<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[56489] trunk</title>
</head>
<body>

<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }
#msg dl a { font-weight: bold}
#msg dl a:link    { color:#fc3; }
#msg dl a:active  { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/56489">56489</a></dd>
<dt>Author</dt> <dd>mrowe@apple.com</dd>
<dt>Date</dt> <dd>2010-03-24 22:26:14 -0700 (Wed, 24 Mar 2010)</dd>
</dl>

<h3>Log Message</h3>
<pre>WebKit should treat port numbers outside the valid range as being blacklisted
&lt;http://webkit.org/b/36571&gt; / &lt;rdar://problem/7790908&gt;

Reviewed by Darin Adler.

WebCore:

* platform/KURL.cpp:
(WebCore::KURL::port): Map invalid port numbers to invalidPortNumber.
(WebCore::portAllowed): Add invalidPortNumber to the blacklist.
* platform/KURLGoogle.cpp:  invalid port numbers to invalidPortNumber.
(WebCore::KURL::port): Add invalidPortNumber to the blacklist.
Also bring this in to sync with KURL.  Having this identical code in two places is stupid.

LayoutTests:

* platform/mac/security/block-test-expected.txt:
* security/block-test.html: Add tests of a few invalid port numbers.</pre>

<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkLayoutTestsChangeLog">trunk/LayoutTests/ChangeLog</a></li>
<li><a href="#trunkLayoutTestsplatformmacsecurityblocktestexpectedtxt">trunk/LayoutTests/platform/mac/security/block-test-expected.txt</a></li>
<li><a href="#trunkLayoutTestssecurityblocktesthtml">trunk/LayoutTests/security/block-test.html</a></li>
<li><a href="#trunkWebCoreChangeLog">trunk/WebCore/ChangeLog</a></li>
<li><a href="#trunkWebCoreplatformKURLcpp">trunk/WebCore/platform/KURL.cpp</a></li>
<li><a href="#trunkWebCoreplatformKURLGooglecpp">trunk/WebCore/platform/KURLGoogle.cpp</a></li>
</ul>

