Bug 602780. Fix handling of hosts in NS_SecurityCompareURIs. r=jst, a=dveditz
authorBoris Zbarsky <bzbarsky@mit.edu>
Fri, 15 Oct 2010 17:55:53 -0400
changeset 27172 48f46881338a036d2220770be18606bb6931c8e1
parent 27171 75b0292a274a703fba7231893797dd2e403d1609
child 27173 866a335ecda154475207e6105c062fceb0cf5ae1
push id2545
push userbzbarsky@mozilla.com
push dateTue, 26 Oct 2010 02:44:44 +0000
reviewersjst, dveditz
bugs602780
milestone1.9.1.15pre
Bug 602780. Fix handling of hosts in NS_SecurityCompareURIs. r=jst, a=dveditz
netwerk/base/public/nsNetUtil.h
netwerk/test/unit/test_compareURIs.js
--- a/netwerk/base/public/nsNetUtil.h
+++ b/netwerk/base/public/nsNetUtil.h
@@ -45,16 +45,17 @@
 #include "nsNetCID.h"
 #include "nsStringGlue.h"
 #include "nsMemory.h"
 #include "nsCOMPtr.h"
 #include "prio.h" // for read/write flags, permissions, etc.
 
 #include "nsCRT.h"
 #include "nsIURI.h"
+#include "nsIStandardURL.h"
 #include "nsIInputStream.h"
 #include "nsIOutputStream.h"
 #include "nsISafeOutputStream.h"
 #include "nsIStreamListener.h"
 #include "nsIRequestObserverProxy.h"
 #include "nsISimpleStreamListener.h"
 #include "nsILoadGroup.h"
 #include "nsIInterfaceRequestor.h"
@@ -1484,17 +1485,17 @@ NS_SecurityHashURI(nsIURI* aURI)
         PRUint32 specHash = baseURI->GetSpec(spec);
         if (NS_SUCCEEDED(specHash))
             specHash = nsCRT::HashCode(spec.get());
         return specHash;
     }
 
     nsCAutoString host;
     PRUint32 hostHash = 0;
-    if (NS_SUCCEEDED(baseURI->GetHost(host)))
+    if (NS_SUCCEEDED(baseURI->GetAsciiHost(host)))
         hostHash = nsCRT::HashCode(host.get());
 
     // XOR to combine hash values
     return schemeHash ^ hostHash ^ NS_GetRealPort(baseURI);
 }
 
 inline PRBool
 NS_SecurityCompareURIs(nsIURI* aSourceURI,
@@ -1579,16 +1580,23 @@ NS_SecurityCompareURIs(nsIURI* aSourceUR
     nsCAutoString targetHost;
     nsCAutoString sourceHost;
     if (NS_FAILED( targetBaseURI->GetAsciiHost(targetHost) ) ||
         NS_FAILED( sourceBaseURI->GetAsciiHost(sourceHost) ))
     {
         return PR_FALSE;
     }
 
+    nsCOMPtr<nsIStandardURL> targetURL(do_QueryInterface(targetBaseURI));
+    nsCOMPtr<nsIStandardURL> sourceURL(do_QueryInterface(sourceBaseURI));
+    if (!targetURL || !sourceURL)
+    {
+        return PR_FALSE;
+    }
+
 #ifdef MOZILLA_INTERNAL_API
     if (!targetHost.Equals(sourceHost, nsCaseInsensitiveCStringComparator() ))
 #else
     if (!targetHost.Equals(sourceHost, CaseInsensitiveCompare))
 #endif
     {
         return PR_FALSE;
     }
new file mode 100644
--- /dev/null
+++ b/netwerk/test/unit/test_compareURIs.js
@@ -0,0 +1,49 @@
+Components.utils.import("resource://gre/modules/NetUtil.jsm");
+
+function do_info(text, stack) {
+  if (!stack)
+    stack = Components.stack.caller;
+
+  dump("TEST-INFO | " + stack.filename + " | [" + stack.name + " : " +
+       stack.lineNumber + "] " + text + "\n");
+}
+function run_test()
+{
+    var tests = [
+	[ "http://mozilla.org/", "http://mozilla.org/somewhere/there", true ],
+	[ "http://mozilla.org/", "http://www.mozilla.org/", false ],
+	[ "http://mozilla.org/", "http://mozilla.org:80", true ],
+	[ "http://mozilla.org/", "http://mozilla.org:90", false ],
+	[ "http://mozilla.org", "https://mozilla.org", false ],
+	[ "http://mozilla.org", "https://mozilla.org:80", false ],	
+	[ "http://mozilla.org:443", "https://mozilla.org", false ],
+	[ "https://mozilla.org:443", "https://mozilla.org", true ],
+	[ "https://mozilla.org:443", "https://mozilla.org/somewhere/", true ],
+	[ "about:", "about:", false ],
+	[ "data:text/plain,text", "data:text/plain,text", false ],
+	[ "about:blank", "about:blank", false ],
+	[ "about:", "http://mozilla.org/", false ],
+	[ "about:", "about:config", false ],
+	[ "about:text/plain,text", "data:text/plain,text", false ],
+	[ "jar:http://mozilla.org/!/", "http://mozilla.org/", true ],
+	[ "view-source:http://mozilla.org/", "http://mozilla.org/", true ]
+    ];
+
+    var secman = Components.classes["@mozilla.org/scriptsecuritymanager;1"].getService(Components.interfaces.nsIScriptSecurityManager);
+
+    tests.forEach(function(aTest) {
+        do_info("Comparing " + aTest[0] + " to " + aTest[1]);
+
+	var uri1 = NetUtil.newURI(aTest[0]);
+	var uri2 = NetUtil.newURI(aTest[1]);
+
+	var equal;
+	try {
+	    secman.checkSameOriginURI(uri1, uri2, false);
+	    equal = true;
+	} catch (e) {
+	    equal = false
+	}
+	do_check_eq(equal, aTest[2]);
+    });
+}