shithub: riscv

Download patch

ref: a8735c02b6f4961f53ebbacf8a3d313db8b548fc
parent: 34f3df213c0141d904dbe69ff6cf16bc3cfae28c
author: cinap_lenrek <[email protected]>
date: Wed Jul 29 04:50:53 EDT 2015

webcookies: fix isdomainmatch() (fixes livejournal.com login)

when cookie is domain=example.com, then we implicitely add
dot to the domain name, which made us reject the cookie as the
request domain "example.com" != ".example.com". fix by making
isdomainmatch() skip the implicit dot in pattern before string
comparsion.

--- a/sys/src/cmd/webcookies.c
+++ b/sys/src/cmd/webcookies.c
@@ -522,7 +522,7 @@
 {
 	int lname, lpattern;
 
-	if(cistrcmp(name, pattern)==0)
+	if(cistrcmp(name, pattern + (pattern[0]=='.'))==0)
 		return 1;
 
 	if(strcmp(ipattr(name), "dom")==0 && pattern[0]=='.'){
@@ -589,13 +589,13 @@
 	if(c->explicitdom && c->dom[0] != '.')
 		return "cookie domain doesn't start with dot";
 
-	if(memchr(c->dom+1, '.', strlen(c->dom)-1-1) == nil)
+	if(strlen(c->dom)<=2 || memchr(c->dom+1, '.', strlen(c->dom)-2) == nil)
 		return "cookie domain doesn't have embedded dots";
 
 	if(!isdomainmatch(dom, c->dom))
 		return "request host does not match cookie domain";
 
-	if(strcmp(ipattr(dom), "dom")==0
+	if(strcmp(ipattr(dom), "dom")==0 && strlen(dom)>strlen(c->dom)
 	&& memchr(dom, '.', strlen(dom)-strlen(c->dom)) != nil)
 		return "request host contains dots before cookie domain";
 
@@ -789,6 +789,9 @@
 	char *e, *p, *nextp;
 	Cookie c;
 	int isns, n;
+
+	if(debug)
+		fprint(2, "parsehttp dom=%s path=%s\n", dom, path);
 
 	isns = isnetscape(hdr);
 	n = 0;