</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkLayoutTestsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/ChangeLog (56488 => 56489)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/ChangeLog        2010-03-25 05:25:39 UTC (rev 56488)
+++ trunk/LayoutTests/ChangeLog        2010-03-25 05:26:14 UTC (rev 56489)
</span><span class="lines">@@ -1,3 +1,13 @@
</span><ins>+2010-03-24  Mark Rowe  &lt;mrowe@apple.com&gt;
+
+        Reviewed by Darin Adler.
+
+        WebKit should treat port numbers outside the valid range as being blacklisted
+        &lt;http://webkit.org/b/36571&gt; / &lt;rdar://problem/7790908&gt;
+
+        * platform/mac/security/block-test-expected.txt:
+        * security/block-test.html: Add tests of a few invalid port numbers.
+
</ins><span class="cx"> 2010-03-24  MORITA Hajime  &lt;morrita@google.com&gt;
</span><span class="cx"> 
</span><span class="cx">         Reviewed by Eric Seidel.
</span></span></pre></div>
<a id="trunkLayoutTestsplatformmacsecurityblocktestexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/platform/mac/security/block-test-expected.txt (56488 => 56489)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/platform/mac/security/block-test-expected.txt        2010-03-25 05:25:39 UTC (rev 56488)
+++ trunk/LayoutTests/platform/mac/security/block-test-expected.txt        2010-03-25 05:26:14 UTC (rev 56489)
</span><span class="lines">@@ -1,7 +1,9 @@
</span><ins>+http://255.255.255.255:0/test.jpg - willSendRequest &lt;NSURLRequest URL http://255.255.255.255:0/test.jpg, main document URL block-test.html, http method GET&gt; redirectResponse (null)
+&lt;unknown&gt; - didFinishLoading
</ins><span class="cx"> http://255.255.255.255:1/test.jpg - willSendRequest &lt;NSURLRequest URL http://255.255.255.255:1/test.jpg, main document URL block-test.html, http method GET&gt; redirectResponse (null)
</span><del>-&lt;unknown&gt; - didFinishLoading
</del><ins>+http://255.255.255.255:0/test.jpg - didFailLoadingWithError: &lt;NSError domain WebKitErrorDomain, code 103, failing URL &quot;http://255.255.255.255:0/test.jpg&quot;&gt;
+http://255.255.255.255:1/test.jpg - didFailLoadingWithError: &lt;NSError domain WebKitErrorDomain, code 103, failing URL &quot;http://255.255.255.255:1/test.jpg&quot;&gt;
</ins><span class="cx"> http://255.255.255.255:7/test.jpg - willSendRequest &lt;NSURLRequest URL http://255.255.255.255:7/test.jpg, main document URL block-test.html, http method GET&gt; redirectResponse (null)
</span><del>-http://255.255.255.255:1/test.jpg - didFailLoadingWithError: &lt;NSError domain WebKitErrorDomain, code 103, failing URL &quot;http://255.255.255.255:1/test.jpg&quot;&gt;
</del><span class="cx"> http://255.255.255.255:7/test.jpg - didFailLoadingWithError: &lt;NSError domain WebKitErrorDomain, code 103, failing URL &quot;http://255.255.255.255:7/test.jpg&quot;&gt;
</span><span class="cx"> http://255.255.255.255:9/test.jpg - willSendRequest &lt;NSURLRequest URL http://255.255.255.255:9/test.jpg, main document URL block-test.html, http method GET&gt; redirectResponse (null)
</span><span class="cx"> http://255.255.255.255:9/test.jpg - didFailLoadingWithError: &lt;NSError domain WebKitErrorDomain, code 103, failing URL &quot;http://255.255.255.255:9/test.jpg&quot;&gt;
</span><span class="lines">@@ -127,6 +129,14 @@
</span><span class="cx"> http://255.255.255.255:6668/test.jpg - didFailLoadingWithError: &lt;NSError domain WebKitErrorDomain, code 103, failing URL &quot;http://255.255.255.255:6668/test.jpg&quot;&gt;
</span><span class="cx"> http://255.255.255.255:6669/test.jpg - willSendRequest &lt;NSURLRequest URL http://255.255.255.255:6669/test.jpg, main document URL block-test.html, http method GET&gt; redirectResponse (null)
</span><span class="cx"> http://255.255.255.255:6669/test.jpg - didFailLoadingWithError: &lt;NSError domain WebKitErrorDomain, code 103, failing URL &quot;http://255.255.255.255:6669/test.jpg&quot;&gt;
</span><ins>+http://255.255.255.255:65535/test.jpg - willSendRequest &lt;NSURLRequest URL http://255.255.255.255:65535/test.jpg, main document URL block-test.html, http method GET&gt; redirectResponse (null)
+http://255.255.255.255:65535/test.jpg - didFailLoadingWithError: &lt;NSError domain WebKitErrorDomain, code 103, failing URL &quot;http://255.255.255.255:65535/test.jpg&quot;&gt;
+http://255.255.255.255:65536/test.jpg - willSendRequest &lt;NSURLRequest URL http://255.255.255.255:65536/test.jpg, main document URL block-test.html, http method GET&gt; redirectResponse (null)
+http://255.255.255.255:65536/test.jpg - didFailLoadingWithError: &lt;NSError domain WebKitErrorDomain, code 103, failing URL &quot;http://255.255.255.255:65536/test.jpg&quot;&gt;
