Closed Bug 467563 Opened 17 years ago Closed 14 years ago

percent-encoded port numbers are mis-parsed in URIs

Categories

(Core :: Networking, defect)

Product:
Core
Component:
Networking
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
status1.9.2 --- wontfix

People

(Reporter: bob, Unassigned)

References

(
URL
)

Details

(Whiteboard: [sg:low spoof])

User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4 Build Identifier: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4 If you try to navigate to http://google.com:%38%30/, Firefox will normalize and navigate to http://google.com:38/ instead, which is clearly wrong. Reproducible: Always Steps to Reproduce: 1. Navigate to http://google.com:%38%30/ Actual Results: Firefox tries to connect to port 38 on google.com. Expected Results: Firefox should have tried to connect to port 80 on google.com. Opera and IE both normalize to http://google.com/ which seems reasonable to me since "%38%30" unencodes to "80". Safari gives a weird error message.
Version: unspecified → 3.0 Branch
OS: Mac OS X → All
Hardware: Macintosh → All
From reading RFC 3986, it's pretty clear that percent encoding port numbers is not legitimate. However, pulling out a numeric valid from a percent encoded string is even less legitimate. The way I see it, there's only two sensible approaches here. You could take the purist approach and give an error message. Or you could take the liberalist approach and unencode the port component before looking for a numeric value.
Dao: Something with how firefox decodes uris? Might be more than just firefox though.. If you hover over the URL link, it already shows google.com:38, so not just the location bar decoding logic..
Yeah sorry, I knew it wasn't location bar specific, but I didn't see a better place to categorize the bug.
Component: Location Bar and Autocomplete → Networking
Product: Firefox → Core
QA Contact: location.bar → networking
Whiteboard: [sg:low spoof]
Version: 3.0 Branch → Trunk
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: Firefox tries to connect to a bogus port when port is percent encoded. → percent-encoded port numbers are mis-parsed in URIs
This is fixed on trunk, still a problem in 3.6.x. Realistically we're not going to backport this fix.
Status: NEW → RESOLVED
Closed: 14 years ago
status1.9.2: --- → wontfix
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.