diff options
| author | corvid <devnull@localhost> | 2015-06-28 18:49:55 +0000 |
|---|---|---|
| committer | corvid <devnull@localhost> | 2015-06-28 18:49:55 +0000 |
| commit | 5b3daeca8547c7dd7bbcd570fd889edebf065120 (patch) | |
| tree | e77044d39853a591d81ad08ca3541e4c306bba46 | |
| parent | 10d6b4af3b06e6a03d42f2a284a0212751263fd8 (diff) | |
cookies be careful with overflow with ridiculously huge Max-Age values
...not that there's any obvious justification for storing cookies for decades.
| -rw-r--r-- | dpi/cookies.c | 14 | ||||
| -rw-r--r-- | test/cookies.c | 23 |
2 files changed, 33 insertions, 4 deletions
diff --git a/dpi/cookies.c b/dpi/cookies.c index 51767241..29902d17 100644 --- a/dpi/cookies.c +++ b/dpi/cookies.c @@ -45,6 +45,7 @@ int main(void) #include <stdio.h> #include <time.h> /* for time() and time_t */ #include <ctype.h> +#include <limits.h> #include <netdb.h> #include <signal.h> #include "dpiutil.h" @@ -835,11 +836,20 @@ static CookieData_t *Cookies_parse(char *cookie_str, const char *server_date) } else if (dStrAsciiCasecmp(attr, "Max-Age") == 0) { value = Cookies_parse_value(&str); if (isdigit(*value) || *value == '-') { + long age; time_t now = time(NULL); - long age = strtol(value, NULL, 10); struct tm *tm = gmtime(&now); - tm->tm_sec += age; + errno = 0; + age = (*value == '-') ? 0 : strtol(value, NULL, 10); + + if (errno == ERANGE || + (age > 0 && (age > INT_MAX - tm->tm_sec))) { + /* let's not overflow */ + tm->tm_sec = INT_MAX; + } else { + tm->tm_sec += age; + } cookie->expires_at = mktime(tm); if (age > 0 && cookie->expires_at == (time_t) -1) { cookie->expires_at = cookies_future_time; diff --git a/test/cookies.c b/test/cookies.c index ff744c97..85031043 100644 --- a/test/cookies.c +++ b/test/cookies.c @@ -539,14 +539,33 @@ static void maxage() a_Cookies_set("name=val; max-age=0", "maxage0.com", "/", NULL); expect(__LINE__, "", "http", "maxage0.com", "/"); + a_Cookies_set("name=val; max-age=-0", "maxage-0.com", "/", NULL); + expect(__LINE__, "", "http", "maxage-0.com", "/"); + a_Cookies_set("name=val; max-age=100", "maxage100.com", "/", NULL); expect(__LINE__, "Cookie: name=val\r\n", "http", "maxage100.com", "/"); a_Cookies_set("name=val; max-age=-100", "maxage-100.com", "/", NULL); expect(__LINE__, "", "http", "maxage-100.com", "/"); - a_Cookies_set("name=val; max-age=2000000000", "maxage-huge.com", "/", NULL); - expect(__LINE__, "Cookie: name=val\r\n", "http", "maxage-huge.com", "/"); + a_Cookies_set("name=val; max-age=2000000000", "maxage2bil.com", "/", NULL); + expect(__LINE__, "Cookie: name=val\r\n", "http", "maxage2bil.com", "/"); + + a_Cookies_set("name=val; max-age=3000000000", "maxage3bil.com", "/", NULL); + expect(__LINE__, "Cookie: name=val\r\n", "http", "maxage3bil.com", "/"); + + a_Cookies_set("name=val; max-age=7000000000", "maxage7bil.com", "/", NULL); + expect(__LINE__, "Cookie: name=val\r\n", "http", "maxage7bil.com", "/"); + + a_Cookies_set("name=val; max-age=-2000000000", "maxage-2bil.com", "/",NULL); + expect(__LINE__, "", "http", "maxage-2bil.com", "/"); + + a_Cookies_set("name=val; max-age=-3000000000", "maxage-3bil.com", "/",NULL); + expect(__LINE__, "", "http", "maxage-3bil.com", "/"); + + a_Cookies_set("name=val; max-age=-7000000000", "maxage-7bil.com", "/",NULL); + expect(__LINE__, "", "http", "maxage-7bil.com", "/"); + /* just having a server date shouldn't matter */ a_Cookies_set("name=val; max-age=0", "maxage0s.com", "/", server_date); |