Fix bug 616264. r=ehsan,sdwilsh, a=beta9+
authorDan Witte <dwitte@mozilla.com>
Wed, 22 Dec 2010 13:50:56 -0800
changeset 59617 d4e6e2377500bf0bbccbbc488056bc7a806ba3c9
parent 59616 efc1b8bed8b9f3dcd57ba6ddaa05b2a160d3853f
child 59618 026750b84bc2e69f916104cf1d391e3b4a311c41
push id1
push userroot
push dateTue, 26 Apr 2011 22:38:44 +0000
treeherdermozilla-beta@bfdb6e623a36 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersehsan, sdwilsh, beta9
bugs616264
milestone2.0b9pre
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Fix bug 616264. r=ehsan,sdwilsh, a=beta9+
content/base/src/ThirdPartyUtil.cpp
extensions/cookie/test/unit/test_bug526789.js
netwerk/cookie/nsCookieService.cpp
netwerk/test/TestCookie.cpp
--- a/content/base/src/ThirdPartyUtil.cpp
+++ b/content/base/src/ThirdPartyUtil.cpp
@@ -54,40 +54,40 @@ ThirdPartyUtil::Init()
 
   nsresult rv;
   mTLDService = do_GetService(NS_EFFECTIVETLDSERVICE_CONTRACTID, &rv);
   return rv;
 }
 
 // Get the base domain for aHostURI; e.g. for "www.bbc.co.uk", this would be
 // "bbc.co.uk". Only properly-formed URI's are tolerated, though a trailing
-// dot may be present (and will be stripped). If aHostURI is an IP address,
-// an alias such as 'localhost', an eTLD such as 'co.uk', or the empty string,
-// aBaseDomain will be the exact host. The result of this function should only
-// be used in exact string comparisons, since substring comparisons will not
-// be valid for the special cases elided above.
+// dot may be present. If aHostURI is an IP address, an alias such as
+// 'localhost', an eTLD such as 'co.uk', or the empty string, aBaseDomain will
+// be the exact host. The result of this function should only be used in exact
+// string comparisons, since substring comparisons will not be valid for the
+// special cases elided above.
 nsresult
 ThirdPartyUtil::GetBaseDomain(nsIURI* aHostURI,
                               nsCString& aBaseDomain)
 {
   // Get the base domain. this will fail if the host contains a leading dot,
   // more than one trailing dot, or is otherwise malformed.
   nsresult rv = mTLDService->GetBaseDomain(aHostURI, 0, aBaseDomain);
   if (rv == NS_ERROR_HOST_IS_IP_ADDRESS ||
       rv == NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS) {
     // aHostURI is either an IP address, an alias such as 'localhost', an eTLD
     // such as 'co.uk', or the empty string. Uses the normalized host in such
     // cases.
     rv = aHostURI->GetAsciiHost(aBaseDomain);
   }
   NS_ENSURE_SUCCESS(rv, rv);
 
-  // aHostURI (and thus aBaseDomain) may contain a trailing dot; if so, trim it.
-  if (!aBaseDomain.IsEmpty() && aBaseDomain.Last() == '.')
-    aBaseDomain.Truncate(aBaseDomain.Length() - 1);
+  // aHostURI (and thus aBaseDomain) may be the string '.'. If so, fail.
+  if (aBaseDomain.Length() == 1 && aBaseDomain.Last() == '.')
+    return NS_ERROR_INVALID_ARG;
 
   // Reject any URIs without a host that aren't file:// URIs. This makes it the
   // only way we can get a base domain consisting of the empty string, which
   // means we can safely perform foreign tests on such URIs where "not foreign"
   // means "the involved URIs are all file://".
   if (aBaseDomain.IsEmpty()) {
     PRBool isFileURI = PR_FALSE;
     aHostURI->SchemeIs("file", &isFileURI);
--- a/extensions/cookie/test/unit/test_bug526789.js
+++ b/extensions/cookie/test/unit/test_bug526789.js
@@ -9,55 +9,69 @@ function run_test() {
   cm.removeAll();
 
