From 0681965308946ef9736a04542c4f9d3b7ea86c5b Mon Sep 17 00:00:00 2001 From: "rjk@greenend.org.uk" <> Date: Sat, 12 Jan 2008 12:40:17 +0000 Subject: [PATCH] Accept unquoted cookie paths, even though they are formally illegal. This makes Netsurf work, and also means that we're not being stricter in what we accept than what we send! --- lib/mime.c | 38 ++++++++++++++++++++++++++++++++++---- server/cgimain.c | 3 ++- server/dcgi.c | 6 ++++++ 3 files changed, 42 insertions(+), 5 deletions(-) diff --git a/lib/mime.c b/lib/mime.c index d79cc2a..880fe12 100644 --- a/lib/mime.c +++ b/lib/mime.c @@ -1,6 +1,6 @@ /* * This file is part of DisOrder - * Copyright (C) 2005, 2007 Richard Kettlewell + * Copyright (C) 2005, 2007, 2008 Richard Kettlewell * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -503,6 +503,30 @@ char *mime_qp(const char *s) { return d.vec; } +/** @brief Match cookie separator characters + * + * This is a subset of the RFC2616 specials, and technically is in breach of + * the specification. However rejecting (in particular) slashes is + * unreasonably strict and has broken at least one (admittedly somewhat + * obscure) browser, so we're more forgiving. + */ +static int cookie_separator(int c) { + switch(c) { + case '(': + case ')': + case ',': + case ';': + case '=': + case ' ': + case '"': + case '\t': + return 1; + + default: + return 0; + } +} + /** @brief Parse a RFC2109 Cookie: header * @param s Header field value * @param cd Where to store result @@ -523,14 +547,20 @@ int parse_cookie(const char *s, s = skipwhite(s, 0); continue; } - if(!(s = parsetoken(s, &n, mime_http_separator))) + if(!(s = parsetoken(s, &n, cookie_separator))) { + error(0, "parse_cookie: cannot parse attribute name"); return -1; + } s = skipwhite(s, 0); - if(*s++ != '=') + if(*s++ != '=') { + error(0, "parse_cookie: did not find expected '='"); return -1; + } s = skipwhite(s, 0); - if(!(s = mime_parse_word(s, &v, mime_http_separator))) + if(!(s = mime_parse_word(s, &v, cookie_separator))) { + error(0, "parse_cookie: cannot parse value for '%s'", n); return -1; + } if(n[0] == '$') { /* Some bit of meta-information */ if(!strcmp(n, "$Version")) diff --git a/server/cgimain.c b/server/cgimain.c index 674e9c7..5a79bb5 100644 --- a/server/cgimain.c +++ b/server/cgimain.c @@ -117,7 +117,8 @@ int main(int argc, char **argv) { } if(best_cookie != -1) login_cookie = cd.cookies[best_cookie].value; - } + } else + error(0, "could not parse cookie field '%s'", cookie_env); } disorder_cgi_login(&s, &output); disorder_cgi(&output, &s); diff --git a/server/dcgi.c b/server/dcgi.c index b7a8508..19e25e0 100644 --- a/server/dcgi.c +++ b/server/dcgi.c @@ -133,6 +133,12 @@ static void header_cookie(struct sink *output) { * cause the browser to expose the cookie to other CGI programs on the same * web server. */ dynstr_append_string(d, ";Version=1;Path="); + /* Formally we are supposed to quote the path, since it invariably has a + * slash in it. However Safari does not parse quoted paths correctly, so + * this won't work. Fortunately nothing else seems to care about proper + * quoting of paths, so in practice we get with it. (See also + * parse_cookie() where we are liberal about cookie paths on the way back + * in.) */ dynstr_append_string(d, u.path); } dynstr_terminate(d); -- 2.11.0