Bug 1233784 - