Bug 1233784 - Disallow illegal characters in cookie names. r=jduell
authorNicholas Hurley <hurley@todesschaf.org>
Thu, 17 Dec 2015 14:41:38 -0800
changeset 277098 ca28125f2f0d36968e9fdffcccc5b817ee0ea324
parent 277097 4dfe96e8f6026fb790b3db9c5666e9fda1e03b81
child 277099 f571f0a4abc1eb6bd4c046e04bc9cdc070ffe06a
push id16724
push usercbook@mozilla.com
push dateMon, 21 Dec 2015 11:00:52 +0000
treeherderfx-team@3f3f0361567c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjduell
bugs1233784
milestone46.0a1
Bug 1233784 - Disallow illegal characters in cookie names. r=jduell
netwerk/cookie/nsCookieService.cpp
netwerk/test/unit/test_cookie_blacklist.js
--- a/netwerk/cookie/nsCookieService.cpp
+++ b/netwerk/cookie/nsCookieService.cpp
@@ -3166,17 +3166,23 @@ nsCookieService::SetCookieInternal(nsIUR
   }
 
   // reject cookie if it's over the size limit, per RFC2109
   if ((cookieAttributes.name.Length() + cookieAttributes.value.Length()) > kMaxBytesPerCookie) {
     COOKIE_LOGFAILURE(SET_COOKIE, aHostURI, savedCookieHeader, "cookie too big (> 4kb)");
     return newCookie;
   }
 
-  if (cookieAttributes.name.Contains('\t')) {
+  const char illegalNameCharacters[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
+                                         0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+                                         0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12,
+                                         0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
+                                         0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E,
+                                         0x1F, 0x20, 0x00 };
+  if (cookieAttributes.name.FindCharInSet(illegalNameCharacters, 0) != -1) {
     COOKIE_LOGFAILURE(SET_COOKIE, aHostURI, savedCookieHeader, "invalid name character");
     return newCookie;
   }
 
   // domain & path checks
   if (!CheckDomain(cookieAttributes, aHostURI, aKey.mBaseDomain, aRequireHostMatch)) {
     COOKIE_LOGFAILURE(SET_COOKIE, aHostURI, savedCookieHeader, "failed the domain tests");
     return newCookie;
--- a/netwerk/test/unit/test_cookie_blacklist.js
+++ b/netwerk/test/unit/test_cookie_blacklist.js
@@ -4,13 +4,14 @@ function run_test() {
   var ios = Cc["@mozilla.org/network/io-service;1"].getService(Ci.nsIIOService);
   var cookieURI = ios.newURI("http://mozilla.org/test_cookie_blacklist.js",
                              null, null);
 
   var cookieService = Cc["@mozilla.org/cookieService;1"]
                         .getService(Ci.nsICookieService);
   cookieService.setCookieStringFromHttp(cookieURI, cookieURI, null, "BadCookie1=\x01", null, null);
   cookieService.setCookieStringFromHttp(cookieURI, cookieURI, null, "BadCookie2=\v", null, null);
+  cookieService.setCookieStringFromHttp(cookieURI, cookieURI, null, "Bad\x07Name=illegal", null, null);
   cookieService.setCookieStringFromHttp(cookieURI, cookieURI, null, GOOD_COOKIE, null, null);
 
   var storedCookie = cookieService.getCookieString(cookieURI, null);
   do_check_eq(storedCookie, GOOD_COOKIE);
 }