   // test that variants of 'baz.com' get normalized appropriately, but that
   // malformed hosts are rejected
   cm.add("baz.com", "/", "foo", "bar", false, false, true, expiry);
   do_check_eq(cm.countCookiesFromHost("baz.com"), 1);
   do_check_eq(cm.countCookiesFromHost("BAZ.com"), 1);
   do_check_eq(cm.countCookiesFromHost(".baz.com"), 1);
-  do_check_eq(cm.countCookiesFromHost("baz.com."), 1);
-  do_check_eq(cm.countCookiesFromHost(".baz.com."), 1);
+  do_check_eq(cm.countCookiesFromHost("baz.com."), 0);
+  do_check_eq(cm.countCookiesFromHost(".baz.com."), 0);
   do_check_throws(function() {
     cm.countCookiesFromHost("baz.com..");
   }, Cr.NS_ERROR_ILLEGAL_VALUE);
   do_check_throws(function() {
     cm.countCookiesFromHost("baz..com");
   }, Cr.NS_ERROR_ILLEGAL_VALUE);
   do_check_throws(function() {
     cm.countCookiesFromHost("..baz.com");
   }, Cr.NS_ERROR_ILLEGAL_VALUE);
   cm.remove("BAZ.com.", "foo", "/", false);
+  do_check_eq(cm.countCookiesFromHost("baz.com"), 1);
+  cm.remove("baz.com", "foo", "/", false);
   do_check_eq(cm.countCookiesFromHost("baz.com"), 0);
 
+  // Test that 'baz.com' and 'baz.com.' are treated differently
+  cm.add("baz.com.", "/", "foo", "bar", false, false, true, expiry);
+  do_check_eq(cm.countCookiesFromHost("baz.com"), 0);
+  do_check_eq(cm.countCookiesFromHost("BAZ.com"), 0);
+  do_check_eq(cm.countCookiesFromHost(".baz.com"), 0);
+  do_check_eq(cm.countCookiesFromHost("baz.com."), 1);
+  do_check_eq(cm.countCookiesFromHost(".baz.com."), 1);
+  cm.remove("baz.com", "foo", "/", false);
+  do_check_eq(cm.countCookiesFromHost("baz.com."), 1);
+  cm.remove("baz.com.", "foo", "/", false);
+  do_check_eq(cm.countCookiesFromHost("baz.com."), 0);
+
   // test that domain cookies are illegal for IP addresses, aliases such as
   // 'localhost', and eTLD's such as 'co.uk'
   cm.add("192.168.0.1", "/", "foo", "bar", false, false, true, expiry);
   do_check_eq(cm.countCookiesFromHost("192.168.0.1"), 1);
-  do_check_eq(cm.countCookiesFromHost("192.168.0.1."), 1);
+  do_check_eq(cm.countCookiesFromHost("192.168.0.1."), 0);
   do_check_throws(function() {
     cm.countCookiesFromHost(".192.168.0.1");
   }, Cr.NS_ERROR_ILLEGAL_VALUE);
   do_check_throws(function() {
     cm.countCookiesFromHost(".192.168.0.1.");
   }, Cr.NS_ERROR_ILLEGAL_VALUE);
 
   cm.add("localhost", "/", "foo", "bar", false, false, true, expiry);
   do_check_eq(cm.countCookiesFromHost("localhost"), 1);
-  do_check_eq(cm.countCookiesFromHost("localhost."), 1);
+  do_check_eq(cm.countCookiesFromHost("localhost."), 0);
   do_check_throws(function() {
     cm.countCookiesFromHost(".localhost");
   }, Cr.NS_ERROR_ILLEGAL_VALUE);
   do_check_throws(function() {
     cm.countCookiesFromHost(".localhost.");
   }, Cr.NS_ERROR_ILLEGAL_VALUE);
 
   cm.add("co.uk", "/", "foo", "bar", false, false, true, expiry);
   do_check_eq(cm.countCookiesFromHost("co.uk"), 1);
-  do_check_eq(cm.countCookiesFromHost("co.uk."), 1);
+  do_check_eq(cm.countCookiesFromHost("co.uk."), 0);
   do_check_throws(function() {
     cm.countCookiesFromHost(".co.uk");
   }, Cr.NS_ERROR_ILLEGAL_VALUE);
   do_check_throws(function() {
     cm.countCookiesFromHost(".co.uk.");
   }, Cr.NS_ERROR_ILLEGAL_VALUE);
 
   cm.removeAll();
@@ -117,37 +131,35 @@ function run_test() {
   do_check_eq(emptyuri.asciiHost, "");
   do_check_eq(NetUtil.newURI("file://./").asciiHost, "");
   do_check_eq(NetUtil.newURI("file://foo.bar/").asciiHost, "");
   cs.setCookieString(emptyuri, null, "foo2=bar", null);
   do_check_eq(getCookieCount(), 1);
   cs.setCookieString(emptyuri, null, "foo3=bar; domain=", null);
   do_check_eq(getCookieCount(), 2);
   cs.setCookieString(emptyuri, null, "foo4=bar; domain=.", null);
-  do_check_eq(getCookieCount(), 3);
+  do_check_eq(getCookieCount(), 2);
   cs.setCookieString(emptyuri, null, "foo5=bar; domain=bar.com", null);
-  do_check_eq(getCookieCount(), 3);
+  do_check_eq(getCookieCount(), 2);
 
