From 136ab69fb37b60b9455b126fa91183cd7176c93d Mon Sep 17 00:00:00 2001
From: Fedor <fedor@mail.ru>
Date: Thu, 16 Jul 2020 03:50:17 +0300
Subject: [PATCH] [AppCache] Add check for disallowed encoded path separators.

---
 uriloader/prefetch/nsOfflineCacheUpdate.cpp | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/uriloader/prefetch/nsOfflineCacheUpdate.cpp b/uriloader/prefetch/nsOfflineCacheUpdate.cpp
index 4b6cd4d0c..8a4183429 100644
--- a/uriloader/prefetch/nsOfflineCacheUpdate.cpp
+++ b/uriloader/prefetch/nsOfflineCacheUpdate.cpp
@@ -948,6 +948,14 @@ nsOfflineManifestItem::HandleManifestLine(const nsCString::const_iterator &aBegi
                                     mStrictFileOriginPolicy))
             break;
 
+        // Check fallback path for disallowed encoded path separators
+        nsAutoCString path;
+        fallbackURI->GetFilePath(path);
+        if (path.Find("%2f") != kNotFound || path.Find("%2F") != kNotFound) {
+            LogToConsole("Offline cache manifest bad fallback path", this);
+            break;
+        }
+        
         mFallbackURIs.AppendObject(fallbackURI);
 
         AddNamespace(nsIApplicationCacheNamespace::NAMESPACE_FALLBACK,