Bug 1233784 - Disallow illegal characters in cookie names. r=jduell a=sylvestre
authorNicholas Hurley <hurley@todesschaf.org>
Thu, 17 Dec 2015 14:41:38 -0800
changeset 298024 8fffb73940213a6b5b14d2cb9e7f49857eea7d6c
parent 298023 8e41d75f63faf347ebc0993e64ff3ea1d1686589
child 298025 cb7fd3c17a75bad2427588a9bc04d2f6960e75c1
push id8842
push userkwierso@gmail.com
push dateTue, 22 Dec 2015 21:07:53 +0000
treeherdermozilla-aurora@8fffb7394021 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjduell, sylvestre
bugs1233784
milestone45.0a2
Bug 1233784 - Disallow illegal characters in cookie names. r=jduell a=sylvestre
netwerk/cookie/nsCookieService.cpp
netwerk/test/unit/test_cookie_blacklist.js
--- a/netwerk/cookie/nsCookieService.cpp
+++ b/netwerk/cookie/nsCookieService.cpp
@@ -3166,17 +3166,23 @@ nsCookieService::SetCookieInternal(nsIUR
   }
 
   // reject cookie if it's over the size limit, per RFC2109
   if ((cookieAttributes.name.Length() + cookieAttributes.value.Length()) > kMaxBytesPerCookie) {
     COOKIE_LOGFAILURE(SET_COOKIE, aHostURI, savedCookieHeader, "cookie too big (> 4kb)");
     return newCookie;
   }
 
-  if (cookieAttributes.name.Contains('\t')) {
+  const char illegalNameCharacters[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
+                                         0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+                                         0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12,
+                                         0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
+                                         0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E,
+                                         0x1F, 0x20, 0x00 };
+  if (cookieAttributes.name.FindCharInSet(illegalNameCharacters, 0) != -1) {
     COOKIE_LOGFAILURE(SET_COOKIE, aHostURI, savedCookieHeader, "invalid name character");
     return newCookie;
   }
 
   // domain & path checks
   if (!CheckDomain(cookieAttributes, aHostURI, aKey.mBaseDomain, aRequireHostMatch)) {
     COOKIE_LOGFAILURE(SET_COOKIE, aHostURI, savedCookieHeader, "failed the domain tests");
     return newCookie;
--- a/netwerk/test/unit/test_cookie_blacklist.js
+++ b/netwerk/test/unit/test_cookie_blacklist.js
@@ -4,13 +4,14 @@ function run_test() {
   var ios = Cc["@mozilla.org/network/io-service;1"].getService(Ci.nsIIOService);
   var cookieURI = ios.newURI("http://mozilla.org/test_cookie_blacklist.js",
                              null, null);
 
   var cookieService = Cc["@mozilla.org/cookieService;1"]
                         .getService(Ci.nsICookieService);
   cookieService.setCookieStringFromHttp(cookieURI, cookieURI, null, "BadCookie1=\x01", null, null);
   cookieService.setCookieStringFromHttp(cookieURI, cookieURI, null, "BadCookie2=\v", null, null);
+  cookieService.setCookieStringFromHttp(cookieURI, cookieURI, null, "Bad\x07Name=illegal", null, null);
   cookieService.setCookieStringFromHttp(cookieURI, cookieURI, null, GOOD_COOKIE, null, null);
 
   var storedCookie = cookieService.getCookieString(cookieURI, null);
   do_check_eq(storedCookie, GOOD_COOKIE);
 }