[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
lynx-dev [patch] cookie validity checking, step b
|
From: |
brian j pardy |
|
Subject: |
lynx-dev [patch] cookie validity checking, step b |
|
Date: |
Sun, 14 Feb 1999 00:47:13 -0800 |
Against clean dev.16. When applied along with (this may be nasty to
get them all to patch together, sorry) the previous leak patch and the
next patch I'm about to send, this should now be a working implementation
of stronger cookie validity checking.
The next patch will be a third try on combining the three functions
at the end of LYCookie.c into one -- there's one other thing that
needs to be done, and I think it'll be easier to apply if I just send
the whole patch in again.
I just ripped out the if() that Klaus and I discussed, and basically
am ignoring the cookie version right now. If this needs to be done,
it's just a few more if() statements.
From Klaus' list of what needed to be done:
> a. The configuration and program startup side could be basically just
> copied from the existing stuff: COOKIE_ACCEPT_DOMAINS and _REJECT_DOMAINS
> lists etc., with appropriate renaming.
Finished in earlier patches.
> b. The changes for actual usage of the new behavior variable would affect
> only a limited section of the code, in a first approach (in store_cookie,
> probably with help from HTAlert).
Covered in this patch.
> c. Adding control via links from the Cookie Jar page could be deferred till
> later.
Not touched.
> d. The messages and prompts have to be tweaked until they make sense.
I added a simple message for the path check, everyone can pick at that
and get something better. It probably doesn't make sense.
> e. Proper explanation in lynx.cfg, help file(s).
Not touched.
diff -cr 2.8.2dev.16/LYMessages_en.h 2.8.2dev.16.bri/LYMessages_en.h
*** 2.8.2dev.16/LYMessages_en.h Mon Feb 8 02:32:59 1999
--- 2.8.2dev.16.bri/LYMessages_en.h Sat Feb 13 19:59:34 1999
***************
*** 662,667 ****
--- 662,669 ----
gettext("%s cookie: %.*s=%.*s Allow? (Y/N/Always/neVer)")
#define INVALID_COOKIE_DOMAIN_CONFIRMATION \
gettext("Accept invalid cookie domain=%s for '%s'?")
+ #define INVALID_COOKIE_PATH_CONFIRMATION \
+ gettext("Accept invalid cookie path=%s as a prefix of '%s'?")
#define ALLOWING_COOKIE gettext("Allowing this cookie.")
#define REJECTING_COOKIE gettext("Rejecting this cookie.")
#define COOKIE_JAR_IS_EMPTY gettext("The Cookie Jar is empty.")
diff -cr 2.8.2dev.16/src/LYCookie.c 2.8.2dev.16.bri/src/LYCookie.c
*** 2.8.2dev.16/src/LYCookie.c Sat Feb 13 20:29:48 1999
--- 2.8.2dev.16.bri/src/LYCookie.c Sun Feb 14 00:30:33 1999
***************
*** 276,374 ****
if (co == NULL)
return;
- if (co->version != 0 || !LYAcceptAllCookies) {
- /*
- * Apply sanity checks.
- *
- * Section 4.3.2, condition 1: The value for the Path attribute is
- * not a prefix of the request-URI.
- */
- if (strncmp(co->path, path, co->pathlen) != 0) {
- CTRACE(tfp, "store_cookie: Rejecting because '%s' is not a prefix
of '%s'.\n",
- co->path, path);
- freeCookie(co);
- co = NULL;
- return;
- }
- /*
- * The next 4 conditions do NOT apply if the domain is still
- * the default of request-host.
- */
- if (strcmp(co->domain, hostname) != 0) {
- /*
- * The hostname does not contain a dot.
- */
- if (strchr(hostname, '.') == NULL) {
- CTRACE(tfp, "store_cookie: Rejecting because '%s' has no
dot.\n",
- hostname);
- freeCookie(co);
- co = NULL;
- return;
- }
-
- /*
- * Section 4.3.2, condition 2: The value for the Domain attribute
- * contains no embedded dots or does not start with a dot.
- * (A dot is embedded if it's neither the first nor last
character.)
