Bug 1031372 - CSP parser should accept 127.0.0.1:* (r=sstamm)
authorChristoph Kerschbaumer <mozilla@christophkerschbaumer.com>
Fri, 27 Jun 2014 09:51:57 -0700
changeset 191322 9ba869669bb94da27beeb2fa9fed7b9809f1a39b
parent 191321 3f4fe642a89367032843b2fc1527b1eb67d72f43
child 191323 5c66257995856dec441d51bf217d672532b3a7d4
push id27041
push userphilringnalda@gmail.com
push dateSun, 29 Jun 2014 00:39:21 +0000
treeherdermozilla-central@afa67a2f7905 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssstamm
bugs1031372
milestone33.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1031372 - CSP parser should accept 127.0.0.1:* (r=sstamm)
content/base/src/nsCSPParser.cpp
content/base/test/TestCSPParser.cpp
--- a/content/base/src/nsCSPParser.cpp
+++ b/content/base/src/nsCSPParser.cpp
@@ -325,17 +325,17 @@ nsCSPParser::subHost()
   uint32_t charCounter = 0;
 
   while (!atEnd() && !peek(COLON) && !peek(SLASH)) {
     ++charCounter;
     while (hostChar()) {
       /* consume */
       ++charCounter;
     }
-    if (accept(DOT) && !accept(isCharacterToken)) {
+    if (accept(DOT) && !hostChar()) {
       return false;
     }
     if (charCounter > kSubHostPathCharacterCutoff) {
       return false;
     }
   }
   return true;
 }
@@ -361,18 +361,18 @@ nsCSPParser::host()
     if (!accept(DOT)) {
       const char16_t* params[] = { mCurToken.get() };
       logWarningErrorToConsole(nsIScriptError::warningFlag, "couldntParseInvalidHost",
                                params, ArrayLength(params));
       return nullptr;
     }
   }
 
-  // Expecting at least one Character
-  if (!accept(isCharacterToken)) {
+  // Expecting at least one host-char
+  if (!hostChar()) {
     const char16_t* params[] = { mCurToken.get() };
     logWarningErrorToConsole(nsIScriptError::warningFlag, "couldntParseInvalidHost",
                              params, ArrayLength(params));
     return nullptr;
   }
 
   // There might be several sub hosts defined.
   if (!subHost()) {
@@ -679,16 +679,17 @@ nsCSPParser::sourceList(nsTArray<nsCSPBa
 {
   bool isNone = false;
 
   // remember, srcs start at index 1
   for (uint32_t i = 1; i < mCurDir.Length(); i++) {
     // mCurToken is only set here and remains the current token
     // to be processed, which avoid passing arguments between functions.
     mCurToken = mCurDir[i];
+    resetCurValue();
 
     CSPPARSERLOG(("nsCSPParser::sourceList, mCurToken: %s, mCurValue: %s",
                  NS_ConvertUTF16toUTF8(mCurToken).get(),
                  NS_ConvertUTF16toUTF8(mCurValue).get()));
 
     // Special case handling for none:
     // Ignore 'none' if any other src is available.
     // (See http://www.w3.org/TR/CSP11/#parsing)
--- a/content/base/test/TestCSPParser.cpp
+++ b/content/base/test/TestCSPParser.cpp
@@ -390,16 +390,24 @@ nsresult TestSimplePolicies() {
     { " ; ; ; ;     default-src            abc    ; ; ; ;",
       "default-src http://abc" },
     { "script-src 'none' 'none' 'none';",
       "script-src 'none'" },
     { "script-src http://www.example.com/path-1//",
       "script-src http://www.example.com" },
     { "script-src http://www.example.com/path-1//path_2",
       "script-src http://www.example.com" },
+    { "default-src 127.0.0.1",
+      "default-src http://127.0.0.1" },
+    { "default-src 127.0.0.1:*",
+      "default-src http://127.0.0.1:*" },
+    { "default-src -; ",
+      "default-src http://-" },
+    { "script-src 1",
+      "script-src http://1" }
   };
 
   uint32_t policyCount = sizeof(policies) / sizeof(PolicyTest);
   return runTestSuite(policies, policyCount, 1);
 }
 
 // ============================= TestPoliciesThatLogWarning ========================
 
@@ -427,18 +435,16 @@ nsresult TestBadPolicies() {
     { "default-src 'self", "" },
     { "script-sr 'self", "" },
     { "default-src 'unsafe-inlin' ", "" },
     { "default-src */", "" },
     { "default-src", "" },
     { "", "" },
     { "; ; ; ; ; ; ;", "" },
     { "defaut-src asdf", "" },
-    { "default-src -; ", "" },
-    { "script-src 1", "" },
     { "default-src: aaa", "" },
     { "default-src 'unsafe-inlin' ", "" },
     { "default-src :88", "" },
     { "script-src abc::::::88", "" },
     { "asdf http://test.com", ""},
     { "script-src *.*:*", "" },
     { "img-src *::88", "" },
     { "object-src http://localhost:", "" },