webcookies: fix isdomainmatch() (fixes livejournal.com login)

when cookie is domain=example.com, then we implicitely add dot to the domain name, which made us reject the cookie as the request domain "example.com" != ".example.com". fix by making isdomainmatch() skip the implicit dot in pattern before string comparsion.
2015-07-29 08:50:53 +02:00 · 2015-07-29 08:50:53 +02:00 · a8735c02b6
parent 34f3df213c
commit a8735c02b6
1 changed files with 6 additions and 3 deletions
--- a/sys/src/cmd/webcookies.c
+++ b/sys/src/cmd/webcookies.c
@ -522,7 +522,7 @@ isdomainmatch(char *name, char *pattern)
 {
 	int lname, lpattern;

-	if(cistrcmp(name, pattern)==0)
+	if(cistrcmp(name, pattern + (pattern[0]=='.'))==0)
 		return 1;

 	if(strcmp(ipattr(name), "dom")==0 && pattern[0]=='.'){
@ -589,13 +589,13 @@ isbadcookie(Cookie *c, char *dom, char *path)
 	if(c->explicitdom && c->dom[0] != '.')
 		return "cookie domain doesn't start with dot";

-	if(memchr(c->dom+1, '.', strlen(c->dom)-1-1) == nil)
+	if(strlen(c->dom)<=2 || memchr(c->dom+1, '.', strlen(c->dom)-2) == nil)
 		return "cookie domain doesn't have embedded dots";

 	if(!isdomainmatch(dom, c->dom))
 		return "request host does not match cookie domain";

-	if(strcmp(ipattr(dom), "dom")==0
+	if(strcmp(ipattr(dom), "dom")==0 && strlen(dom)>strlen(c->dom)
 	&& memchr(dom, '.', strlen(dom)-strlen(c->dom)) != nil)
 		return "request host contains dots before cookie domain";

@ -790,6 +790,9 @@ parsehttp(Jar *jar, char *hdr, char *dom, char *path)
 	Cookie c;
 	int isns, n;

+	if(debug)
+		fprint(2, "parsehttp dom=%s path=%s\n", dom, path);
+
 	isns = isnetscape(hdr);
 	n = 0;
 	for(p=hdr; p; p=nextp){