-  do_check_eq(cs.getCookieString(emptyuri, null), "foo2=bar; foo3=bar; foo4=bar");
+  do_check_eq(cs.getCookieString(emptyuri, null), "foo2=bar; foo3=bar");
 
   do_check_eq(cm.countCookiesFromHost("baz.com"), 0);
-  do_check_eq(cm.countCookiesFromHost(""), 3);
+  do_check_eq(cm.countCookiesFromHost(""), 2);
   do_check_throws(function() {
     cm.countCookiesFromHost(".");
   }, Cr.NS_ERROR_ILLEGAL_VALUE);
 
   e = cm.getCookiesFromHost("baz.com");
   do_check_false(e.hasMoreElements());
   e = cm.getCookiesFromHost("");
   do_check_true(e.hasMoreElements());
   e.getNext();
   do_check_true(e.hasMoreElements());
   e.getNext();
-  do_check_true(e.hasMoreElements());
-  e.getNext();
   do_check_false(e.hasMoreElements());
   do_check_throws(function() {
     cm.getCookiesFromHost(".");
   }, Cr.NS_ERROR_ILLEGAL_VALUE);
 
   cm.removeAll();
 
   // test that an empty host to add() or remove() works,
@@ -161,22 +173,27 @@ function run_test() {
 
   cm.remove("", "foo2", "/", false);
   do_check_eq(getCookieCount(), 0);
   do_check_throws(function() {
     cm.remove(".", "foo3", "/", false);
   }, Cr.NS_ERROR_ILLEGAL_VALUE);
 
   // test that the 'domain' attribute accepts a leading dot for IP addresses,
-  // aliases such as 'localhost', eTLD's such as 'co.uk', and the empty host;
-  // but that the resulting cookie is for the exact host only.
+  // aliases such as 'localhost', and eTLD's such as 'co.uk'; but that the
+  // resulting cookie is for the exact host only.
   testDomainCookie("http://192.168.0.1/", "192.168.0.1");
   testDomainCookie("http://localhost/", "localhost");
   testDomainCookie("http://co.uk/", "co.uk");
-  testDomainCookie("file:///", "");
+
+  // Test that trailing dots are treated differently for purposes of the
+  // 'domain' attribute when using setCookieString.
+  testTrailingDotCookie("http://192.168.0.1", "192.168.0.1");
+  testTrailingDotCookie("http://localhost", "localhost");
+  testTrailingDotCookie("http://foo.com", "foo.com");
 
   cm.removeAll();
 }
 
 function getCookieCount() {
   var count = 0;
   var cm = Cc["@mozilla.org/cookiemanager;1"].getService(Ci.nsICookieManager2);
   var enumerator = cm.enumerator;
@@ -203,8 +220,27 @@ function testDomainCookie(uriString, dom
 
   cs.setCookieString(uri, null, "foo=bar; domain=." + domain, null);
   e = cm.getCookiesFromHost(domain);
   do_check_true(e.hasMoreElements());
   do_check_eq(e.getNext().QueryInterface(Ci.nsICookie2).host, domain);
   cm.removeAll();
 }
 
+function testTrailingDotCookie(uriString, domain) {
+  var cs = Cc["@mozilla.org/cookieService;1"].getService(Ci.nsICookieService);
+  var cm = Cc["@mozilla.org/cookiemanager;1"].getService(Ci.nsICookieManager2);
+
+  cm.removeAll();
+
+  var uri = NetUtil.newURI(uriString);
+  cs.setCookieString(uri, null, "foo=bar; domain=" + domain + ".", null);
+  do_check_eq(cm.countCookiesFromHost(domain), 0);
+  do_check_eq(cm.countCookiesFromHost(domain + "."), 0);
+  cm.removeAll();
+
+  uri = NetUtil.newURI(uriString + ".");
+  cs.setCookieString(uri, null, "foo=bar; domain=" + domain, null);
+  do_check_eq(cm.countCookiesFromHost(domain), 0);
+  do_check_eq(cm.countCookiesFromHost(domain + "."), 0);
+  cm.removeAll();
+}
+
--- a/netwerk/cookie/nsCookieService.cpp
+++ b/netwerk/cookie/nsCookieService.cpp
@@ -1507,17 +1507,17 @@ nsCookieService::SetCookieStringInternal
     NS_WARNING("No DBState! Profile already closed?");
     return;
   }
 
