GetHostNameWithHTTPScheme mangles literal IPv6 addresses, has confusing comments |
|||
Issue descriptionIn password_protection_service.cc GetHostNameWithHTTPScheme() uses url.HostNoBrackets() to get the hostname. So for a URL containing an IPv6 address like https://[::1]/foo it will retrieve a hostname of "::1", then concatenate it with http:// to produce http://::1 which is an invalid URL. I couldn't see any tests for IPv6 literal addresses so I can't tell whether or not this has an impact on the correctness of the function. It seems unlikely that creating invalid URLs is the intent of the function, but if it is it would be helpful to readers if it was mentioned in a comment. It should probably be using url.host() rather than HostNoBrackets(). Or host_piece() for less string copies. The comment on the function says // Given a URL of either http or https scheme, return its scheme://hostname. // e.g., "https://www.foo.com:80/bar/test.cgi" -> "http://www.foo.com". I think instead of "its scheme://hostname" this should say "http://hostname".
,
Jun 23 2017
,
Jun 23 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/ab4e009f7069ddb500a1ad4503cb19a3a9018458 commit ab4e009f7069ddb500a1ad4503cb19a3a9018458 Author: jialiul <jialiul@chromium.org> Date: Fri Jun 23 15:57:23 2017 Fix GetHostNameWithHTTPScheme for IPv6 addresses BUG= 736324 Review-Url: https://codereview.chromium.org/2959443003 Cr-Commit-Position: refs/heads/master@{#481905} [modify] https://crrev.com/ab4e009f7069ddb500a1ad4503cb19a3a9018458/components/safe_browsing/password_protection/password_protection_service.cc [modify] https://crrev.com/ab4e009f7069ddb500a1ad4503cb19a3a9018458/components/safe_browsing/password_protection/password_protection_service_unittest.cc
,
Jun 23 2017
|
|||
►
Sign in to add a comment |
|||
Comment 1 by ricea@chromium.org
, Jun 23 2017