From e9eb8f7b32932b8add792e68d60386f97a44e1fb Mon Sep 17 00:00:00 2001 Message-Id: From: Mark Wooding Date: Sun, 20 Apr 2008 15:04:12 +0100 Subject: [PATCH] Cope with a toxic cookie Ross found under a rock Organization: Straylight/Edgeware From: Richard Kettlewell --- CHANGES | 3 +++ lib/mime.c | 22 +++++++++++++++++++++- lib/t-cookies.c | 13 ++++++++++--- 3 files changed, 34 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index a8c0902..6d92b62 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,9 @@ Builds --without-server should work again. +The web interface is a bit more liberal in the cookie value syntax it +will accept. + * Changes up to version 3.0.1 Debian upgrades from 2.0.x should now work better. diff --git a/lib/mime.c b/lib/mime.c index 78a8bd3..da41426 100644 --- a/lib/mime.c +++ b/lib/mime.c @@ -527,6 +527,26 @@ static int cookie_separator(int c) { } } +/** @brief Match cookie value separator characters + * + * Same as cookie_separator() but allows for @c = in cookie values. + */ +static int cookie_value_separator(int c) { + switch(c) { + case '(': + case ')': + case ',': + case ';': + case ' ': + case '"': + case '\t': + return 1; + + default: + return 0; + } +} + /** @brief Parse a RFC2109 Cookie: header * @param s Header field value * @param cd Where to store result @@ -557,7 +577,7 @@ int parse_cookie(const char *s, return -1; } s = skipwhite(s, 0); - if(!(s = mime_parse_word(s, &v, cookie_separator))) { + if(!(s = mime_parse_word(s, &v, cookie_value_separator))) { error(0, "parse_cookie: cannot parse value for '%s'", n); return -1; } diff --git a/lib/t-cookies.c b/lib/t-cookies.c index 89e9287..7fdde32 100644 --- a/lib/t-cookies.c +++ b/lib/t-cookies.c @@ -27,7 +27,7 @@ void test_cookies(void) { /* These are the examples from RFC2109 */ insist(!parse_cookie("$Version=\"1\"; Customer=\"WILE_E_COYOTE\"; $Path=\"/acme\"", cd)); insist(!strcmp(cd->version, "1")); - insist(cd->ncookies = 1); + insist(cd->ncookies == 1); insist(find_cookie(cd, "Customer") == &cd->cookies[0]); check_string(cd->cookies[0].value, "WILE_E_COYOTE"); check_string(cd->cookies[0].path, "/acme"); @@ -36,7 +36,7 @@ void test_cookies(void) { "Customer=\"WILE_E_COYOTE\"; $Path=\"/acme\";\n" "Part_Number=\"Rocket_Launcher_0001\"; $Path=\"/acme\"", cd)); - insist(cd->ncookies = 2); + insist(cd->ncookies == 2); insist(find_cookie(cd, "Customer") == &cd->cookies[0]); insist(find_cookie(cd, "Part_Number") == &cd->cookies[1]); check_string(cd->cookies[0].value, "WILE_E_COYOTE"); @@ -50,7 +50,7 @@ void test_cookies(void) { "Part_Number=\"Rocket_Launcher_0001\"; $Path=\"/acme\";\n" "Shipping=\"FedEx\"; $Path=\"/acme\"", cd)); - insist(cd->ncookies = 3); + insist(cd->ncookies == 3); insist(find_cookie(cd, "Customer") == &cd->cookies[0]); insist(find_cookie(cd, "Part_Number") == &cd->cookies[1]); insist(find_cookie(cd, "Shipping") == &cd->cookies[2]); @@ -63,6 +63,13 @@ void test_cookies(void) { check_string(cd->cookies[2].value, "FedEx"); check_string(cd->cookies[2].path, "/acme"); insist(cd->cookies[2].domain == 0); + + insist(!parse_cookie("BX=brqn3il3r9jro&b=3&s=vv", cd)); + insist(cd->ncookies == 1); + insist(find_cookie(cd, "BX") == &cd->cookies[0]); + check_string(cd->cookies[0].value, "brqn3il3r9jro&b=3&s=vv"); + insist(cd->cookies[0].path == 0); + insist(cd->cookies[0].domain == 0); } /* -- [mdw]