diff options
| author | corvid <corvid@lavabit.com> | 2010-05-16 22:25:51 +0000 |
|---|---|---|
| committer | corvid <corvid@lavabit.com> | 2010-05-16 22:25:51 +0000 |
| commit | be31fe4e379323723bc63af9cd57169dce5fbc5f (patch) | |
| tree | 1fec3bd37adc552934cbda00f706525e0e39cd10 | |
| parent | 80a226f0f7b5405ba0974344995eb9b193cd005b (diff) | |
disallow nameless cookies
| -rw-r--r-- | dpi/cookies.c | 22 | ||||
| -rw-r--r-- | test/cookies.c | 6 |
2 files changed, 8 insertions, 20 deletions
diff --git a/dpi/cookies.c b/dpi/cookies.c index 4806a8cf..3fd2d2b0 100644 --- a/dpi/cookies.c +++ b/dpi/cookies.c @@ -797,30 +797,22 @@ static CookieData_t *Cookies_parse(char *cookie_str, const char *server_date) /* Get the value for the attribute and store it */ if (first_attr) { - if (!*str && !*attr) { + if (*str != '=' || *attr == '\0') { + /* disregard nameless cookie */ dFree(attr); return NULL; } cookie = dNew0(CookieData_t, 1); + cookie->name = attr; + cookie->value = Cookies_parse_value(&str); - /* let's arbitrarily choose a year for now */ + /* let's arbitrarily initialise with a year for now */ time_t now = time(NULL); struct tm *tm = gmtime(&now); ++tm->tm_year; cookie->expires_at = mktime(tm); if (cookie->expires_at == (time_t) -1) cookie->expires_at = cookies_future_time; - - if (*str != '=') { - /* NOTE it seems possible that the Working Group will decide - * against allowing nameless cookies. - */ - cookie->name = dStrdup(""); - cookie->value = attr; - } else { - cookie->name = attr; - cookie->value = Cookies_parse_value(&str); - } } else if (dStrcasecmp(attr, "Path") == 0) { value = Cookies_parse_value(&str); dFree(cookie->path); @@ -1272,9 +1264,7 @@ static char *Cookies_get(char *url_host, char *url_path, dStr_sprintfa(cookie_dstring, "Cookie: "); for (i = 0; (cookie = dList_nth_data(matching_cookies, i)); ++i) { - dStr_sprintfa(cookie_dstring, - "%s%s%s", - cookie->name, *cookie->name ? "=" : "", cookie->value); + dStr_sprintfa(cookie_dstring, "%s=%s", cookie->name, cookie->value); dStr_append(cookie_dstring, dList_length(matching_cookies) > i + 1 ? "; " : "\r\n"); } diff --git a/test/cookies.c b/test/cookies.c index d3ff7ae6..af59cb48 100644 --- a/test/cookies.c +++ b/test/cookies.c @@ -911,11 +911,9 @@ int main() a_Cookies_set("value", "nonameval.org", "/", NULL); a_Cookies_set("name=", "nonameval.org", "/", NULL); a_Cookies_set("name2= ", "nonameval.org", "/", NULL); - expect(__LINE__, "Cookie: value; name=; name2=\r\n", "http", - "nonameval.org", "/"); + expect(__LINE__, "Cookie: name=; name2=\r\n", "http", "nonameval.org", "/"); a_Cookies_set("=val2", "nonameval.org", "/", NULL); - expect(__LINE__, "Cookie: name=; name2=; val2\r\n", "http", - "nonameval.org", "/"); + expect(__LINE__, "Cookie: name=; name2=\r\n", "http", "nonameval.org", "/"); /* SOME IP ADDRS */ |