From adbda444cb3eaa7baf83728bdd3e4c52029cae18 Mon Sep 17 00:00:00 2001 From: "morse%netscape.com" Date: Sat, 20 Jul 2002 07:38:16 +0000 Subject: [PATCH] bug 155114, back out all patches for fixing cookie-stealing bug, a=asa --- extensions/cookie/nsCookies.cpp | 47 +++++++++------------------------ 1 file changed, 13 insertions(+), 34 deletions(-) diff --git a/extensions/cookie/nsCookies.cpp b/extensions/cookie/nsCookies.cpp index 465a1058d434..05659a7da321 100644 --- a/extensions/cookie/nsCookies.cpp +++ b/extensions/cookie/nsCookies.cpp @@ -666,23 +666,6 @@ cookie_IsInDomain(char* domain, char* host, int hostLength) { return PR_FALSE; } -static PRBool -cookie_pathOK(const char* cookiePath, const char* currentPath) { - if (!cookiePath || !currentPath) { - return PR_FALSE; - } - - // determine length of each, excluding anything past last slash - char * pos = PL_strrchr(cookiePath, '/'); - int cookiePathLen = pos ? pos+1-cookiePath : 0; - pos = PL_strrchr(currentPath, '/'); - int currentPathLen = pos ? pos+1-currentPath : 0; - - // test for subpath - return (currentPathLen >= cookiePathLen && - !PL_strncmp(currentPath, cookiePath, cookiePathLen)); -} - /* returns PR_TRUE if authorization is required ** ** @@ -752,8 +735,8 @@ COOKIE_GetCookie(nsIURI * address) { continue; } - /* shorter path strings always come last so there can be no ambiquity */ - if(cookie_pathOK(cookie_s->path, path.get())) { + /* shorter strings always come last so there can be no ambiquity */ + if(cookie_s->path && !PL_strncmp(path.get(), cookie_s->path, PL_strlen(cookie_s->path))) { /* if the cookie is secure and the path isn't, dont send it */ if (cookie_s->isSecure & !isSecure) { @@ -1282,23 +1265,19 @@ cookie_SetCookieString(nsIURI * curURL, nsIPrompt *aPrompter, const char * setCo PR_Free(domain_from_header); } } - - /* ignore slashes in the query string part because that will upset the pathok test */ - char * iter = PL_strchr(cur_path.get(), '?'); - if(iter) { - *iter = '\0'; - } - - /* set path if none found in header, else verify that host has authority for indicated path */ if(!path_from_header) { - path_from_header = nsCRT::strdup(cur_path.get()); - } else { - if(!cookie_pathOK(path_from_header, cur_path.get())) { - PR_FREEIF(path_from_header); - PR_FREEIF(host_from_header); - nsCRT::free(setCookieHeaderInternal); - return; + /* Strip down everything after the last slash to get the path, + * ignoring slashes in the query string part. + */ + char * iter = PL_strchr(cur_path.get(), '?'); + if(iter) { + *iter = '\0'; } + iter = PL_strrchr(cur_path.get(), '/'); + if(iter) { + *iter = '\0'; + } + path_from_header = nsCRT::strdup(cur_path.get()); } if(!host_from_header) { host_from_header = nsCRT::strdup(cur_host.get());