ref: a8735c02b6f4961f53ebbacf8a3d313db8b548fc
parent: 34f3df213c0141d904dbe69ff6cf16bc3cfae28c
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Wed Jul 29 04:50:53 EDT 2015
webcookies: fix isdomainmatch() (fixes livejournal.com login) when cookie is domain=example.com, then we implicitely add dot to the domain name, which made us reject the cookie as the request domain "example.com" != ".example.com". fix by making isdomainmatch() skip the implicit dot in pattern before string comparsion.
--- a/sys/src/cmd/webcookies.c
+++ b/sys/src/cmd/webcookies.c
@@ -522,7 +522,7 @@
{int lname, lpattern;
- if(cistrcmp(name, pattern)==0)
+ if(cistrcmp(name, pattern + (pattern[0]=='.'))==0)
return 1;
if(strcmp(ipattr(name), "dom")==0 && pattern[0]=='.'){@@ -589,13 +589,13 @@
if(c->explicitdom && c->dom[0] != '.')
return "cookie domain doesn't start with dot";
- if(memchr(c->dom+1, '.', strlen(c->dom)-1-1) == nil)
+ if(strlen(c->dom)<=2 || memchr(c->dom+1, '.', strlen(c->dom)-2) == nil)
return "cookie domain doesn't have embedded dots";
if(!isdomainmatch(dom, c->dom))
return "request host does not match cookie domain";
- if(strcmp(ipattr(dom), "dom")==0
+ if(strcmp(ipattr(dom), "dom")==0 && strlen(dom)>strlen(c->dom)
&& memchr(dom, '.', strlen(dom)-strlen(c->dom)) != nil)
return "request host contains dots before cookie domain";
@@ -789,6 +789,9 @@
char *e, *p, *nextp;
Cookie c;
int isns, n;
+
+ if(debug)
+ fprint(2, "parsehttp dom=%s path=%s\n", dom, path);
isns = isnetscape(hdr);
n = 0;
--
⑨