Closed Bug 395376 Opened 17 years ago Closed 17 years ago

url-classifier should check IP addresses as a single string

Categories

(Toolkit :: Safe Browsing, defect)

Product:
Toolkit
Component:
Safe Browsing
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: dcamp, Assigned: dcamp)

Details

Attachments

(1 file, 1 obsolete file)

v2
5.52 KB, patch
tony
: review+
mconnor
: approval1.9+
Details | Diff | Splinter Review 
Right now the url-classifier treats a numeric IP as a hostname.  Checking 127.0.0.1 will search for 0.1 and 0.0.1 in the database.
Flags: blocking-firefox3?
Assignee: nobody → dcamp
Status: NEW → ASSIGNED

        Attachment #280062 -
        Flags: review?(tony)

    
    

    
  
Comment on attachment 280062 [details] [diff] [review]
treat ip addresses as a single lookup key

Would the check pass for things like 1.2.3.4domain.com?  It looks like it would.  So maybe add a fifth token for a character and make sure only 4 tokens are read.

Alternately, you could be safe and do a two part check, a three part check and if it passes IsCanonicalizedIP, a four part check.

    
    

    
  

      
      
      
      

        Attached patch
          
          
        v2Splinter Review
      

    


  
added a %c to the end of the sscanf.

        Attachment #280062 -
        Attachment is obsolete: true

        Attachment #281374 -
        Flags: review?(tony)

        Attachment #280062 -
        Flags: review?(tony)

    
  

        Attachment #281374 -
        Flags: review?(tony) → review+

    
    

    
  
Comment on attachment 281374 [details] [diff] [review]
v2

Asking for approval, this is needed to malware check ip addresses correctly.

        Attachment #281374 -
        Flags: approval1.9?

        Attachment #281374 -
        Flags: approval1.9? → approval1.9+

    
    

    
  
It looks like this will fail with IPv6.  It's also not clear to me that it handles username/password correctly, etc...

Why is this code hand-parsing URI strings anyway, instead of using nsIURI for things like "extract the host"?

    
    

    
  
my understanding was that IPv6 addresses don't need this because they don't contain dots


    
    

    
  
Right, I see.  What about username/password?

    
    

    
  
This only operates on the output of the URI classifier's canonicalization process, which strips out the username/password.

    
    

    
  
Ah, excellent.  Sorry, I just tend to be suspicious when I see hand-parsing of URIs; we've had bugs pop up that way in the past.

    
    

    
  
Checking in toolkit/components/url-classifier/src/nsUrlClassifierDBService.cpp;
/cvsroot/mozilla/toolkit/components/url-classifier/src/nsUrlClassifierDBService.cpp,v  <--  nsUrlClassifierDBService.cpp
new revision: 1.32; previous revision: 1.31
done

Status: ASSIGNED → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Flags: blocking-firefox3? → blocking-firefox3+
Product: Firefox → Toolkit

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: