Bug 1439632 - Make sure password is always empty after calling SetPassword(EmptyCString()) on a URI
MozReview-Commit-ID: LaHHo3A2xvk
--- a/netwerk/base/nsStandardURL.cpp
+++ b/netwerk/base/nsStandardURL.cpp
@@ -1784,16 +1784,24 @@ nsStandardURL::SetUsername(const nsACStr
nsresult
nsStandardURL::SetPassword(const nsACString &input)
{
ENSURE_MUTABLE();
const nsPromiseFlatCString &password = PromiseFlatCString(input);
+ auto clearedPassword = MakeScopeExit([&password, this]() {
+ // Check that if this method is called with the empty string then the
+ // password is definitely cleared when exiting this method.
+ if (password.IsEmpty()) {
+ MOZ_DIAGNOSTIC_ASSERT(this->Password().IsEmpty());
+ }
+ });
+
LOG(("nsStandardURL::SetPassword [password=%s]\n", password.get()));
if (mURLType == URLTYPE_NO_AUTHORITY) {
if (password.IsEmpty())
return NS_OK;
NS_WARNING("cannot set password on no-auth url");
return NS_ERROR_UNEXPECTED;
}