+http://255.255.255.255:4294967295/test.jpg - willSendRequest &lt;NSURLRequest URL http://255.255.255.255:4294967295/test.jpg, main document URL block-test.html, http method GET&gt; redirectResponse (null)
+http://255.255.255.255:4294967295/test.jpg - didFailLoadingWithError: &lt;NSError domain WebKitErrorDomain, code 103, failing URL &quot;http://255.255.255.255:4294967295/test.jpg&quot;&gt;
+http://255.255.255.255:4294967296/test.jpg - willSendRequest &lt;NSURLRequest URL http://255.255.255.255:4294967296/test.jpg, main document URL block-test.html, http method GET&gt; redirectResponse (null)
+http://255.255.255.255:4294967296/test.jpg - didFailLoadingWithError: &lt;NSError domain WebKitErrorDomain, code 103, failing URL &quot;http://255.255.255.255:4294967296/test.jpg&quot;&gt;
</ins><span class="cx"> ftp://255.255.255.255/test.jpg - willSendRequest &lt;NSURLRequest URL ftp://255.255.255.255/test.jpg, main document URL block-test.html, http method GET&gt; redirectResponse (null)
</span><span class="cx"> ftp://255.255.255.255/test.jpg - didFailLoadingWithError: &lt;NSError domain NSURLErrorDomain, code -1, failing URL &quot;ftp://255.255.255.255/test.jpg&quot;&gt;
</span><span class="cx"> ftp://255.255.255.255:21/test.jpg - willSendRequest &lt;NSURLRequest URL ftp://255.255.255.255:21/test.jpg, main document URL block-test.html, http method GET&gt; redirectResponse (null)
</span></span></pre></div>
<a id="trunkLayoutTestssecurityblocktesthtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/security/block-test.html (56488 => 56489)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/security/block-test.html        2010-03-25 05:25:39 UTC (rev 56488)
+++ trunk/LayoutTests/security/block-test.html        2010-03-25 05:26:14 UTC (rev 56489)
</span><span class="lines">@@ -1,12 +1,18 @@
</span><span class="cx"> &lt;html&gt;
</span><span class="cx"> &lt;script&gt;
</span><del>-    // Note that port &quot;1&quot; is tested by the initial load.
-    var blockedPorts = new Array(7, 9, 11, 13, 15, 17, 19, 20, 
-      21, 22, 23, 25, 37, 42, 43, 53, 77, 79, 87, 95, 101, 102, 
</del><ins>+    // Note that port &quot;0&quot; is tested by the initial load.
+    var blockedPorts = new Array(1, 7, 9, 11, 13, 15, 17, 19, 20,
+      21, 22, 23, 25, 37, 42, 43, 53, 77, 79, 87, 95, 101, 102,
</ins><span class="cx">       103, 104, 109, 110, 111, 113, 115, 117, 119, 123, 135, 139,
</span><span class="cx">       143, 179, 389, 465, 512, 513, 514, 515, 526, 530, 531, 532,
</span><del>-      540, 556, 563, 587, 601, 636, 993, 995, 2049, 3659, 4045, 
-      6000, 6665, 6666, 6667, 6668, 6669, 0);
</del><ins>+      540, 556, 563, 587, 601, 636, 993, 995, 2049, 3659, 4045,
+      6000, 6665, 6666, 6667, 6668, 6669,
+
+      // Port numbers that we consider to be invalid due to being out of range.
+      Math.pow(2, 16) - 1, Math.pow(2, 16), Math.pow(2, 32) - 1, Math.pow(2, 32),
+
+      // A port number of 0 indicates to nextTest that it should test the FTP exemptions.
+      0);
</ins><span class="cx">     
</span><span class="cx">     var baseURL = &quot;255.255.255.255&quot;;
</span><span class="cx">     var currentPort = 0;
</span><span class="lines">@@ -56,6 +62,6 @@
</span><span class="cx"> correct error for them - blocked instead of cannot find.  It also tries the FTP ports for exemptions.  Due to the 
</span><span class="cx"> nature of this test, the results can only be processed automatically via DumpRenderTree
</span><span class="cx"> &lt;/p&gt;
</span><del>-&lt;img id=&quot;testIMG&quot; src=&quot;http://255.255.255.255:1/test.jpg&quot; onError=&quot;nextTest();&quot;&gt;&lt;/img&gt;
</del><ins>+&lt;img id=&quot;testIMG&quot; src=&quot;http://255.255.255.255:0/test.jpg&quot; onError=&quot;nextTest();&quot;&gt;&lt;/img&gt;
</ins><span class="cx"> &lt;/body&gt;
</span><span class="cx"> &lt;/html&gt;
</span></span></pre></div>
<a id="trunkWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/WebCore/ChangeLog (56488 => 56489)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/WebCore/ChangeLog        2010-03-25 05:25:39 UTC (rev 56488)
+++ trunk/WebCore/ChangeLog        2010-03-25 05:26:14 UTC (rev 56489)
</span><span class="lines">@@ -1,3 +1,17 @@
</span><ins>+2010-03-24  Mark Rowe  &lt;mrowe@apple.com&gt;
+
+        Reviewed by Darin Adler.
+
+        WebKit should treat port numbers outside the valid range as being blacklisted
+        &lt;http://webkit.org/b/36571&gt; / &lt;rdar://problem/7790908&gt;
+
+        * platform/KURL.cpp:
+        (WebCore::KURL::port): Map invalid port numbers to invalidPortNumber.
+        (WebCore::portAllowed): Add invalidPortNumber to the blacklist.
+        * platform/KURLGoogle.cpp:  invalid port numbers to invalidPortNumber.
