diff options
author | portix <none@none> | 2013-02-14 13:14:11 +0100 |
---|---|---|
committer | portix <none@none> | 2013-02-14 13:14:11 +0100 |
commit | bc933d6e87a4421101be6121b27cab252ccaf7fd (patch) | |
tree | b7916d36d21bc6ae72505d2ac8535ea9a4152bec | |
parent | 02d1b0549a11697832b5b15ea66caeb67f04d57f (diff) | |
download | dwb-bc933d6e87a4421101be6121b27cab252ccaf7fd.zip |
Fixing check for supercookies if a cookie domain starts with a dot
-rw-r--r-- | src/domain.c | 18 | ||||
-rw-r--r-- | src/domain.h | 1 | ||||
-rw-r--r-- | src/soup.c | 23 |
3 files changed, 26 insertions, 16 deletions
diff --git a/src/domain.c b/src/domain.c index 9aa6f156..29f813b1 100644 --- a/src/domain.c +++ b/src/domain.c @@ -139,11 +139,18 @@ count_char(const char *str, char ch) return count; } -const char * +gboolean +domain_is_tld(const char *host) +{ + g_return_val_if_fail(host != NULL, false); + + return g_hash_table_lookup(s_tld_table, host) != NULL; +} + +const char * domain_get_tld(const char *host) { - if (host == NULL) - return NULL; + g_return_val_if_fail(host != NULL, NULL); g_return_val_if_fail(s_tld_table != NULL, NULL); const char *cur_domain = host; @@ -157,8 +164,7 @@ domain_get_tld(const char *host) * - cannot start with . * - must only contain A-Za-z0-9.-_ */ - if (nextdot == cur_domain || - strspn(cur_domain, "ABCDEFGHIJKLMNOPQRSTUVWXYZ" + if (*cur_domain == '.' || strspn(cur_domain, "ABCDEFGHIJKLMNOPQRSTUVWXYZ" "abcdefghijklmnopqrustuvwxyz" "0123456789._-") != strlen(cur_domain)) { return NULL; @@ -187,7 +193,7 @@ domain_get_tld(const char *host) } else if(strcmp(entry, prev_domain) == 0) break; - else if(strcmp(entry, prev_domain) != 0) + else { ret = prev_domain; break; diff --git a/src/domain.h b/src/domain.h index 8203db78..8ce54bea 100644 --- a/src/domain.h +++ b/src/domain.h @@ -30,4 +30,5 @@ GSList * domain_get_cookie_domains(WebKitWebView *wv); gboolean domain_match(char **, const char *, const char *); const char * domain_get_base_for_host(const char *host); const char * domain_get_tld(const char *domain); +gboolean domain_is_tld(const char *domain); #endif @@ -280,22 +280,25 @@ dwb_soup_cookie_changed_cb(SoupCookieJar *jar, SoupCookie *old, SoupCookie *new, if (new) { /* Check if this is a super-cookie */ - if (new->domain) { - const char *base; - base = domain_get_tld(new->domain); - - /* If base is NULL, that means we're trying to set the cookie - * on a TLD (e.g. ".com", ".co.uk", ".c.jp", ".pref.kyoto.jp") - */ - if (base == NULL) { + if (new->domain) + { + const char *base = new->domain; + + if (*base == '.') + base++; + + if (domain_is_tld(base)) + { fprintf(stderr, "Site tried to set super-cookie @ TLD %s (base %s)\n", new->domain, base); return; } } - if (dwb.state.cookie_store_policy == COOKIE_STORE_PERSISTENT || dwb_soup_test_cookie_allowed(dwb.fc.cookies_allow, new)) { + if (dwb.state.cookie_store_policy == COOKIE_STORE_PERSISTENT || dwb_soup_test_cookie_allowed(dwb.fc.cookies_allow, new)) + { soup_cookie_jar_add_cookie(s_pers_jar, soup_cookie_copy(new)); - } else + } + else { soup_cookie_jar_add_cookie(s_tmp_jar, soup_cookie_copy(new)); |