diff options
| author | Moonchild <moonchild@palemoon.org> | 2021-11-04 16:23:23 +0000 |
|---|---|---|
| committer | Moonchild <moonchild@palemoon.org> | 2022-04-04 22:05:15 +0200 |
| commit | 7dec0edf50d49d388cbb864451c1378481da3b5d (patch) | |
| tree | 8b418bafc4634928ec96bb62a8eed63e84c0cda4 | |
| parent | 97ee3ee428c8fc848f67b95f746bc268c6892eeb (diff) | |
| download | uxp-7dec0edf50d49d388cbb864451c1378481da3b5d.tar.gz | |
[network] Tighten checks for ACE (punycode) encoding.
| -rw-r--r-- | netwerk/dns/nsIDNService.cpp | 46 |
1 files changed, 37 insertions, 9 deletions
diff --git a/netwerk/dns/nsIDNService.cpp b/netwerk/dns/nsIDNService.cpp index 31ba12b4c4..9210e20b5f 100644 --- a/netwerk/dns/nsIDNService.cpp +++ b/netwerk/dns/nsIDNService.cpp @@ -202,7 +202,13 @@ nsIDNService::IDNA2008StringPrep(const nsAString& input, return NS_OK; } - if (info.errors != 0) { + uint32_t ignoredErrors = 0; + if (flag == eStringPrepForDNS) { + ignoredErrors = UIDNA_ERROR_LEADING_HYPHEN | UIDNA_ERROR_TRAILING_HYPHEN | + UIDNA_ERROR_HYPHEN_3_4; + } + + if ((info.errors & ~ignoredErrors) != 0) { if (flag == eStringPrepForDNS) { output.Truncate(); } @@ -308,20 +314,42 @@ nsresult nsIDNService::ACEtoUTF8(const nsACString & input, nsACString & _retval, return NS_OK; } +
+/**
+ * Returns |true| if |aString| contains only ASCII characters according
+ * to our CRT.
+ *
+ * @param aString an 8-bit wide string to scan
+ */
+inline bool IsAsciiString(mozilla::Span<const char> aString) {
+ for (char c : aString) {
+ if (!nsCRT::IsAscii(c)) {
+ return false;
+ }
+ }
+ return true;
+}
NS_IMETHODIMP nsIDNService::IsACE(const nsACString & input, bool *_retval) { - const char *data = input.BeginReading(); - uint32_t dataLen = input.Length(); - // look for the ACE prefix in the input string. it may occur // at the beginning of any segment in the domain name. for // example: "www.xn--ENCODED.com" - - const char *p = PL_strncasestr(data, kACEPrefix, dataLen); - - *_retval = p && (p == data || *(p - 1) == '.'); - return NS_OK; + if (!IsAsciiString(input)) {
+ *_retval = false;
+ return NS_OK;
+ }
+ auto stringContains = [](const nsACString& haystack,
+ const nsACString& needle) {
+ return std::search(haystack.BeginReading(), haystack.EndReading(),
+ needle.BeginReading(),
+ needle.EndReading()) != haystack.EndReading();
+ };
+
+ *_retval = StringBeginsWith(input, NS_LITERAL_CSTRING("xn--")) ||
+ (!input.IsEmpty() && input[0] != '.' &&
+ stringContains(input, NS_LITERAL_CSTRING(".xn--")));
+ return NS_OK;
} NS_IMETHODIMP nsIDNService::Normalize(const nsACString & input, |