From a8735c02b6f4961f53ebbacf8a3d313db8b548fc Mon Sep 17 00:00:00 2001 From: cinap_lenrek Date: Wed, 29 Jul 2015 08:50:53 +0200 Subject: webcookies: fix isdomainmatch() (fixes livejournal.com login) when cookie is domain=example.com, then we implicitely add dot to the domain name, which made us reject the cookie as the request domain "example.com" != ".example.com". fix by making isdomainmatch() skip the implicit dot in pattern before string comparsion. --- sys/src/cmd/webcookies.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/sys/src/cmd/webcookies.c b/sys/src/cmd/webcookies.c index 02945ad19..91858d671 100644 --- a/sys/src/cmd/webcookies.c +++ b/sys/src/cmd/webcookies.c @@ -522,7 +522,7 @@ isdomainmatch(char *name, char *pattern) { int lname, lpattern; - if(cistrcmp(name, pattern)==0) + if(cistrcmp(name, pattern + (pattern[0]=='.'))==0) return 1; if(strcmp(ipattr(name), "dom")==0 && pattern[0]=='.'){ @@ -589,13 +589,13 @@ isbadcookie(Cookie *c, char *dom, char *path) if(c->explicitdom && c->dom[0] != '.') return "cookie domain doesn't start with dot"; - if(memchr(c->dom+1, '.', strlen(c->dom)-1-1) == nil) + if(strlen(c->dom)<=2 || memchr(c->dom+1, '.', strlen(c->dom)-2) == nil) return "cookie domain doesn't have embedded dots"; if(!isdomainmatch(dom, c->dom)) return "request host does not match cookie domain"; - if(strcmp(ipattr(dom), "dom")==0 + if(strcmp(ipattr(dom), "dom")==0 && strlen(dom)>strlen(c->dom) && memchr(dom, '.', strlen(dom)-strlen(c->dom)) != nil) return "request host contains dots before cookie domain"; @@ -790,6 +790,9 @@ parsehttp(Jar *jar, char *hdr, char *dom, char *path) Cookie c; int isns, n; + if(debug) + fprint(2, "parsehttp dom=%s path=%s\n", dom, path); + isns = isnetscape(hdr); n = 0; for(p=hdr; p; p=nextp){ -- cgit v1.2.3