   // get the base domain for the host URI.
   // e.g. for "www.bbc.co.uk", this would be "bbc.co.uk".
   // file:// URI's (i.e. with an empty host) are allowed, but any other
   // scheme must have a non-empty host. A trailing dot in the host
-  // is acceptable, and will be stripped.
+  // is acceptable.
   PRBool requireHostMatch;
   nsCAutoString baseDomain;
   nsresult rv = GetBaseDomain(aHostURI, baseDomain, requireHostMatch);
   if (NS_FAILED(rv)) {
     COOKIE_LOGFAILURE(SET_COOKIE, aHostURI, aCookieHeader, 
                       "couldn't get base domain from URI");
     return;
   }
@@ -2339,27 +2339,24 @@ nsCookieService::GetCookieStringInternal
     NS_WARNING("No DBState! Profile already closed?");
     return;
   }
 
   // get the base domain, host, and path from the URI.
   // e.g. for "www.bbc.co.uk", the base domain would be "bbc.co.uk".
   // file:// URI's (i.e. with an empty host) are allowed, but any other
   // scheme must have a non-empty host. A trailing dot in the host
-  // is acceptable, and will be stripped.
+  // is acceptable.
   PRBool requireHostMatch;
   nsCAutoString baseDomain, hostFromURI, pathFromURI;
   nsresult rv = GetBaseDomain(aHostURI, baseDomain, requireHostMatch);
   if (NS_SUCCEEDED(rv))
     rv = aHostURI->GetAsciiHost(hostFromURI);
   if (NS_SUCCEEDED(rv))
     rv = aHostURI->GetPath(pathFromURI);
-  // trim any trailing dot
-  if (!hostFromURI.IsEmpty() && hostFromURI.Last() == '.')
-    hostFromURI.Truncate(hostFromURI.Length() - 1);
   if (NS_FAILED(rv)) {
     COOKIE_LOGFAILURE(GET_COOKIE, aHostURI, nsnull, "invalid host/path from URI");
     return;
   }
 
   // check default prefs
   CookieStatus cookieStatus = CheckPrefs(aHostURI, aIsForeign, baseDomain,
                                          requireHostMatch, nsnull);
@@ -2968,20 +2965,20 @@ nsCookieService::ParseAttributes(nsDepen
 
 /******************************************************************************
  * nsCookieService impl:
  * private domain & permission compliance enforcement functions
  ******************************************************************************/
 
 // Get the base domain for aHostURI; e.g. for "www.bbc.co.uk", this would be
 // "bbc.co.uk". Only properly-formed URI's are tolerated, though a trailing
-// dot may be present (and will be stripped). If aHostURI is an IP address,
-// an alias such as 'localhost', an eTLD such as 'co.uk', or the empty string,
-// aBaseDomain will be the exact host, and aRequireHostMatch will be true to
-// indicate that substring matches should not be performed.
+// dot may be present. If aHostURI is an IP address, an alias such as
+// 'localhost', an eTLD such as 'co.uk', or the empty string, aBaseDomain will
+// be the exact host, and aRequireHostMatch will be true to indicate that
+// substring matches should not be performed.
 nsresult
 nsCookieService::GetBaseDomain(nsIURI    *aHostURI,
                                nsCString &aBaseDomain,
                                PRBool    &aRequireHostMatch)
 {
   // get the base domain. this will fail if the host contains a leading dot,
   // more than one trailing dot, or is otherwise malformed.
   nsresult rv = mTLDService->GetBaseDomain(aHostURI, 0, aBaseDomain);
@@ -2990,44 +2987,44 @@ nsCookieService::GetBaseDomain(nsIURI   
   if (aRequireHostMatch) {
     // aHostURI is either an IP address, an alias such as 'localhost', an eTLD
     // such as 'co.uk', or the empty string. use the host as a key in such
     // cases.
     rv = aHostURI->GetAsciiHost(aBaseDomain);
   }
   NS_ENSURE_SUCCESS(rv, rv);
 
