Bug 536514 - Treat leading and trailing "."s in Domain attributes like other browsers. r=dwitte
authorAdam Barth <abarth-mozilla@adambarth.com>
Sat, 26 Dec 2009 13:39:35 -0800
changeset 36695 54a3a5a3fc60ee39ae9f9226039042530c3fd1bc
parent 36694 6ba4460d6140e22baebc7c4a874b191753fdd654
child 36696 80047349a610ae9002c2fd1927579d3738f289cd
push id1
push userroot
push dateTue, 26 Apr 2011 22:38:44 +0000
treeherdermozilla-beta@bfdb6e623a36 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersdwitte
bugs536514
milestone1.9.3a1pre
Bug 536514 - Treat leading and trailing "."s in Domain attributes like other browsers. r=dwitte
netwerk/cookie/src/nsCookieService.cpp
netwerk/test/TestCookie.cpp
--- a/netwerk/cookie/src/nsCookieService.cpp
+++ b/netwerk/cookie/src/nsCookieService.cpp
@@ -2079,17 +2079,20 @@ nsCookieService::CheckDomain(nsCookieAtt
   aHostURI->GetAsciiHost(hostFromURI);
 
   // trim trailing dots
   hostFromURI.Trim(".");
   NS_ASSERTION(!hostFromURI.IsEmpty(), "empty host");
 
   // if a domain is given, check the host has permission
   if (!aCookieAttributes.host.IsEmpty()) {
-    aCookieAttributes.host.Trim(".");
+    // Tolerate leading '.' characters.
+    if (aCookieAttributes.host.First() == '.')
+      aCookieAttributes.host.Cut(0, 1);
+
     // switch to lowercase now, to avoid case-insensitive compares everywhere
     ToLowerCase(aCookieAttributes.host);
 
     // check whether the host is an IP address, and leave the cookie as
     // a non-domain one. this will require an exact host match for the cookie,
     // so we eliminate any chance of IP address funkiness (e.g. the alias 127.1
     // domain-matching 99.54.127.1). bug 105917 originally noted the
     // requirement to deal with IP addresses.
--- a/netwerk/test/TestCookie.cpp
+++ b/netwerk/test/TestCookie.cpp
@@ -355,17 +355,29 @@ main(PRInt32 argc, char *argv[])
       SetACookie(cookieService, "http://www.domain.com", nsnull, "test=domain; domain=.foo.domain.com", nsnull);
       GetACookie(cookieService, "http://foo.domain.com", nsnull, getter_Copies(cookie));
       rv[9] = CheckResult(cookie.get(), MUST_BE_NULL);
 
       SetACookie(cookieService, "http://www.domain.com", nsnull, "test=domain; domain=moose.com", nsnull);
       GetACookie(cookieService, "http://foo.domain.com", nsnull, getter_Copies(cookie));
       rv[10] = CheckResult(cookie.get(), MUST_BE_NULL);
 
-      allTestsPassed = PrintResult(rv, 11) && allTestsPassed;
+      SetACookie(cookieService, "http://www.domain.com", nsnull, "test=domain; domain=domain.com.", nsnull);
+      GetACookie(cookieService, "http://foo.domain.com", nsnull, getter_Copies(cookie));
+      rv[11] = CheckResult(cookie.get(), MUST_BE_NULL);
+
+      SetACookie(cookieService, "http://www.domain.com", nsnull, "test=domain; domain=..domain.com", nsnull);
+      GetACookie(cookieService, "http://foo.domain.com", nsnull, getter_Copies(cookie));
+      rv[12] = CheckResult(cookie.get(), MUST_BE_NULL);
+
+      SetACookie(cookieService, "http://www.domain.com", nsnull, "test=domain; domain=..domain.com.", nsnull);
+      GetACookie(cookieService, "http://foo.domain.com", nsnull, getter_Copies(cookie));
+      rv[13] = CheckResult(cookie.get(), MUST_BE_NULL);
+
+      allTestsPassed = PrintResult(rv, 14) && allTestsPassed;
 
 
       // *** path tests
       printf("*** Beginning path tests...\n");
 
       // test some variations of the domain & path, for different paths of
       // a path cookie
       SetACookie(cookieService, "http://path.net/path/file", nsnull, "test=path; path=/path", nsnull);