From: rjk@greenend.org.uk <>
Date: Tue, 1 Jan 2008 20:35:57 +0000 (+0000)
Subject: Don't use quoted cookies because Safari is buggy.  This means changing
X-Git-Tag: 3.0~99
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/disorder/commitdiff_plain/82c01b317cd1892f4376c68be88a74f971493428

Don't use quoted cookies because Safari is buggy.  This means changing
the separator character and base64 encoding map used to be suitable
for appearance in an unquoted HTTP token.

I suppose I should test with MSIE sometime...
---

diff --git a/lib/cookies.c b/lib/cookies.c
index bc8e9b0..70c8097 100644
--- a/lib/cookies.c
+++ b/lib/cookies.c
@@ -83,6 +83,16 @@ static void newkey(void) {
     hash_foreach(revoked, revoked_cleanup_callback, &now);
 }
 
+/** @brief Base64 mapping table for cookies
+ *
+ * Stupid Safari cannot cope with quoted cookies, so cookies had better not
+ * need quoting.  We use $ to separate the parts of the cookie and +%# to where
+ * MIME uses +/=; see @ref base64.c.  See http_separator() for the characters
+ * to avoid.
+ */
+static const char cookie_base64_table[] =
+  "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+%#";
+
 /** @brief Sign @p subject with @p key and return the base64 of the result
  * @param key Key to sign with (@ref HASHSIZE bytes)
  * @param subject Subject string
@@ -106,7 +116,7 @@ static char *sign(const uint8_t *key,
   }
   gcry_md_write(h, subject, strlen(subject));
   sig = gcry_md_read(h, ALGO);
-  sig64 = mime_to_base64(sig, HASHSIZE);
+  sig64 = generic_to_base64(sig, HASHSIZE, cookie_base64_table);
   gcry_md_close(h);
   return sig64;
 }
@@ -120,9 +130,9 @@ char *make_cookie(const char *user) {
   time_t now;
   char *b, *bp, *c, *g;
 
-  /* semicolons aren't allowed in usernames */
-  if(strchr(user, ';')) {
-    error(0, "make_cookie for username with semicolon");
+  /* dollar signs aren't allowed in usernames */
+  if(strchr(user, '$')) {
+    error(0, "make_cookie for username with dollar sign");
     return 0;
   }
   /* look up the password */
@@ -136,7 +146,7 @@ char *make_cookie(const char *user) {
   if(now >= signing_key_validity_limit)
     newkey();
   /* construct the subject */
-  byte_xasprintf(&b, "%jx;%s;", (intmax_t)now + config->cookie_login_lifetime,
+  byte_xasprintf(&b, "%jx$%s$", (intmax_t)now + config->cookie_login_lifetime,
 		 urlencodestring(user));
   byte_xasprintf(&bp, "%s%s", b, password);
   /* sign it */
@@ -172,12 +182,12 @@ char *verify_cookie(const char *cookie, rights_type *rights) {
     error(errno, "error parsing cookie timestamp");
     return 0;
   }
-  if(*c1 != ';') {
+  if(*c1 != '$') {
     error(0, "invalid cookie timestamp");
     return 0;
   }
-  /* There'd better be two semicolons */
-  c2 = strchr(c1 + 1, ';');
+  /* There'd better be two dollar signs */
+  c2 = strchr(c1 + 1, '$');
   if(c2 == 0) {
     error(0, "invalid cookie syntax");
     return 0;
@@ -202,7 +212,7 @@ char *verify_cookie(const char *cookie, rights_type *rights) {
     return 0;
   /* construct the expected subject.  We re-encode the timestamp and the
    * password. */
-  byte_xasprintf(&bp, "%jx;%s;%s", t, urlencodestring(user), password);
+  byte_xasprintf(&bp, "%jx$%s$%s", t, urlencodestring(user), password);
   /* Compute the expected signature.  NB we base64 the expected signature and
    * compare that rather than exposing our base64 parser to the cookie. */
   if(!(sig = sign(signing_key, bp)))
@@ -234,7 +244,7 @@ void revoke_cookie(const char *cookie) {
   /* reject bogus cookies */
   if(errno)
     return;
-  if(*ptr != ';')
+  if(*ptr != '$')
     return;
   /* make sure the revocation list exists */
   if(!revoked)
diff --git a/lib/mime.c b/lib/mime.c
index 422e1f5..8776647 100644
--- a/lib/mime.c
+++ b/lib/mime.c
@@ -73,7 +73,7 @@ static int tspecial(int c) {
   }
 }
 
-/** @brief Match RFC2616 seprator characters */
+/** @brief Match RFC2616 separator characters */
 static int http_separator(int c) {
   switch(c) {
   case '(':
diff --git a/server/dcgi.c b/server/dcgi.c
index 19a8021..29bac5d 100644
--- a/server/dcgi.c
+++ b/server/dcgi.c
@@ -113,7 +113,7 @@ static void header_cookie(struct sink *output) {
   parse_url(config->url, &u);
   if(login_cookie) {
     dynstr_append_string(d, "disorder=");
-    dynstr_append_string(d, quote822(login_cookie, 0));
+    dynstr_append_string(d, login_cookie);
   } else {
     /* Force browser to discard cookie */
     dynstr_append_string(d, "disorder=none;Max-Age=0");
@@ -123,8 +123,8 @@ static void header_cookie(struct sink *output) {
      * that.  But the default path only goes up to the rightmost /, which would
      * cause the browser to expose the cookie to other CGI programs on the same
      * web server. */
-    dynstr_append_string(d, ";Path=");
-    dynstr_append_string(d, quote822(u.path, 0));
+    dynstr_append_string(d, ";Version=1;Path=");
+    dynstr_append_string(d, u.path);
   }
   dynstr_terminate(d);
   cgi_header(output, "Set-Cookie", d->vec);