the separator character and base64 encoding map used to be suitable
for appearance in an unquoted HTTP token.
I suppose I should test with MSIE sometime...
hash_foreach(revoked, revoked_cleanup_callback, &now);
}
hash_foreach(revoked, revoked_cleanup_callback, &now);
}
+/** @brief Base64 mapping table for cookies
+ *
+ * Stupid Safari cannot cope with quoted cookies, so cookies had better not
+ * need quoting. We use $ to separate the parts of the cookie and +%# to where
+ * MIME uses +/=; see @ref base64.c. See http_separator() for the characters
+ * to avoid.
+ */
+static const char cookie_base64_table[] =
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+%#";
+
/** @brief Sign @p subject with @p key and return the base64 of the result
* @param key Key to sign with (@ref HASHSIZE bytes)
* @param subject Subject string
/** @brief Sign @p subject with @p key and return the base64 of the result
* @param key Key to sign with (@ref HASHSIZE bytes)
* @param subject Subject string
}
gcry_md_write(h, subject, strlen(subject));
sig = gcry_md_read(h, ALGO);
}
gcry_md_write(h, subject, strlen(subject));
sig = gcry_md_read(h, ALGO);
- sig64 = mime_to_base64(sig, HASHSIZE);
+ sig64 = generic_to_base64(sig, HASHSIZE, cookie_base64_table);
gcry_md_close(h);
return sig64;
}
gcry_md_close(h);
return sig64;
}
time_t now;
char *b, *bp, *c, *g;
time_t now;
char *b, *bp, *c, *g;
- /* semicolons aren't allowed in usernames */
- if(strchr(user, ';')) {
- error(0, "make_cookie for username with semicolon");
+ /* dollar signs aren't allowed in usernames */
+ if(strchr(user, '$')) {
+ error(0, "make_cookie for username with dollar sign");
return 0;
}
/* look up the password */
return 0;
}
/* look up the password */
if(now >= signing_key_validity_limit)
newkey();
/* construct the subject */
if(now >= signing_key_validity_limit)
newkey();
/* construct the subject */
- byte_xasprintf(&b, "%jx;%s;", (intmax_t)now + config->cookie_login_lifetime,
+ byte_xasprintf(&b, "%jx$%s$", (intmax_t)now + config->cookie_login_lifetime,
urlencodestring(user));
byte_xasprintf(&bp, "%s%s", b, password);
/* sign it */
urlencodestring(user));
byte_xasprintf(&bp, "%s%s", b, password);
/* sign it */
error(errno, "error parsing cookie timestamp");
return 0;
}
error(errno, "error parsing cookie timestamp");
return 0;
}
error(0, "invalid cookie timestamp");
return 0;
}
error(0, "invalid cookie timestamp");
return 0;
}
- /* There'd better be two semicolons */
- c2 = strchr(c1 + 1, ';');
+ /* There'd better be two dollar signs */
+ c2 = strchr(c1 + 1, '$');
if(c2 == 0) {
error(0, "invalid cookie syntax");
return 0;
if(c2 == 0) {
error(0, "invalid cookie syntax");
return 0;
return 0;
/* construct the expected subject. We re-encode the timestamp and the
* password. */
return 0;
/* construct the expected subject. We re-encode the timestamp and the
* password. */
- byte_xasprintf(&bp, "%jx;%s;%s", t, urlencodestring(user), password);
+ byte_xasprintf(&bp, "%jx$%s$%s", t, urlencodestring(user), password);
/* Compute the expected signature. NB we base64 the expected signature and
* compare that rather than exposing our base64 parser to the cookie. */
if(!(sig = sign(signing_key, bp)))
/* Compute the expected signature. NB we base64 the expected signature and
* compare that rather than exposing our base64 parser to the cookie. */
if(!(sig = sign(signing_key, bp)))
/* reject bogus cookies */
if(errno)
return;
/* reject bogus cookies */
if(errno)
return;
return;
/* make sure the revocation list exists */
if(!revoked)
return;
/* make sure the revocation list exists */
if(!revoked)
-/** @brief Match RFC2616 seprator characters */
+/** @brief Match RFC2616 separator characters */
static int http_separator(int c) {
switch(c) {
case '(':
static int http_separator(int c) {
switch(c) {
case '(':
parse_url(config->url, &u);
if(login_cookie) {
dynstr_append_string(d, "disorder=");
parse_url(config->url, &u);
if(login_cookie) {
dynstr_append_string(d, "disorder=");
- dynstr_append_string(d, quote822(login_cookie, 0));
+ dynstr_append_string(d, login_cookie);
} else {
/* Force browser to discard cookie */
dynstr_append_string(d, "disorder=none;Max-Age=0");
} else {
/* Force browser to discard cookie */
dynstr_append_string(d, "disorder=none;Max-Age=0");
* that. But the default path only goes up to the rightmost /, which would
* cause the browser to expose the cookie to other CGI programs on the same
* web server. */
* that. But the default path only goes up to the rightmost /, which would
* cause the browser to expose the cookie to other CGI programs on the same
* web server. */
- dynstr_append_string(d, ";Path=");
- dynstr_append_string(d, quote822(u.path, 0));
+ dynstr_append_string(d, ";Version=1;Path=");
+ dynstr_append_string(d, u.path);
}
dynstr_terminate(d);
cgi_header(output, "Set-Cookie", d->vec);
}
dynstr_terminate(d);
cgi_header(output, "Set-Cookie", d->vec);
~mdw / disorder / commitdiff