+        (WebCore::KURL::port): Add invalidPortNumber to the blacklist.
+        Also bring this in to sync with KURL.  Having this identical code in two places is stupid.
+
</ins><span class="cx"> 2010-03-24  Sam Weinig  &lt;sam@webkit.org&gt;
</span><span class="cx"> 
</span><span class="cx">         Reviewed by Mark Rowe.
</span></span></pre></div>
<a id="trunkWebCoreplatformKURLcpp"></a>
<div class="modfile"><h4>Modified: trunk/WebCore/platform/KURL.cpp (56488 => 56489)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/WebCore/platform/KURL.cpp        2010-03-25 05:25:39 UTC (rev 56488)
+++ trunk/WebCore/platform/KURL.cpp        2010-03-25 05:26:14 UTC (rev 56489)
</span><span class="lines">@@ -215,6 +215,9 @@
</span><span class="cx">     /* 252 */ BadChar, /* 253 */ BadChar, /* 254 */ BadChar, /* 255 */ BadChar
</span><span class="cx"> };
</span><span class="cx"> 
</span><ins>+static const unsigned maximumValidPortNumber = 0xFFFE;
+static const unsigned invalidPortNumber = 0xFFFF;
+
</ins><span class="cx"> static int copyPathRemovingDots(char* dst, const char* src, int srcStart, int srcEnd);
</span><span class="cx"> static void encodeRelativeString(const String&amp; rel, const TextEncoding&amp;, CharBuffer&amp; ouput);
</span><span class="cx"> static String substituteBackslashes(const String&amp;);
</span><span class="lines">@@ -576,9 +579,10 @@
</span><span class="cx">     if (m_hostEnd == m_portEnd)
</span><span class="cx">         return 0;
</span><span class="cx"> 
</span><del>-    int number = m_string.substring(m_hostEnd + 1, m_portEnd - m_hostEnd - 1).toInt();
-    if (number &lt; 0 || number &gt; 0xFFFF)
-        return 0;
</del><ins>+    const UChar* stringData = m_string.characters();
+    unsigned number = charactersToUIntStrict(stringData + m_hostEnd + 1, m_portEnd - m_hostEnd - 1);
+    if (!number || number &gt; maximumValidPortNumber)
+        return invalidPortNumber;
</ins><span class="cx">     return number;
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="lines">@@ -1757,7 +1761,7 @@
</span><span class="cx">         6667, // Standard IRC [Apple addition]
</span><span class="cx">         6668, // Alternate IRC [Apple addition]
</span><span class="cx">         6669, // Alternate IRC [Apple addition]
</span><del>-
</del><ins>+        invalidPortNumber, // Used to block all invalid port numbers
</ins><span class="cx">     };
</span><span class="cx">     const unsigned short* const blockedPortListEnd = blockedPortList + sizeof(blockedPortList) / sizeof(blockedPortList[0]);
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkWebCoreplatformKURLGooglecpp"></a>
<div class="modfile"><h4>Modified: trunk/WebCore/platform/KURLGoogle.cpp (56488 => 56489)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/WebCore/platform/KURLGoogle.cpp        2010-03-25 05:25:39 UTC (rev 56488)
+++ trunk/WebCore/platform/KURLGoogle.cpp        2010-03-25 05:26:14 UTC (rev 56489)
</span><span class="lines">@@ -57,6 +57,8 @@
</span><span class="cx"> 
</span><span class="cx"> namespace WebCore {
</span><span class="cx"> 
</span><ins>+static const unsigned invalidPortNumber = 0xFFFF;
+
</ins><span class="cx"> // Wraps WebCore's text encoding in a character set converter for the
</span><span class="cx"> // canonicalizer.
</span><span class="cx"> class KURLCharsetConverter : public url_canon::CharsetConverter {
</span><span class="lines">@@ -499,7 +501,7 @@
</span><span class="cx"> unsigned short KURL::port() const
</span><span class="cx"> {
</span><span class="cx">     if (!m_url.m_isValid || m_url.m_parsed.port.len &lt;= 0)
</span><del>-        return 0;
</del><ins>+        return invalidPortNumber;
</ins><span class="cx">     int port = url_parse::ParsePort(m_url.utf8String().data(), m_url.m_parsed.port);
</span><span class="cx">     if (port == url_parse::PORT_UNSPECIFIED)
</span><span class="cx">         return 0;
</span><span class="lines">@@ -853,6 +855,12 @@
</span><span class="cx">         3659, // apple-sasl / PasswordServer [Apple addition]
</span><span class="cx">         4045, // lockd
</span><span class="cx">         6000, // X11
</span><ins>+        6665, // Alternate IRC [Apple addition]
+        6666, // Alternate IRC [Apple addition]
+        6667, // Standard IRC [Apple addition]
+        6668, // Alternate IRC [Apple addition]
+        6669, // Alternate IRC [Apple addition]
+        invalidPortNumber, // Used to block all invalid port numbers
</ins><span class="cx">     };
</span><span class="cx">     const unsigned short* const blockedPortListEnd = blockedPortList + sizeof(blockedPortList) / sizeof(blockedPortList[0]);
</span><span class="cx"> 
</span></span></pre>
</div>
</div>

</body>
</html>