summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorportix <none@none>2013-02-14 13:14:11 +0100
committerportix <none@none>2013-02-14 13:14:11 +0100
commitbc933d6e87a4421101be6121b27cab252ccaf7fd (patch)
treeb7916d36d21bc6ae72505d2ac8535ea9a4152bec
parent02d1b0549a11697832b5b15ea66caeb67f04d57f (diff)
downloaddwb-bc933d6e87a4421101be6121b27cab252ccaf7fd.zip
Fixing check for supercookies if a cookie domain starts with a dot
-rw-r--r--src/domain.c18
-rw-r--r--src/domain.h1
-rw-r--r--src/soup.c23
3 files changed, 26 insertions, 16 deletions
diff --git a/src/domain.c b/src/domain.c
index 9aa6f156..29f813b1 100644
--- a/src/domain.c
+++ b/src/domain.c
@@ -139,11 +139,18 @@ count_char(const char *str, char ch)
return count;
}
-const char *
+gboolean
+domain_is_tld(const char *host)
+{
+ g_return_val_if_fail(host != NULL, false);
+
+ return g_hash_table_lookup(s_tld_table, host) != NULL;
+}
+
+const char *
domain_get_tld(const char *host)
{
- if (host == NULL)
- return NULL;
+ g_return_val_if_fail(host != NULL, NULL);
g_return_val_if_fail(s_tld_table != NULL, NULL);
const char *cur_domain = host;
@@ -157,8 +164,7 @@ domain_get_tld(const char *host)
* - cannot start with .
* - must only contain A-Za-z0-9.-_
*/
- if (nextdot == cur_domain ||
- strspn(cur_domain, "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+ if (*cur_domain == '.' || strspn(cur_domain, "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"abcdefghijklmnopqrustuvwxyz"
"0123456789._-") != strlen(cur_domain)) {
return NULL;
@@ -187,7 +193,7 @@ domain_get_tld(const char *host)
}
else if(strcmp(entry, prev_domain) == 0)
break;
- else if(strcmp(entry, prev_domain) != 0)
+ else
{
ret = prev_domain;
break;
diff --git a/src/domain.h b/src/domain.h
index 8203db78..8ce54bea 100644
--- a/src/domain.h
+++ b/src/domain.h
@@ -30,4 +30,5 @@ GSList * domain_get_cookie_domains(WebKitWebView *wv);
gboolean domain_match(char **, const char *, const char *);
const char * domain_get_base_for_host(const char *host);
const char * domain_get_tld(const char *domain);
+gboolean domain_is_tld(const char *domain);
#endif
diff --git a/src/soup.c b/src/soup.c
index d4ff49c6..4c0eb007 100644
--- a/src/soup.c
+++ b/src/soup.c
@@ -280,22 +280,25 @@ dwb_soup_cookie_changed_cb(SoupCookieJar *jar, SoupCookie *old, SoupCookie *new,
if (new)
{
/* Check if this is a super-cookie */
- if (new->domain) {
- const char *base;
- base = domain_get_tld(new->domain);
-
- /* If base is NULL, that means we're trying to set the cookie
- * on a TLD (e.g. ".com", ".co.uk", ".c.jp", ".pref.kyoto.jp")
- */
- if (base == NULL) {
+ if (new->domain)
+ {
+ const char *base = new->domain;
+
+ if (*base == '.')
+ base++;
+
+ if (domain_is_tld(base))
+ {
fprintf(stderr, "Site tried to set super-cookie @ TLD %s (base %s)\n", new->domain, base);
return;
}
}
- if (dwb.state.cookie_store_policy == COOKIE_STORE_PERSISTENT || dwb_soup_test_cookie_allowed(dwb.fc.cookies_allow, new)) {
+ if (dwb.state.cookie_store_policy == COOKIE_STORE_PERSISTENT || dwb_soup_test_cookie_allowed(dwb.fc.cookies_allow, new))
+ {
soup_cookie_jar_add_cookie(s_pers_jar, soup_cookie_copy(new));
- } else
+ }
+ else
{
soup_cookie_jar_add_cookie(s_tmp_jar, soup_cookie_copy(new));