head	1.2;
access;
symbols
	old_RELEASE_6_0_0:1.1;
locks; strict;
comment	@# @;


1.2
date	2005.11.30.00.44.58;	author ahze;	state dead;
branches;
next	1.1;

1.1
date	2005.09.10.17.24.31;	author pav;	state Exp;
branches;
next	;


desc
@@


1.2
log
@- Add seamonkey

This is the current release of the Seamonkey open source web browser. It should
be fully compliant with all W3C standards, including HTML, CSS, XML, XSL,
JavaScript, MathML, SSL encryption, SVG and RDF.  Also supports Java with
the use of the FreeBSD native Java plug-in.

This is the latest bleeding edge release.  Beware that you'll probably find
bugs here, so if you value stability, try www/mozilla.

WWW: http://www.mozilla.org/projects/seamonkey/

Repocopied by:	marcus
@
text
@Index: netwerk/base/src/nsStandardURL.cpp
===================================================================
RCS file: /cvs/mozilla/netwerk/base/src/nsStandardURL.cpp,v
retrieving revision 1.82
diff -p -u -1 -2 -r1.82 nsStandardURL.cpp
--- netwerk/base/src/nsStandardURL.cpp	20 Jun 2005 05:23:20 -0000	1.82
+++ netwerk/base/src/nsStandardURL.cpp	9 Sep 2005 16:34:42 -0000
@@@@ -458,24 +458,25 @@@@ nsStandardURL::AppendToBuf(char *buf, PR
 //  4- update url segment positions and lengths
 nsresult
 nsStandardURL::BuildNormalizedSpec(const char *spec)
 {
     // Assumptions: all member URLSegments must be relative the |spec| argument
     // passed to this function.
 
     // buffers for holding escaped url segments (these will remain empty unless
     // escaping is required).
     nsCAutoString encUsername;
     nsCAutoString encPassword;
     nsCAutoString encHost;
+    PRBool useEncHost;
     nsCAutoString encDirectory;
     nsCAutoString encBasename;
     nsCAutoString encExtension;
     nsCAutoString encParam;
     nsCAutoString encQuery;
     nsCAutoString encRef;
 
     //
     // escape each URL segment, if necessary, and calculate approximate normalized
     // spec length.
     //
     PRInt32 approxLen = 3; // includes room for "://"
@@@@ -497,25 +498,25 @@@@ nsStandardURL::BuildNormalizedSpec(const
         approxLen += encoder.EncodeSegmentCount(spec, mParam,     esc_Param,         encParam);
         approxLen += encoder.EncodeSegmentCount(spec, mQuery,     esc_Query,         encQuery);
         approxLen += encoder.EncodeSegmentCount(spec, mRef,       esc_Ref,           encRef);
     }
 
     // do not escape the hostname, if IPv6 address literal, mHost will
     // already point to a [ ] delimited IPv6 address literal.
     // However, perform Unicode normalization on it, as IDN does.
     mHostEncoding = eEncoding_ASCII;
     if (mHost.mLen > 0) {
         const nsCSubstring& tempHost =
             Substring(spec + mHost.mPos, spec + mHost.mPos + mHost.mLen);
-        if (NormalizeIDN(tempHost, encHost))
+        if ((useEncHost = NormalizeIDN(tempHost, encHost)))
             approxLen += encHost.Length();
         else
             approxLen += mHost.mLen;
     }
 
     //
     // generate the normalized URL string
     //
     mSpec.SetLength(approxLen + 32);
     char *buf;
     mSpec.BeginWriting(buf);
     PRUint32 i = 0;
@@@@ -530,25 +531,30 @@@@ nsStandardURL::BuildNormalizedSpec(const
     mAuthority.mPos = i;
 
     // append authority
     if (mUsername.mLen > 0) {
         i = AppendSegmentToBuf(buf, i, spec, mUsername, &encUsername);
         if (mPassword.mLen >= 0) {
             buf[i++] = ':';
             i = AppendSegmentToBuf(buf, i, spec, mPassword, &encPassword);
         }
         buf[i++] = '@@';
     }
     if (mHost.mLen > 0) {
-        i = AppendSegmentToBuf(buf, i, spec, mHost, &encHost);
+        if (useEncHost) {
+            mHost.mPos = i;
+            mHost.mLen = encHost.Length();
+            i = AppendToBuf(buf, i, encHost.get(), mHost.mLen);
+        } else
+            i = AppendSegmentToBuf(buf, i, spec, mHost);
         net_ToLowerCase(buf + mHost.mPos, mHost.mLen);
         if (mPort != -1 && mPort != mDefaultPort) {
             nsCAutoString portbuf;
             portbuf.AppendInt(mPort);
             buf[i++] = ':';
             i = AppendToBuf(buf, i, portbuf.get(), portbuf.Length());
         }
     }
 
     // record authority length
     mAuthority.mLen = i - mAuthority.mPos;
 
@


1.1
log
@- Patch a security vulnerability (DoS, remote execution) in IDN
  (internationalized domain names) subsystem, also known as "hyphen domain
  name bug"

Submitted by:	Marcus Grando
Obtained from:	Mozilla Project CVS,
		https://bugzilla.mozilla.org/show_bug.cgi?query_format=specific&order=relevance+desc&bug_status=__open__&id=307259
Security:	CAN-2005-2871
		http://secunia.com/advisories/16764/
@
text
@@

