Bug 251428 - Validate PAC isIsInet input before use
In the PAC Javascript isInNet function validate the IP address pattern and
subnet mask before using them, using the same regular expression used to
validate the host input, and return false if the values are invalid.
MozReview-Commit-ID: 120fEVXgBAd
--- a/netwerk/base/ProxyAutoConfig.cpp
+++ b/netwerk/base/ProxyAutoConfig.cpp
@@ -33,34 +33,45 @@ static const char *sPacUtils =
" return (host.length >= domain.length &&\n"
" host.substring(host.length - domain.length) == domain);\n"
"}\n"
""
"function dnsDomainLevels(host) {\n"
" return host.split('.').length - 1;\n"
"}\n"
""
+ "function isValidIpAddress(ipchars) {\n"
+ " var matches = /^(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})$/.exec(ipchars);\n"
+ " if (matches == null) {\n"
+ " return false;\n"
+ " } else if (matches[1] > 255 || matches[2] > 255 || \n"
+ " matches[3] > 255 || matches[4] > 255) {\n"
+ " return false;\n"
+ " }\n"
+ " return true;\n"
+ "}\n"
+ ""
"function convert_addr(ipchars) {\n"
" var bytes = ipchars.split('.');\n"
" var result = ((bytes[0] & 0xff) << 24) |\n"
" ((bytes[1] & 0xff) << 16) |\n"
" ((bytes[2] & 0xff) << 8) |\n"
" (bytes[3] & 0xff);\n"
" return result;\n"
"}\n"
""
"function isInNet(ipaddr, pattern, maskstr) {\n"
- " var test = /^(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})$/.exec(ipaddr);\n"
- " if (test == null) {\n"
+ " if (!isValidIpAddress(pattern) || !isValidIpAddress(maskstr)) {\n"
+ " return false;\n"
+ " }\n"
+ " if (!isValidIpAddress(ipaddr)) {\n"
" ipaddr = dnsResolve(ipaddr);\n"
- " if (ipaddr == null)\n"
+ " if (ipaddr == null) {\n"
" return false;\n"
- " } else if (test[1] > 255 || test[2] > 255 || \n"
- " test[3] > 255 || test[4] > 255) {\n"
- " return false; // not an IP address\n"
+ " }\n"
" }\n"
" var host = convert_addr(ipaddr);\n"
" var pat = convert_addr(pattern);\n"
" var mask = convert_addr(maskstr);\n"
" return ((host & mask) == (pat & mask));\n"
" \n"
"}\n"
""