changeset 1675:20e683b693c0

disallow nameless cookies
author corvid <corvid@lavabit.com>
date Sun, 16 May 2010 22:25:51 +0000
parents f9c22caddf71
children 380c28dea5a9
files dpi/cookies.c test/cookies.c
diffstat 2 files changed, 8 insertions(+), 20 deletions(-) [+]
line wrap: on
line diff
--- a/dpi/cookies.c	Mon May 10 06:55:56 2010 +0200
+++ b/dpi/cookies.c	Sun May 16 22:25:51 2010 +0000
@@ -797,30 +797,22 @@
 
       /* Get the value for the attribute and store it */
       if (first_attr) {
-         if (!*str && !*attr) {
+         if (*str != '=' || *attr == '\0') {
+            /* disregard nameless cookie */
             dFree(attr);
             return NULL;
          }
          cookie = dNew0(CookieData_t, 1);
+         cookie->name = attr;
+         cookie->value = Cookies_parse_value(&str);
 
-         /* let's arbitrarily choose a year for now */
+         /* let's arbitrarily initialise with a year for now */
          time_t now = time(NULL);
          struct tm *tm = gmtime(&now);
          ++tm->tm_year;
          cookie->expires_at = mktime(tm);
          if (cookie->expires_at == (time_t) -1)
             cookie->expires_at = cookies_future_time;
-
-         if (*str != '=') {
-            /* NOTE it seems possible that the Working Group will decide
-             * against allowing nameless cookies.
-             */
-            cookie->name = dStrdup("");
-            cookie->value = attr;
-         } else {
-            cookie->name = attr;
-            cookie->value = Cookies_parse_value(&str);
-         }
       } else if (dStrcasecmp(attr, "Path") == 0) {
          value = Cookies_parse_value(&str);
          dFree(cookie->path);
@@ -1272,9 +1264,7 @@
       dStr_sprintfa(cookie_dstring, "Cookie: ");
 
       for (i = 0; (cookie = dList_nth_data(matching_cookies, i)); ++i) {
-         dStr_sprintfa(cookie_dstring,
-                       "%s%s%s",
-                       cookie->name, *cookie->name ? "=" : "", cookie->value);
+         dStr_sprintfa(cookie_dstring, "%s=%s", cookie->name, cookie->value);
          dStr_append(cookie_dstring,
                      dList_length(matching_cookies) > i + 1 ? "; " : "\r\n");
       }
--- a/test/cookies.c	Mon May 10 06:55:56 2010 +0200
+++ b/test/cookies.c	Sun May 16 22:25:51 2010 +0000
@@ -911,11 +911,9 @@
    a_Cookies_set("value", "nonameval.org", "/", NULL);
    a_Cookies_set("name=", "nonameval.org", "/", NULL);
    a_Cookies_set("name2= ", "nonameval.org", "/", NULL);
-   expect(__LINE__, "Cookie: value; name=; name2=\r\n", "http",
-          "nonameval.org", "/");
+   expect(__LINE__, "Cookie: name=; name2=\r\n", "http", "nonameval.org", "/");
    a_Cookies_set("=val2", "nonameval.org", "/", NULL);
-   expect(__LINE__, "Cookie: name=; name2=; val2\r\n", "http",
-          "nonameval.org", "/");
+   expect(__LINE__, "Cookie: name=; name2=\r\n", "http", "nonameval.org", "/");
 
 
    /* SOME IP ADDRS */