diff options
author | Mark H Weaver <mhw@netris.org> | 2015-11-06 22:08:30 -0500 |
---|---|---|
committer | Mark H Weaver <mhw@netris.org> | 2015-11-07 08:33:16 -0500 |
commit | 0ca1eb705d29c20f901fc385ee4e1bb1eaa52f75 (patch) | |
tree | 83964c88051d0ce95ece8eafde5c0133b3afa7df /gnu/packages/patches/icecat-CVE-2015-7188.patch | |
parent | fe88f636e3bfbbf143bd87f57e0d65a2e532d7dd (diff) | |
download | guix-0ca1eb705d29c20f901fc385ee4e1bb1eaa52f75.tar guix-0ca1eb705d29c20f901fc385ee4e1bb1eaa52f75.tar.gz |
gnu: icecat: Add several security fixes.
* gnu/packages/patches/icecat-CVE-2015-4513-pt01.patch,
gnu/packages/patches/icecat-CVE-2015-4513-pt02.patch,
gnu/packages/patches/icecat-CVE-2015-4513-pt03.patch,
gnu/packages/patches/icecat-CVE-2015-4513-pt04.patch,
gnu/packages/patches/icecat-CVE-2015-4513-pt05.patch,
gnu/packages/patches/icecat-CVE-2015-4513-pt06.patch,
gnu/packages/patches/icecat-CVE-2015-4513-pt07.patch,
gnu/packages/patches/icecat-CVE-2015-4513-pt08.patch,
gnu/packages/patches/icecat-CVE-2015-4513-pt09.patch,
gnu/packages/patches/icecat-CVE-2015-4513-pt10.patch,
gnu/packages/patches/icecat-CVE-2015-4513-pt11.patch,
gnu/packages/patches/icecat-CVE-2015-7188.patch,
gnu/packages/patches/icecat-CVE-2015-7189.patch,
gnu/packages/patches/icecat-CVE-2015-7193.patch,
gnu/packages/patches/icecat-CVE-2015-7194.patch,
gnu/packages/patches/icecat-CVE-2015-7196.patch,
gnu/packages/patches/icecat-CVE-2015-7197.patch,
gnu/packages/patches/icecat-CVE-2015-7198.patch,
gnu/packages/patches/icecat-CVE-2015-7199.patch: New files.
* gnu-system.am (dist_patch_DATA): Add them.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add patches.
Diffstat (limited to 'gnu/packages/patches/icecat-CVE-2015-7188.patch')
-rw-r--r-- | gnu/packages/patches/icecat-CVE-2015-7188.patch | 143 |
1 files changed, 143 insertions, 0 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2015-7188.patch b/gnu/packages/patches/icecat-CVE-2015-7188.patch new file mode 100644 index 0000000000..15e26e3a6e --- /dev/null +++ b/gnu/packages/patches/icecat-CVE-2015-7188.patch @@ -0,0 +1,143 @@ +From 23e5bd6ffab4b6fa17a92d0bc58fbd185e9a7e6e Mon Sep 17 00:00:00 2001 +From: Valentin Gosu <valentin.gosu@gmail.com> +Date: Tue, 13 Oct 2015 11:10:26 +0200 +Subject: [PATCH] Bug 1199430 - Reject hostnames containing @. r=mcmanus, a=al + +--- + docshell/test/unit/test_nsDefaultURIFixup_info.js | 16 ++++++------ + netwerk/base/nsStandardURL.cpp | 30 ++++++++++++++--------- + netwerk/base/nsStandardURL.h | 2 +- + 3 files changed, 27 insertions(+), 21 deletions(-) + +diff --git a/docshell/test/unit/test_nsDefaultURIFixup_info.js b/docshell/test/unit/test_nsDefaultURIFixup_info.js +index b178ea9..dbb55c6 100644 +--- a/docshell/test/unit/test_nsDefaultURIFixup_info.js ++++ b/docshell/test/unit/test_nsDefaultURIFixup_info.js +@@ -199,12 +199,10 @@ let testcases = [ { + protocolChange: true + }, { + input: "[::1][100", +- fixedURI: "http://[::1][100/", +- alternateURI: "http://[::1][100/", ++ fixedURI: null, ++ alternateURI: null, + keywordLookup: true, +- protocolChange: true, +- affectedByWhitelist: true, +- affectedByDNSForSingleHosts: true, ++ protocolChange: true + }, { + input: "[::1]]", + keywordLookup: true, +@@ -514,15 +512,15 @@ if (Services.appinfo.OS.toLowerCase().startsWith("win")) { + input: "//mozilla", + fixedURI: "file:////mozilla", + protocolChange: true, +- }); ++ }); // \ is an invalid character in the hostname until bug 652186 is implemented + testcases.push({ + input: "mozilla\\", +- fixedURI: "http://mozilla\\/", +- alternateURI: "http://www.mozilla/", ++ // fixedURI: "http://mozilla\\/", ++ // alternateURI: "http://www.mozilla/", + keywordLookup: true, + protocolChange: true, + affectedByWhitelist: true, +- affectedByDNSForSingleHosts: true, ++ // affectedByDNSForSingleHosts: true, + }); + } + +diff --git a/netwerk/base/nsStandardURL.cpp b/netwerk/base/nsStandardURL.cpp +index f5f516f..cff90fc 100644 +--- a/netwerk/base/nsStandardURL.cpp ++++ b/netwerk/base/nsStandardURL.cpp +@@ -427,14 +427,16 @@ nsStandardURL::NormalizeIDN(const nsCSubstring &host, nsCString &result) + } + + bool +-nsStandardURL::ValidIPv6orHostname(const char *host) ++nsStandardURL::ValidIPv6orHostname(const char *host, uint32_t length) + { +- if (!host || !*host) { +- // Should not be NULL or empty string ++ if (!host) { + return false; + } + +- int32_t length = strlen(host); ++ if (length != strlen(host)) { ++ // Embedded null ++ return false; ++ } + + bool openBracket = host[0] == '['; + bool closeBracket = host[length - 1] == ']'; +@@ -448,8 +450,9 @@ nsStandardURL::ValidIPv6orHostname(const char *host) + return false; + } + +- if (PL_strchr(host, ':')) { +- // Hostnames should not contain a colon ++ const char *end = host + length; ++ if (end != net_FindCharInSet(host, end, "\t\n\v\f\r #/:?@[\\]")) { ++ // % is allowed because we don't do hostname percent decoding yet. + return false; + } + +@@ -587,6 +590,11 @@ nsStandardURL::BuildNormalizedSpec(const char *spec) + approxLen += encHost.Length(); + else + approxLen += mHost.mLen; ++ ++ if ((useEncHost && !ValidIPv6orHostname(encHost.BeginReading(), encHost.Length())) || ++ (!useEncHost && !ValidIPv6orHostname(tempHost.BeginReading(), tempHost.Length()))) { ++ return NS_ERROR_MALFORMED_URI; ++ } + } + + // +@@ -1580,14 +1588,10 @@ nsStandardURL::SetHost(const nsACString &input) + if (strchr(host, ' ')) + return NS_ERROR_MALFORMED_URI; + +- if (!ValidIPv6orHostname(host)) { +- return NS_ERROR_MALFORMED_URI; +- } +- + InvalidateCache(); + mHostEncoding = eEncoding_ASCII; + +- int32_t len; ++ uint32_t len; + nsAutoCString hostBuf; + if (NormalizeIDN(flat, hostBuf)) { + host = hostBuf.get(); +@@ -1596,6 +1600,10 @@ nsStandardURL::SetHost(const nsACString &input) + else + len = flat.Length(); + ++ if (!ValidIPv6orHostname(host, len)) { ++ return NS_ERROR_MALFORMED_URI; ++ } ++ + if (mHost.mLen < 0) { + int port_length = 0; + if (mPort != -1) { +diff --git a/netwerk/base/nsStandardURL.h b/netwerk/base/nsStandardURL.h +index 179a618..c56426e 100644 +--- a/netwerk/base/nsStandardURL.h ++++ b/netwerk/base/nsStandardURL.h +@@ -173,7 +173,7 @@ private: + void Clear(); + void InvalidateCache(bool invalidateCachedFile = true); + +- bool ValidIPv6orHostname(const char *host); ++ bool ValidIPv6orHostname(const char *host, uint32_t aLen); + bool NormalizeIDN(const nsCSubstring &host, nsCString &result); + void CoalescePath(netCoalesceFlags coalesceFlag, char *path); + +-- +2.5.0 + |