- * Note that we added a lead dot ourselves if a domain attribute
- * value otherwise qualified. - FM
- */
- if (co->domain[0] != '.' || co->domain[1] == '\0') {
- CTRACE(tfp, "store_cookie: Rejecting domain '%s'.\n",
- co->domain);
- freeCookie(co);
- co = NULL;
- return;
- }
- ptr = strchr((co->domain + 1), '.');
- if (ptr == NULL || ptr[1] == '\0') {
- CTRACE(tfp, "store_cookie: Rejecting domain '%s'.\n",
- co->domain);
- freeCookie(co);
- co = NULL;
- return;
- }
-
- /*
- * Section 4.3.2, condition 3: The value for the request-host does
- * not domain-match the Domain attribute.
- */
- if (!host_matches(hostname, co->domain)) {
- CTRACE(tfp, "store_cookie: Rejecting domain '%s' for host
'%s'.\n",
- co->domain, hostname);
- freeCookie(co);
- co = NULL;
- return;
- }
-
- /*
- * Section 4.3.2, condition 4: The request-host is an HDN (not IP
- * address) and has the form HD, where D is the value of the Domain
- * attribute, and H is a string that contains one or more dots.
- */
- ptr = ((hostname + strlen(hostname)) - strlen(co->domain));
- if (strchr(hostname, '.') < ptr) {
- if (!LYAcceptAllCookies) {
- char *msg = 0;
- HTSprintf0(&msg,
- INVALID_COOKIE_DOMAIN_CONFIRMATION,
- co->domain,
- hostname);
- if (!HTConfirm(msg)) {
- CTRACE(tfp, "store_cookie: Rejecting domain '%s' for
host '%s'.\n",
- co->domain,
- hostname);
- freeCookie(co);
- co = NULL;
- FREE(msg);
- return;
- }
- FREE(msg);
- }
- }
- }
- }
-
/*
* Ensure that the domain list exists.
*/
--- 276,281 ----
***************
*** 387,396 ****
de = (domain_entry *)hl->object;
if ((de != NULL && de->domain != NULL) &&
!strcmp(co->domain, de->domain)) {
! cookie_list = de->cookie_list;
! break;
}
}
if (hl == NULL) {
/*
* Domain not found; add a new entry for this domain.
--- 294,440 ----
de = (domain_entry *)hl->object;
if ((de != NULL && de->domain != NULL) &&
!strcmp(co->domain, de->domain)) {
! cookie_list = de->cookie_list;
! break;
}
}
+
+ if(hl == NULL) {
+ de = NULL;
+ cookie_list = NULL;
+ }
+
+ /*
+ * Apply sanity checks.
+ *
+ * Section 4.3.2, condition 1: The value for the Path attribute is
+ * not a prefix of the request-URI.
+ *
+ * If cookie checking for this domain is set to INVCHECK_LOOSE,
+ * then we want to bypass this check. The user should be queried
+ * if set to INVCHECK_QUERY.
+ */
+ if (strncmp(co->path, path, co->pathlen) != 0) {
+ if((de != NULL && de->invcheck_bv != INVCHECK_LOOSE)
+ || de == NULL) {
+ if(de != NULL && de->invcheck_bv == INVCHECK_STRICT) {
+ CTRACE(tfp, "store_cookie: Rejecting because '%s' is not a
prefix of '%s'.\n",
+ co->path, path);
+ freeCookie(co);
+ co = NULL;
+ return;
+ } else if ((de != NULL
+ && de->invcheck_bv == INVCHECK_QUERY)
+ || de == NULL) {
+ char *msg = 0;
+ HTSprintf0(&msg,
+ INVALID_COOKIE_PATH_CONFIRMATION,
+ co->path, path);
+ if (!HTConfirm(msg)) {
+ CTRACE(tfp, "store_cookie: Rejecting because '%s'
is not a prefix of '%s'.\n",
+ co->path, path);
+ freeCookie(co);
+ co = NULL;
+ FREE(msg);
+ return;
+ }
+ }
+ }
+ }
+ /*
+ * The next 4 conditions do NOT apply if the domain is still
+ * the default of request-host.
