34 lines
1.2 KiB
Diff
34 lines
1.2 KiB
Diff
From f8389177cbce4fe098042850ada25feb7e6ba5a7 Mon Sep 17 00:00:00 2001
|
|
From: Valentin Gosu <valentin.gosu@gmail.com>
|
|
Date: Thu, 19 Oct 2023 07:40:28 +0000 (8 months ago)
|
|
Subject: [PATCH] CVE-2023-6209
|
|
|
|
---
|
|
netwerk/base/nsStandardURL.cpp | 10 +++++++++-
|
|
1 file changed, 9 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/netwerk/base/nsStandardURL.cpp b/netwerk/base/nsStandardURL.cpp
|
|
index b1b3ba1ef4..14aa8d5a5d 100644
|
|
--- a/netwerk/base/nsStandardURL.cpp
|
|
+++ b/netwerk/base/nsStandardURL.cpp
|
|
@@ -2707,7 +2707,15 @@ nsStandardURL::Resolve(const nsACString& in, nsACString& out) {
|
|
// locate result path
|
|
resultPath = strstr(result, "://");
|
|
if (resultPath) {
|
|
- resultPath = strchr(resultPath + 3, '/');
|
|
+ // If there are multiple slashes after :// we must ignore them
|
|
+ // otherwise net_CoalesceDirs may think the host is a part of the path.
|
|
+ resultPath += 3;
|
|
+ if (protocol.IsEmpty() && Scheme() != "file") {
|
|
+ while (*resultPath == '/') {
|
|
+ resultPath++;
|
|
+ }
|
|
+ }
|
|
+ resultPath = strchr(resultPath, '/');
|
|
if (resultPath) {
|
|
net_CoalesceDirs(coalesceFlag, resultPath);
|
|
}
|
|
--
|
|
2.33.0
|
|
|