webcookies: fix isdomainmatch() (fixes livejournal.com login)
when cookie is domain=example.com, then we implicitely add dot to the domain name, which made us reject the cookie as the request domain "example.com" != ".example.com". fix by making isdomainmatch() skip the implicit dot in pattern before string comparsion.
This commit is contained in:
parent
34f3df213c
commit
a8735c02b6
1 changed files with 6 additions and 3 deletions
|
@ -522,7 +522,7 @@ isdomainmatch(char *name, char *pattern)
|
|||
{
|
||||
int lname, lpattern;
|
||||
|
||||
if(cistrcmp(name, pattern)==0)
|
||||
if(cistrcmp(name, pattern + (pattern[0]=='.'))==0)
|
||||
return 1;
|
||||
|
||||
if(strcmp(ipattr(name), "dom")==0 && pattern[0]=='.'){
|
||||
|
@ -589,13 +589,13 @@ isbadcookie(Cookie *c, char *dom, char *path)
|
|||
if(c->explicitdom && c->dom[0] != '.')
|
||||
return "cookie domain doesn't start with dot";
|
||||
|
||||
if(memchr(c->dom+1, '.', strlen(c->dom)-1-1) == nil)
|
||||
if(strlen(c->dom)<=2 || memchr(c->dom+1, '.', strlen(c->dom)-2) == nil)
|
||||
return "cookie domain doesn't have embedded dots";
|
||||
|
||||
if(!isdomainmatch(dom, c->dom))
|
||||
return "request host does not match cookie domain";
|
||||
|
||||
if(strcmp(ipattr(dom), "dom")==0
|
||||
if(strcmp(ipattr(dom), "dom")==0 && strlen(dom)>strlen(c->dom)
|
||||
&& memchr(dom, '.', strlen(dom)-strlen(c->dom)) != nil)
|
||||
return "request host contains dots before cookie domain";
|
||||
|
||||
|
@ -790,6 +790,9 @@ parsehttp(Jar *jar, char *hdr, char *dom, char *path)
|
|||
Cookie c;
|
||||
int isns, n;
|
||||
|
||||
if(debug)
|
||||
fprint(2, "parsehttp dom=%s path=%s\n", dom, path);
|
||||
|
||||
isns = isnetscape(hdr);
|
||||
n = 0;
|
||||
for(p=hdr; p; p=nextp){
|
||||
|
|
Loading…
Reference in a new issue