changeset 1487:a8c342191c16

only strip path when generating default Having seen the pre-existing strip call in Cookies_get() -- and thinking unixly of paths -- I did the wrong thing. I was set straight when google gave me a path attribute of /search and the URL path was /search.
author corvid <corvid@lavabit.com>
date Thu, 31 Dec 2009 09:25:56 +0000
parents 4fbeadf3191b
children afe771c1d19f
files dpi/cookies.c
diffstat 1 files changed, 11 insertions(+), 23 deletions(-) [+]
line wrap: on
line diff
--- a/dpi/cookies.c	Thu Dec 31 05:56:39 2009 +0000
+++ b/dpi/cookies.c	Thu Dec 31 09:25:56 2009 +0000
@@ -1046,28 +1046,15 @@
                                       char *url_path)
 {
    int dots, diff, i;
-   bool_t ret, is_ip;
-   char *path = Cookies_strip_path(url_path);
+   bool_t is_ip;
 
    /* Make sure that the path is set to something */
    if (!cookie->path || cookie->path[0] != '/') {
-      uint_t pathlen;
-
       dFree(cookie->path);
-      cookie->path = dStrdup(path);
-
-      /* RFC 2109 does not want a trailing '/', but RFC 2965 does. Since the
-       * world has taken little notice of 2965 and cookie paths consistently
-       * lack a trailing '/', let's remove it.
-       */
-      pathlen = strlen(cookie->path);
-      if (pathlen > 1 && cookie->path[pathlen - 1] == '/')
-         cookie->path[pathlen - 1] = '\0';
+      cookie->path = Cookies_strip_path(url_path);
    }
 
-   ret = Cookies_path_is_prefix(cookie->path, path);
-   dFree(path);
-   if (!ret)
+   if (!Cookies_path_is_prefix(cookie->path, url_path))
       return FALSE;
 
    /* If the server never set a domain, or set one without a leading
@@ -1112,7 +1099,11 @@
 }
 
 /*
- * Strip the filename from a full path.
+ * For default path attributes, RFC 2109 gives: "Defaults to the path of the
+ * request URL that generated the Set-Cookie response, up to, but not
+ * including, the right-most /".
+ *
+ * (RFC 2965 keeps the '/', but is not so widely followed.)
  */
 static char *Cookies_strip_path(const char *path)
 {
@@ -1124,7 +1115,7 @@
 
       while (len && path[len] != '/')
          len--;
-      ret = dStrndup(path, len + 1);
+      ret = dStrndup(path, len ? len : 1);
    } else {
       ret = dStrdup("/");
    }
@@ -1208,7 +1199,7 @@
 static char *Cookies_get(char *url_host, char *url_path,
                          char *url_scheme, int url_port)
 {
-   char *domain_str, *q, *str, *path;
+   char *domain_str, *q, *str;
    CookieData_t *cookie;
    Dlist *matching_cookies;
    CookieNode *node;
@@ -1222,8 +1213,6 @@
 
    matching_cookies = dList_new(8);
 
-   path = Cookies_strip_path(url_path);
-
    /* Check if the protocol is secure or not */
    is_ssl = (!dStrcasecmp(url_scheme, "https"));
 
@@ -1241,7 +1230,7 @@
             --i; continue;
          }
          /* Check if the cookie matches the requesting URL */
-         if (Cookies_match(cookie, url_port, path, is_ssl)) {
+         if (Cookies_match(cookie, url_port, url_path, is_ssl)) {
             int j;
             CookieData_t *curr;
             uint_t path_length = strlen(cookie->path);
@@ -1290,7 +1279,6 @@
    }
 
    dList_free(matching_cookies);
-   dFree(path);
    str = cookie_dstring->str;
    dStr_free(cookie_dstring, FALSE);
    _MSG("%s gets %s\n", url_host, str);