-  // aHost (and thus aBaseDomain) may contain a trailing dot; if so, trim it.
-  if (!aBaseDomain.IsEmpty() && aBaseDomain.Last() == '.')
-    aBaseDomain.Truncate(aBaseDomain.Length() - 1);
+  // aHost (and thus aBaseDomain) may be the string '.'. If so, fail.
+  if (aBaseDomain.Length() == 1 && aBaseDomain.Last() == '.')
+    return NS_ERROR_INVALID_ARG;
 
   // block any URIs without a host that aren't file:// URIs.
   if (aBaseDomain.IsEmpty()) {
     PRBool isFileURI = PR_FALSE;
     aHostURI->SchemeIs("file", &isFileURI);
     if (!isFileURI)
       return NS_ERROR_INVALID_ARG;
   }
 
   return NS_OK;
 }
 
 // Get the base domain for aHost; e.g. for "www.bbc.co.uk", this would be
 // "bbc.co.uk". This is done differently than GetBaseDomain(): it is assumed
 // that aHost is already normalized, and it may contain a leading dot
-// (indicating that it represents a domain). A trailing dot must not be present.
+// (indicating that it represents a domain). A trailing dot may be present.
 // If aHost is an IP address, an alias such as 'localhost', an eTLD such as
 // 'co.uk', or the empty string, aBaseDomain will be the exact host, and a
 // leading dot will be treated as an error.
 nsresult
 nsCookieService::GetBaseDomainFromHost(const nsACString &aHost,
                                        nsCString        &aBaseDomain)
 {
-  // aHost must not contain a trailing dot, or be the string '.'.
-  if (!aHost.IsEmpty() && aHost.Last() == '.')
+  // aHost must not be the string '.'.
+  if (aHost.Length() == 1 && aHost.Last() == '.')
     return NS_ERROR_INVALID_ARG;
 
   // aHost may contain a leading dot; if so, strip it now.
   nsDependentCString host(aHost);
   PRBool domain = !host.IsEmpty() && host.First() == '.';
   if (domain)
     host.Rebind(host.BeginReading() + 1, host.EndReading());
 
@@ -3046,40 +3043,35 @@ nsCookieService::GetBaseDomainFromHost(c
     aBaseDomain = host;
     return NS_OK;
   }
   return rv;
 }
 
 // Normalizes the given hostname, component by component. ASCII/ACE
 // components are lower-cased, and UTF-8 components are normalized per
-// RFC 3454 and converted to ACE. Any trailing dot is stripped.
+// RFC 3454 and converted to ACE.
 nsresult
 nsCookieService::NormalizeHost(nsCString &aHost)
 {
   if (!IsASCII(aHost)) {
     nsCAutoString host;
     nsresult rv = mIDNService->ConvertUTF8toACE(aHost, host);
     if (NS_FAILED(rv))
       return rv;
 
     aHost = host;
   }
 
-  // Only strip the trailing dot if it wouldn't result in the empty string;
-  // in that case, treat it like a leading dot.
-  if (aHost.Length() > 1 && aHost.Last() == '.')
-    aHost.Truncate(aHost.Length() - 1);
-
   ToLowerCase(aHost);
   return NS_OK;
 }
 
 // returns PR_TRUE if 'a' is equal to or a subdomain of 'b',
-// assuming no leading or trailing dots are present.
+// assuming no leading dots are present.
 static inline PRBool IsSubdomainOf(const nsCString &a, const nsCString &b)
 {
   if (a == b)
     return PR_TRUE;
   if (a.Length() > b.Length())
     return a[a.Length() - b.Length() - 1] == '.' && StringEndsWith(a, b);
   return PR_FALSE;
 }
@@ -3153,25 +3145,23 @@ nsCookieService::CheckDomain(nsCookieAtt
                              nsIURI             *aHostURI,
                              const nsCString    &aBaseDomain,
                              PRBool              aRequireHostMatch)
 {
   // get host from aHostURI
   nsCAutoString hostFromURI;
   aHostURI->GetAsciiHost(hostFromURI);
 