+ */
+ if (strcmp(co->domain, hostname) != 0) {
+ /*
+ * The hostname does not contain a dot.
+ */
+ if (strchr(hostname, '.') == NULL) {
+ CTRACE(tfp, "store_cookie: Rejecting because '%s' has no dot.\n",
+ hostname);
+ freeCookie(co);
+ co = NULL;
+ return;
+ }
+
+ /*
+ * Section 4.3.2, condition 2: The value for the Domain attribute
+ * contains no embedded dots or does not start with a dot.
+ * (A dot is embedded if it's neither the first nor last character.)
+ * Note that we added a lead dot ourselves if a domain attribute
+ * value otherwise qualified. - FM
+ */
+ if (co->domain[0] != '.' || co->domain[1] == '\0') {
+ CTRACE(tfp, "store_cookie: Rejecting domain '%s'.\n",
+ co->domain);
+ freeCookie(co);
+ co = NULL;
+ return;
+ }
+ ptr = strchr((co->domain + 1), '.');
+ if (ptr == NULL || ptr[1] == '\0') {
+ CTRACE(tfp, "store_cookie: Rejecting domain '%s'.\n",
+ co->domain);
+ freeCookie(co);
+ co = NULL;
+ return;
+ }
+
+ /*
+ * Section 4.3.2, condition 3: The value for the request-host does
+ * not domain-match the Domain attribute.
+ */
+ if (!host_matches(hostname, co->domain)) {
+ CTRACE(tfp, "store_cookie: Rejecting domain '%s' for host '%s'.\n",
+ co->domain, hostname);
+ freeCookie(co);
+ co = NULL;
+ return;
+ }
+
+ /*
+ * Section 4.3.2, condition 4: The request-host is an HDN (not IP
+ * address) and has the form HD, where D is the value of the Domain
+ * attribute, and H is a string that contains one or more dots.
+ *
+ * If cookie checking for this domain is set to INVCHECK_LOOSE,
+ * then we want to bypass this check. The user should be queried
+ * if set to INVCHECK_QUERY.
+ */
+ ptr = ((hostname + strlen(hostname)) - strlen(co->domain));
+ if (strchr(hostname, '.') < ptr) {
+ if((de != NULL && de->invcheck_bv != INVCHECK_LOOSE)
+ || de == NULL) {
+ if(de != NULL && de->invcheck_bv == INVCHECK_STRICT) {
+ CTRACE(tfp, "store_cookie: Rejecting domain '%s'
for host '%s'.\n",
+ co->domain,
+ hostname);
+ freeCookie(co);
+ co = NULL;
+ return;
+ } else if ((de != NULL
+ && de->invcheck_bv == INVCHECK_QUERY)
+ || de == NULL) {
+ char *msg = 0;
+ HTSprintf0(&msg,
+ INVALID_COOKIE_DOMAIN_CONFIRMATION,
+ co->domain,
+ hostname);
+ if (!HTConfirm(msg)) {
+ CTRACE(tfp, "store_cookie: Rejecting domain
'%s' for host '%s'.\n",
+ co->domain,
+ hostname);
+ freeCookie(co);
+ co = NULL;
+ FREE(msg);
+ return;
+ }
+ FREE(msg);
+ }
+ }
+ }
+ }
+
if (hl == NULL) {
/*
* Domain not found; add a new entry for this domain.
***************
*** 414,420 ****
else
#endif
de->bv = QUERY_USER;
! de->invcheck_bv = QUERY_USER; /* should this go here? */
cookie_list = de->cookie_list = HTList_new();
StrAllocCopy(de->domain, co->domain);
HTList_addObject(domain_list, de);
--- 458,464 ----
else
#endif
de->bv = QUERY_USER;
! de->invcheck_bv = INVCHECK_QUERY; /* should this go here? */
cookie_list = de->cookie_list = HTList_new();
StrAllocCopy(de->domain, co->domain);
HTList_addObject(domain_list, de);
--
Curiousity killed the cat, but satisfaction brought her back.
- lynx-dev [patch] cookie validity checking, step b,
brian j pardy <=