diff options
author | Pav Lucistnik <pav@FreeBSD.org> | 2005-09-10 17:24:31 +0000 |
---|---|---|
committer | Pav Lucistnik <pav@FreeBSD.org> | 2005-09-10 17:24:31 +0000 |
commit | cfffa5699ca4b4120089d01f00b4370fd1890b8f (patch) | |
tree | 9e39a1b170444b1f1ec27362ce144bd788c796df /www/mozilla | |
parent | 33ee2fced505dd6566ddaa343efaba45be2f4690 (diff) |
- Patch a security vulnerability (DoS, remote execution) in IDN
(internationalized domain names) subsystem, also known as "hyphen domain
name bug"
Submitted by: Marcus Grando
Obtained from: Mozilla Project CVS,
https://bugzilla.mozilla.org/show_bug.cgi?query_format=specific&order=relevance+desc&bug_status=__open__&id=307259
Security: CAN-2005-2871
http://secunia.com/advisories/16764/
Notes
Notes:
svn path=/head/; revision=142367
Diffstat (limited to 'www/mozilla')
-rw-r--r-- | www/mozilla/Makefile | 2 | ||||
-rw-r--r-- | www/mozilla/files/patch-CAN-2005-2871 | 104 |
2 files changed, 105 insertions, 1 deletions
diff --git a/www/mozilla/Makefile b/www/mozilla/Makefile index 8e2c80ba2b87..4029c36405f9 100644 --- a/www/mozilla/Makefile +++ b/www/mozilla/Makefile @@ -7,7 +7,7 @@ PORTNAME= mozilla PORTVERSION= 1.7.11 -PORTREVISION?= 0 +PORTREVISION?= 1 PORTEPOCH= 2 CATEGORIES?= www MASTER_SITES= ${MASTER_SITE_MOZILLA} \ diff --git a/www/mozilla/files/patch-CAN-2005-2871 b/www/mozilla/files/patch-CAN-2005-2871 new file mode 100644 index 000000000000..eca8515adbdb --- /dev/null +++ b/www/mozilla/files/patch-CAN-2005-2871 @@ -0,0 +1,104 @@ +Index: netwerk/base/src/nsStandardURL.cpp +=================================================================== +RCS file: /cvs/mozilla/netwerk/base/src/nsStandardURL.cpp,v +retrieving revision 1.60.16.2 +diff -p -u -1 -2 -r1.60.16.2 nsStandardURL.cpp +--- netwerk/base/src/nsStandardURL.cpp 17 Feb 2005 23:40:53 -0000 1.60.16.2 ++++ netwerk/base/src/nsStandardURL.cpp 9 Sep 2005 16:34:46 -0000 +@@ -403,24 +403,25 @@ nsStandardURL::AppendToBuf(char *buf, PR + // 4- update url segment positions and lengths + nsresult + nsStandardURL::BuildNormalizedSpec(const char *spec) + { + // Assumptions: all member URLSegments must be relative the |spec| argument + // passed to this function. + + // buffers for holding escaped url segments (these will remain empty unless + // escaping is required). + nsCAutoString encUsername; + nsCAutoString encPassword; + nsCAutoString encHost; ++ PRBool useEncHost; + nsCAutoString encDirectory; + nsCAutoString encBasename; + nsCAutoString encExtension; + nsCAutoString encParam; + nsCAutoString encQuery; + nsCAutoString encRef; + + // + // escape each URL segment, if necessary, and calculate approximate normalized + // spec length. + // + PRInt32 approxLen = 3; // includes room for "://" +@@ -440,34 +441,36 @@ nsStandardURL::BuildNormalizedSpec(const + approxLen += encoder.EncodeSegmentCount(spec, mBasename, esc_FileBaseName, encBasename); + approxLen += encoder.EncodeSegmentCount(spec, mExtension, esc_FileExtension, encExtension); + approxLen += encoder.EncodeSegmentCount(spec, mParam, esc_Param, encParam); + approxLen += encoder.EncodeSegmentCount(spec, mQuery, esc_Query, encQuery); + approxLen += encoder.EncodeSegmentCount(spec, mRef, esc_Ref, encRef); + } + + // do not escape the hostname, if IPv6 address literal, mHost will + // already point to a [ ] delimited IPv6 address literal. + // However, perform Unicode normalization on it, as IDN does. + mHostEncoding = eEncoding_ASCII; + if (mHost.mLen > 0) { ++ useEncHost = PR_FALSE; + const nsCSubstring& tempHost = + Substring(spec + mHost.mPos, spec + mHost.mPos + mHost.mLen); + if (IsASCII(tempHost)) + approxLen += mHost.mLen; + else { + mHostEncoding = eEncoding_UTF8; + if (gIDNService && +- NS_SUCCEEDED(gIDNService->Normalize(tempHost, encHost))) ++ NS_SUCCEEDED(gIDNService->Normalize(tempHost, encHost))) { + approxLen += encHost.Length(); +- else { ++ useEncHost = PR_TRUE; ++ } else { + encHost.Truncate(); + approxLen += mHost.mLen; + } + } + } + + // + // generate the normalized URL string + // + mSpec.SetLength(approxLen + 32); + char *buf; + mSpec.BeginWriting(buf); +@@ -483,25 +486,30 @@ nsStandardURL::BuildNormalizedSpec(const + mAuthority.mPos = i; + + // append authority + if (mUsername.mLen > 0) { + i = AppendSegmentToBuf(buf, i, spec, mUsername, &encUsername); + if (mPassword.mLen >= 0) { + buf[i++] = ':'; + i = AppendSegmentToBuf(buf, i, spec, mPassword, &encPassword); + } + buf[i++] = '@'; + } + if (mHost.mLen > 0) { +- i = AppendSegmentToBuf(buf, i, spec, mHost, &encHost); ++ if (useEncHost) { ++ mHost.mPos = i; ++ mHost.mLen = encHost.Length(); ++ i = AppendToBuf(buf, i, encHost.get(), mHost.mLen); ++ } else ++ i = AppendSegmentToBuf(buf, i, spec, mHost); + net_ToLowerCase(buf + mHost.mPos, mHost.mLen); + if (mPort != -1 && mPort != mDefaultPort) { + nsCAutoString portbuf; + portbuf.AppendInt(mPort); + buf[i++] = ':'; + i = AppendToBuf(buf, i, portbuf.get(), portbuf.Length()); + } + } + + // record authority length + mAuthority.mLen = i - mAuthority.mPos; + |