-  // trim any trailing dot
-  if (!hostFromURI.IsEmpty() && hostFromURI.Last() == '.')
-    hostFromURI.Truncate(hostFromURI.Length() - 1);
-
   // if a domain is given, check the host has permission
   if (!aCookieAttributes.host.IsEmpty()) {
-    // Tolerate leading '.' characters.
-    if (aCookieAttributes.host.First() == '.')
+    // Tolerate leading '.' characters, but not if it's otherwise an empty host.
+    if (aCookieAttributes.host.Length() > 1 &&
+        aCookieAttributes.host.First() == '.') {
       aCookieAttributes.host.Cut(0, 1);
+    }
 
     // switch to lowercase now, to avoid case-insensitive compares everywhere
     ToLowerCase(aCookieAttributes.host);
 
     // check whether the host is either an IP address, an alias such as
     // 'localhost', an eTLD such as 'co.uk', or the empty string. in these
     // cases, require an exact string match for the domain, and leave the cookie
     // as a non-domain one. bug 105917 originally noted the requirement to deal
--- a/netwerk/test/TestCookie.cpp
+++ b/netwerk/test/TestCookie.cpp
@@ -304,21 +304,21 @@ main(PRInt32 argc, char *argv[])
 
       // test some basic variations of the domain & path
       SetACookie(cookieService, "http://www.basic.com", nsnull, "test=basic", nsnull);
       GetACookie(cookieService, "http://www.basic.com", nsnull, getter_Copies(cookie));
       rv[0] = CheckResult(cookie.get(), MUST_EQUAL, "test=basic");
       GetACookie(cookieService, "http://www.basic.com/testPath/testfile.txt", nsnull, getter_Copies(cookie));
       rv[1] = CheckResult(cookie.get(), MUST_EQUAL, "test=basic");
       GetACookie(cookieService, "http://www.basic.com./", nsnull, getter_Copies(cookie));
-      rv[2] = CheckResult(cookie.get(), MUST_EQUAL, "test=basic");
+      rv[2] = CheckResult(cookie.get(), MUST_BE_NULL);
       GetACookie(cookieService, "http://www.basic.com.", nsnull, getter_Copies(cookie));
-      rv[3] = CheckResult(cookie.get(), MUST_EQUAL, "test=basic");
+      rv[3] = CheckResult(cookie.get(), MUST_BE_NULL);
       GetACookie(cookieService, "http://www.basic.com./testPath/testfile.txt", nsnull, getter_Copies(cookie));
-      rv[4] = CheckResult(cookie.get(), MUST_EQUAL, "test=basic");
+      rv[4] = CheckResult(cookie.get(), MUST_BE_NULL);
       GetACookie(cookieService, "http://www.basic2.com/", nsnull, getter_Copies(cookie));
       rv[5] = CheckResult(cookie.get(), MUST_BE_NULL);
       SetACookie(cookieService, "http://www.basic.com", nsnull, "test=basic; max-age=-1", nsnull);
       GetACookie(cookieService, "http://www.basic.com/", nsnull, getter_Copies(cookie));
       rv[6] = CheckResult(cookie.get(), MUST_BE_NULL);
 
       allTestsPassed = PrintResult(rv, 7) && allTestsPassed;
 
@@ -327,17 +327,17 @@ main(PRInt32 argc, char *argv[])
       sBuffer = PR_sprintf_append(sBuffer, "*** Beginning domain tests...\n");
 
       // test some variations of the domain & path, for different domains of
       // a domain cookie
       SetACookie(cookieService, "http://www.domain.com", nsnull, "test=domain; domain=domain.com", nsnull);
       GetACookie(cookieService, "http://domain.com", nsnull, getter_Copies(cookie));
       rv[0] = CheckResult(cookie.get(), MUST_EQUAL, "test=domain");
       GetACookie(cookieService, "http://domain.com.", nsnull, getter_Copies(cookie));
-      rv[1] = CheckResult(cookie.get(), MUST_EQUAL, "test=domain");
+      rv[1] = CheckResult(cookie.get(), MUST_BE_NULL);
       GetACookie(cookieService, "http://www.domain.com", nsnull, getter_Copies(cookie));
       rv[2] = CheckResult(cookie.get(), MUST_EQUAL, "test=domain");
       GetACookie(cookieService, "http://foo.domain.com", nsnull, getter_Copies(cookie));
       rv[3] = CheckResult(cookie.get(), MUST_EQUAL, "test=domain");
       SetACookie(cookieService, "http://www.domain.com", nsnull, "test=domain; domain=domain.com; max-age=-1", nsnull);
       GetACookie(cookieService, "http://domain.com", nsnull, getter_Copies(cookie));
       rv[4] = CheckResult(cookie.get(), MUST_BE_NULL);