0x7d ("}") should be disallowed in hostnames

RESOLVED FIXED

Status

()

Core
Networking
RESOLVED FIXED
11 years ago
10 years ago

People

(Reporter: Brian Ryner (not reading), Assigned: Jesse Ruderman)

Tracking

({verified1.8.1.12})

1.8 Branch
verified1.8.1.12
Points:
---
Bug Flags:
wanted1.8.1.x +

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(2 attachments)

(Reporter)

Description

11 years ago
The comments in net_IsValidHostName() say that the character "}" (0x7d) is disallowed, but the invalid character list actually contains 0x7e ("~") instead.  Probably it should contain both characters.

(marking security sensitive just in case, but I have no idea if this can be exploited somehow)
(Assignee)

Updated

10 years ago
Blocks: 309128
(Assignee)

Comment 1

10 years ago
Created attachment 297274 [details] [diff] [review]
patch: add } to blacklist, keep ~ on blacklist

I checked that the rest of the blacklist comment matches the actual blacklist, and it does.
Attachment #297274 - Flags: review?(cbiesinger)
(Assignee)

Updated

10 years ago
Assignee: nobody → jruderman
(Assignee)

Comment 2

10 years ago
The patch in bug 355181 is better.
Group: security
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 355181
Rather than dupe it, let's take this as a minimal 1.8-branch fix.
Status: RESOLVED → REOPENED
Flags: wanted1.8.1.x+
Flags: blocking1.8.1.12?
Resolution: DUPLICATE → ---
Version: unspecified → 1.8 Branch
Comment on attachment 297274 [details] [diff] [review]
patch: add } to blacklist, keep ~ on blacklist

sr=dveditz, not sure that's good enough for r= here.
Attachment #297274 - Flags: superreview+
Attachment #297274 - Flags: review?(cbiesinger) → review+
Attachment #297274 - Flags: approval1.8.1.12?
Comment on attachment 297274 [details] [diff] [review]
patch: add } to blacklist, keep ~ on blacklist

approved for 1.8.1.12, a=dveditz
Attachment #297274 - Flags: approval1.8.1.12? → approval1.8.1.12+
wanted (patch approved) but not blocking if it doesn't make it.
Flags: blocking1.8.1.12?
(Assignee)

Comment 7

10 years ago
Created attachment 297848 [details] [diff] [review]
Branch version of patch
(Assignee)

Comment 8

10 years ago
Landed on branch.
Keywords: fixed1.8.1.12
I'm verifying via Bonsai, since that seems the best use of my time (and is accurate):

http://bonsai.mozilla.org/cvsview2.cgi?diff_mode=context&whitespace_mode=show&file=nsURLHelper.cpp&branch=MOZILLA_1_8_BRANCH&root=/cvsroot&subdir=mozilla/netwerk/base/src&command=DIFF_FRAMESET&rev1=1.60.2.4&rev2=1.60.2.5

Replacing fixed1.8.1.12 with verified1.8.1.12
Keywords: fixed1.8.1.12 → verified1.8.1.12
(Assignee)

Comment 10

10 years ago
Michal Novotny fixed this on trunk in bug 355181.
Status: REOPENED → RESOLVED
Last Resolved: 10 years ago10 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.