mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1191423 - Disallow illegal characters in cookies. r=jduell 

--HG--
extra : rebase_source : 52148cfd4f095f599ed21c8322215d57b6ec4ae0
This commit is contained in:
Nicholas Hurley 2015-09-04 09:58:31 -07:00
Родитель 76e27d8d68
Коммит e205c39fb7
3 изменённых файлов: 32 добавлений и 0 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

15
netwerk/cookie/nsCookieService.cpp
Просмотреть файл

@ -2883,6 +2883,21 @@ nsCookieService::SetCookieInternal(nsIURI *aHostURI,
return newCookie; return newCookie;
} }
// reject cookie if value contains an RFC 6265 disallowed character - see
// https://bugzilla.mozilla.org/show_bug.cgi?id=1191423
// NOTE: this is not the full set of characters disallowed by 6265 - notably
// 0x09, 0x20, 0x22, 0x2C, 0x5C, and 0x7F are missing from this list. This is
// for parity with Chrome.
const char illegalCharacters[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16,
0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D,
0x1E, 0x1F, 0x3B };
if (cookieAttributes.value.FindCharInSet(illegalCharacters, 0) != -1) {
COOKIE_LOGFAILURE(SET_COOKIE, aHostURI, savedCookieHeader, "invalid value character");
return newCookie;
}
// create a new nsCookie and copy attributes // create a new nsCookie and copy attributes
nsRefPtr<nsCookie> cookie = nsRefPtr<nsCookie> cookie =
nsCookie::Create(cookieAttributes.name, nsCookie::Create(cookieAttributes.name,

16
netwerk/test/unit/test_cookie_blacklist.js Normal file
Просмотреть файл

@ -0,0 +1,16 @@
const GOOD_COOKIE = "GoodCookie=OMNOMNOM";
function run_test() {
var ios = Cc["@mozilla.org/network/io-service;1"].getService(Ci.nsIIOService);
var cookieURI = ios.newURI("http://mozilla.org/test_cookie_blacklist.js",
null, null);
var cookieService = Cc["@mozilla.org/cookieService;1"]
.getService(Ci.nsICookieService);
cookieService.setCookieString(cookieURI, null, "BadCookie1=\x01", null);
cookieService.setCookieString(cookieURI, null, "BadCookie2=\v", null);
cookieService.setCookieString(cookieURI, null, GOOD_COOKIE, null);
var storedCookie = cookieService.getCookieString(cookieURI, null);
do_check_eq(storedCookie, GOOD_COOKIE);
}

1
netwerk/test/unit/xpcshell.ini
Просмотреть файл

@ -328,3 +328,4 @@ skip-if = os == "android"
[test_dns_disable_ipv6.js] [test_dns_disable_ipv6.js]
[test_packaged_app_service_paths.js] [test_packaged_app_service_paths.js]
[test_bug1195415.js] [test_bug1195415.js]
[test_cookie_blacklist.js]