The comments in net_IsValidHostName() say that the character "}" (0x7d) is disallowed, but the invalid character list actually contains 0x7e ("~") instead. Probably it should contain both characters. (marking security sensitive just in case, but I have no idea if this can be exploited somehow)
Created attachment 297274 [details] [diff] [review] patch: add } to blacklist, keep ~ on blacklist I checked that the rest of the blacklist comment matches the actual blacklist, and it does.
The patch in bug 355181 is better.
Rather than dupe it, let's take this as a minimal 1.8-branch fix.
Comment on attachment 297274 [details] [diff] [review] patch: add } to blacklist, keep ~ on blacklist sr=dveditz, not sure that's good enough for r= here.
10 years ago
Comment on attachment 297274 [details] [diff] [review] patch: add } to blacklist, keep ~ on blacklist approved for 184.108.40.206, a=dveditz
wanted (patch approved) but not blocking if it doesn't make it.
Landed on branch.
I'm verifying via Bonsai, since that seems the best use of my time (and is accurate): http://bonsai.mozilla.org/cvsview2.cgi?diff_mode=context&whitespace_mode=show&file=nsURLHelper.cpp&branch=MOZILLA_1_8_BRANCH&root=/cvsroot&subdir=mozilla/netwerk/base/src&command=DIFF_FRAMESET&rev1=220.127.116.11&rev2=18.104.22.168 Replacing fixed22.214.171.124 with verified126.96.36.199
Michal Novotny fixed this on trunk in bug 355181.