nsWebSocket::SetProtocol allows U+0020

RESOLVED FIXED in mozilla7

Status

()

Core
Networking: WebSockets
RESOLVED FIXED
6 years ago
6 years ago

People

(Reporter: dchan, Assigned: mcmanus)

Tracking

unspecified
mozilla7
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

6 years ago
SetProtocol checks that the supplied nsString contains only characters between 0x0020 and 0x007E inclusive [1]. The spec defines valid characters as between 0x0021 and 0x007E inclusive [2]. 

This likely won't cause any functional issues due to 0x0020 being the space character.


[1] - http://mxr.mozilla.org/mozilla-central/source/content/base/src/nsWebSocket.cpp#1060
[2] - http://tools.ietf.org/html/draft-ietf-hybi-thewebsocketprotocol-07 5.1.10 page 29
That's a good catch - that code is leftover from the -76 implementation when the space was legal.

Unfortunately most of our tests use sub-protocols with spaces in them :(
Assignee: nobody → mcmanus
Summary: nsWebSocket::SetProtocol allowed characters off by one → nsWebSocket::SetProtocol allows U+0020
Created attachment 536653 [details] [diff] [review]
no spaces 1

1] fixes issue
2] updates existing tests that accidentally violated that clause
3] adds new test that intentionally violates that clause (part of test-5)
Attachment #536653 - Flags: review?(bsmith)
Attachment #536653 - Flags: review?(bsmith) → review?(cbiesinger)
Comment on attachment 536653 [details] [diff] [review]
no spaces 1

This looks good to me. Sorry I didn't review it earlier; for some reason I got no email about the review request.
Attachment #536653 - Flags: review?(cbiesinger) → review+
Attachment #536653 - Flags: review+
Whiteboard: [inbound]
http://hg.mozilla.org/mozilla-central/rev/53418bef40e9
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
Whiteboard: [inbound]
Target Milestone: --- → mozilla7
You need to log in before you can comment on or make changes to this bug.