diff options
| author | corvid <corvid@lavabit.com> | 2009-12-31 09:25:56 +0000 |
|---|---|---|
| committer | corvid <corvid@lavabit.com> | 2009-12-31 09:25:56 +0000 |
| commit | 9a088838f613321593516b8aff2794320adc7e52 (patch) | |
| tree | 190ecff1c87519a59577f92b00fd26d1198546a2 | |
| parent | 023dbdb29d2976f731fd73225d5e28478f5c34ce (diff) | |
only strip path when generating default
Having seen the pre-existing strip call in Cookies_get() -- and thinking
unixly of paths -- I did the wrong thing. I was set straight when google
gave me a path attribute of /search and the URL path was /search.
| -rw-r--r-- | dpi/cookies.c | 34 |
1 files changed, 11 insertions, 23 deletions
diff --git a/dpi/cookies.c b/dpi/cookies.c index b1685b47..3229606a 100644 --- a/dpi/cookies.c +++ b/dpi/cookies.c @@ -1046,28 +1046,15 @@ static bool_t Cookies_validate_domain(CookieData_t *cookie, char *host, char *url_path) { int dots, diff, i; - bool_t ret, is_ip; - char *path = Cookies_strip_path(url_path); + bool_t is_ip; /* Make sure that the path is set to something */ if (!cookie->path || cookie->path[0] != '/') { - uint_t pathlen; - dFree(cookie->path); - cookie->path = dStrdup(path); - - /* RFC 2109 does not want a trailing '/', but RFC 2965 does. Since the - * world has taken little notice of 2965 and cookie paths consistently - * lack a trailing '/', let's remove it. - */ - pathlen = strlen(cookie->path); - if (pathlen > 1 && cookie->path[pathlen - 1] == '/') - cookie->path[pathlen - 1] = '\0'; + cookie->path = Cookies_strip_path(url_path); } - ret = Cookies_path_is_prefix(cookie->path, path); - dFree(path); - if (!ret) + if (!Cookies_path_is_prefix(cookie->path, url_path)) return FALSE; /* If the server never set a domain, or set one without a leading @@ -1112,7 +1099,11 @@ static bool_t Cookies_validate_domain(CookieData_t *cookie, char *host, } /* - * Strip the filename from a full path. + * For default path attributes, RFC 2109 gives: "Defaults to the path of the + * request URL that generated the Set-Cookie response, up to, but not + * including, the right-most /". + * + * (RFC 2965 keeps the '/', but is not so widely followed.) */ static char *Cookies_strip_path(const char *path) { @@ -1124,7 +1115,7 @@ static char *Cookies_strip_path(const char *path) while (len && path[len] != '/') len--; - ret = dStrndup(path, len + 1); + ret = dStrndup(path, len ? len : 1); } else { ret = dStrdup("/"); } @@ -1208,7 +1199,7 @@ static bool_t Cookies_match(CookieData_t *cookie, int port, static char *Cookies_get(char *url_host, char *url_path, char *url_scheme, int url_port) { - char *domain_str, *q, *str, *path; + char *domain_str, *q, *str; CookieData_t *cookie; Dlist *matching_cookies; CookieNode *node; @@ -1222,8 +1213,6 @@ static char *Cookies_get(char *url_host, char *url_path, matching_cookies = dList_new(8); - path = Cookies_strip_path(url_path); - /* Check if the protocol is secure or not */ is_ssl = (!dStrcasecmp(url_scheme, "https")); @@ -1241,7 +1230,7 @@ static char *Cookies_get(char *url_host, char *url_path, --i; continue; } /* Check if the cookie matches the requesting URL */ - if (Cookies_match(cookie, url_port, path, is_ssl)) { + if (Cookies_match(cookie, url_port, url_path, is_ssl)) { int j; CookieData_t *curr; uint_t path_length = strlen(cookie->path); @@ -1290,7 +1279,6 @@ static char *Cookies_get(char *url_host, char *url_path, } dList_free(matching_cookies); - dFree(path); str = cookie_dstring->str; dStr_free(cookie_dstring, FALSE); _MSG("%s gets %s\n", url_host, str); |