Bug 1233784 - Disallow illegal characters in cookie names. r=jduell
authorNicholas Hurley <hurley@todesschaf.org>
Thu, 17 Dec 2015 14:41:38 -0800
changeset 277024 ca28125f2f0d36968e9fdffcccc5b817ee0ea324
parent 277023 4dfe96e8f6026fb790b3db9c5666e9fda1e03b81
child 277025 f571f0a4abc1eb6bd4c046e04bc9cdc070ffe06a
push id69366
push userjduell@mozilla.com
push dateSun, 20 Dec 2015 00:56:21 +0000
treeherdermozilla-inbound@ca28125f2f0d [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjduell
bugs1233784
milestone46.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1233784 - Disallow illegal characters in cookie names. r=jduell
netwerk/cookie/nsCookieService.cpp
netwerk/test/unit/test_cookie_blacklist.js
--- a/netwerk/cookie/nsCookieService.cpp
+++ b/netwerk/cookie/nsCookieService.cpp
@@ -3166,17 +3166,23 @@ nsCookieService::SetCookieInternal(nsIUR
   }
 
   // reject cookie if it's over the size limit, per RFC2109
   if ((cookieAttributes.name.Length() + cookieAttributes.value.Length()) > kMaxBytesPerCookie) {
     COOKIE_LOGFAILURE(SET_COOKIE, aHostURI, savedCookieHeader, "cookie too big (> 4kb)");
     return newCookie;
   }
 
-  if (cookieAttributes.name.Contains('\t')) {
+  const char illegalNameCharacters[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
+                                         0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+                                         0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12,
+                                         0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
+                                         0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E,
+                                         0x1F, 0x20, 0x00 };
+  if (cookieAttributes.name.FindCharInSet(illegalNameCharacters, 0) != -1) {
     COOKIE_LOGFAILURE(SET_COOKIE, aHostURI, savedCookieHeader, "invalid name character");
     return newCookie;
   }
 
   // domain & path checks
   if (!CheckDomain(cookieAttributes, aHostURI, aKey.mBaseDomain, aRequireHostMatch)) {
     COOKIE_LOGFAILURE(SET_COOKIE, aHostURI, savedCookieHeader, "failed the domain tests");
     return newCookie;
--- a/netwerk/test/unit/test_cookie_blacklist.js
+++ b/netwerk/test/unit/test_cookie_blacklist.js
@@ -4,13 +4,14 @@ function run_test() {
   var ios = Cc["@mozilla.org/network/io-service;1"].getService(Ci.nsIIOService);
   var cookieURI = ios.newURI("http://mozilla.org/test_cookie_blacklist.js",
                              null, null);
 
   var cookieService = Cc["@mozilla.org/cookieService;1"]
                         .getService(Ci.nsICookieService);
   cookieService.setCookieStringFromHttp(cookieURI, cookieURI, null, "BadCookie1=\x01", null, null);
   cookieService.setCookieStringFromHttp(cookieURI, cookieURI, null, "BadCookie2=\v", null, null);
+  cookieService.setCookieStringFromHttp(cookieURI, cookieURI, null, "Bad\x07Name=illegal", null, null);
   cookieService.setCookieStringFromHttp(cookieURI, cookieURI, null, GOOD_COOKIE, null, null);
 
   var storedCookie = cookieService.getCookieString(cookieURI, null);
   do_check_eq(storedCookie, GOOD_COOKIE);
 }