Bug 1334468 - Check illegal characters in URI hosts. r=mayhemer
--- a/netwerk/base/nsNetUtilInlines.h
+++ b/netwerk/base/nsNetUtilInlines.h
@@ -5,16 +5,17 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef nsNetUtil_inl
#define nsNetUtil_inl
#include "mozilla/Services.h"
#include "nsComponentManagerUtils.h"
+#include "nsCRTGlue.h"
#include "nsIBufferedStreams.h"
#include "nsIChannel.h"
#include "nsIFile.h"
#include "nsIFileStreams.h"
#include "nsIFileURL.h"
#include "nsIHttpChannel.h"
#include "nsIInputStreamChannel.h"
#include "nsIIOService.h"
@@ -108,16 +109,30 @@ NS_NewURI(nsIURI **result,
nsIURI *baseURI /* = nullptr */,
nsIIOService *ioService /* = nullptr */) // pass in nsIIOService to optimize callers
{
nsresult rv;
nsCOMPtr<nsIIOService> grip;
rv = net_EnsureIOService(&ioService, grip);
if (ioService)
rv = ioService->NewURI(spec, charset, baseURI, result);
+
+ if (NS_SUCCEEDED(rv) && *result) {
+ nsAutoCString host;
+ (*result)->GetHost(host);
+ const char illegalChars[] = CONTROL_CHARACTERS "/:*?\"<>|\\";
+ // The nsACString included here doesn't have FindCharInSet.
+ for (char c : illegalChars) {
+ if (host.FindChar(c) != -1) {
+ *result = nullptr;
+ return NS_ERROR_FAILURE;
+ }
+ }
+ }
+
return rv;
}
INLINE_IF_EXTERN nsresult
NS_NewURI(nsIURI **result,
const nsAString &spec,
const char *charset /* = nullptr */,
nsIURI *baseURI /* = nullptr */,
--- a/netwerk/test/crashtests/crashtests.list
+++ b/netwerk/test/crashtests/crashtests.list
@@ -1,3 +1,4 @@
load 785753-1.html
load 785753-2.html
load 1274044-1.html
+pref(privacy.firstparty.isolate,true) load 1334468-1.html