Bug 280280 - Make "no proxy for" do domain comparison. r=bagder
authorManish Goregaokar <manishearth@gmail.com>
Wed, 21 Oct 2015 03:05:00 +0200
changeset 303940 f9323837e0d24b338dc6ee8b54ee7009b57f4a56
parent 303939 2e1180c9e5ce5cb476835e0478a66915334c0f66
child 303941 db71bd21637179af1207b2be90a34a68f19f60b2
push id1001
push userraliiev@mozilla.com
push dateMon, 18 Jan 2016 19:06:03 +0000
treeherdermozilla-release@8b89261f3ac4 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbagder
bugs280280
milestone44.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 280280 - Make "no proxy for" do domain comparison. r=bagder
netwerk/base/nsProtocolProxyService.cpp
--- a/netwerk/base/nsProtocolProxyService.cpp
+++ b/netwerk/base/nsProtocolProxyService.cpp
@@ -765,18 +765,46 @@ nsProtocolProxyService::CanUseProxy(nsIU
             uint32_t host_len = host.Length();
             uint32_t filter_host_len = hinfo->name.host_len;
 
             if (host_len >= filter_host_len) {
                 //
                 // compare last |filter_host_len| bytes of target hostname.
                 //
                 const char *host_tail = host.get() + host_len - filter_host_len;
-                if (!PL_strncasecmp(host_tail, hinfo->name.host, filter_host_len))
-                    return false; // proxy disallowed
+                if (!PL_strncasecmp(host_tail, hinfo->name.host, filter_host_len)) {
+                    // If the tail of the host string matches the filter
+
+                    if (filter_host_len > 0 && hinfo->name.host[0] == '.') {
+                        // If the filter was of the form .foo.bar.tld, all such
+                        // matches are correct
+                        return false; // proxy disallowed
+                    }
+
+                    // abc-def.example.org should not match def.example.org
+                    // however, *.def.example.org should match .def.example.org
+                    // We check that the filter doesn't start with a `.`. If it does,
+                    // then the strncasecmp above should suffice. If it doesn't,
+                    // then we should only consider it a match if the strncasecmp happened
+                    // at a subdomain boundary
+                    if (host_len > filter_host_len && *(host_tail - 1) == '.') {
+                            // If the host was something.foo.bar.tld and the filter
+                            // was foo.bar.tld, it's still a match.
+                            // the character right before the tail must be a
+                            // `.` for this to work
+                            return false; // proxy disallowed
+                    }
+
+                    if (host_len == filter_host_len) {
+                        // If the host and filter are of the same length,
+                        // they should match
+                        return false; // proxy disallowed
+                    }
+                }
+
             }
         }
     }
     return true;
 }
 
 // kProxyType\* may be referred to externally in
 // nsProxyInfo in order to compare by string pointer