Closed
Bug 395376
Opened 17 years ago
Closed 17 years ago
url-classifier should check IP addresses as a single string
Categories
(Toolkit :: Safe Browsing, defect)
Toolkit
Safe Browsing
Tracking
()
RESOLVED
FIXED
People
(Reporter: dcamp, Assigned: dcamp)
Details
Attachments
(1 file, 1 obsolete file)
5.52 KB,
patch
|
tony
:
review+
mconnor
:
approval1.9+
|
Details | Diff | Splinter Review |
Right now the url-classifier treats a numeric IP as a hostname. Checking 127.0.0.1 will search for 0.1 and 0.0.1 in the database.
Flags: blocking-firefox3?
Assignee | ||
Comment 1•17 years ago
|
||
Comment 2•17 years ago
|
||
Comment on attachment 280062 [details] [diff] [review] treat ip addresses as a single lookup key Would the check pass for things like 1.2.3.4domain.com? It looks like it would. So maybe add a fifth token for a character and make sure only 4 tokens are read. Alternately, you could be safe and do a two part check, a three part check and if it passes IsCanonicalizedIP, a four part check.
Assignee | ||
Comment 3•17 years ago
|
||
added a %c to the end of the sscanf.
Attachment #280062 -
Attachment is obsolete: true
Attachment #281374 -
Flags: review?(tony)
Attachment #280062 -
Flags: review?(tony)
Updated•17 years ago
|
Attachment #281374 -
Flags: review?(tony) → review+
Assignee | ||
Comment 4•17 years ago
|
||
Comment on attachment 281374 [details] [diff] [review] v2 Asking for approval, this is needed to malware check ip addresses correctly.
Attachment #281374 -
Flags: approval1.9?
Updated•17 years ago
|
Attachment #281374 -
Flags: approval1.9? → approval1.9+
Comment 5•17 years ago
|
||
It looks like this will fail with IPv6. It's also not clear to me that it handles username/password correctly, etc... Why is this code hand-parsing URI strings anyway, instead of using nsIURI for things like "extract the host"?
Comment 6•17 years ago
|
||
my understanding was that IPv6 addresses don't need this because they don't contain dots
Comment 7•17 years ago
|
||
Right, I see. What about username/password?
Assignee | ||
Comment 8•17 years ago
|
||
This only operates on the output of the URI classifier's canonicalization process, which strips out the username/password.
Comment 9•17 years ago
|
||
Ah, excellent. Sorry, I just tend to be suspicious when I see hand-parsing of URIs; we've had bugs pop up that way in the past.
Assignee | ||
Comment 10•17 years ago
|
||
Checking in toolkit/components/url-classifier/src/nsUrlClassifierDBService.cpp; /cvsroot/mozilla/toolkit/components/url-classifier/src/nsUrlClassifierDBService.cpp,v <-- nsUrlClassifierDBService.cpp new revision: 1.32; previous revision: 1.31 done
Status: ASSIGNED → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Updated•17 years ago
|
Flags: blocking-firefox3? → blocking-firefox3+
Updated•10 years ago
|
Product: Firefox → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•