From ccdbe421595cce31a02c3811ec6cce2a21da69c2 Mon Sep 17 00:00:00 2001
From: roytam1 <roytam@gmail.com>
Date: Tue, 26 May 2026 00:09:41 +0800
Subject: [PATCH] import from UXP: [libjar] Check Jar entry names for nulls.
 (aadb6beb)

---
 modules/libjar/nsJARChannel.cpp | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/modules/libjar/nsJARChannel.cpp b/modules/libjar/nsJARChannel.cpp
index 573080644..7d3147045 100644
--- a/modules/libjar/nsJARChannel.cpp
+++ b/modules/libjar/nsJARChannel.cpp
@@ -365,6 +365,11 @@ nsJARChannel::LookupFile(bool aAllowAsync)
     // have e.g. spaces in their filenames.
     NS_UnescapeURL(mJarEntry);
 
+    if (mJarEntry.FindChar('\0') != -1) {
+        // Refuse any entries with NULL in them.
+        return NS_ERROR_MALFORMED_URI;
+    }
+
     // try to get a nsIFile directly from the url, which will often succeed.
     {
         nsCOMPtr<nsIFileURL> fileURL = do_QueryInterface(mJarBaseURI);