview+
Attachment #297274 - Flags: review?(cbiesinger) → review+
Attachment #297274 - Flags: approval1.8.1.12?
Comment on attachment 297274 [details] [diff] [review]
patch: add } to blacklist, keep ~ on blacklist

approved for 1.8.1.12, a=dveditz
Attachment #297274 - Flags: approval1.8.1.12? → approval1.8.1.12+
wanted (patch approved) but not blocking if it doesn't make it.
Flags: blocking1.8.1.12?
Landed on branch.
Keywords: fixed1.8.1.12
Michal Novotny fixed this on trunk in bug 355181.
Status: REOPENED → RESOLVED
Closed: 16 years ago16 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.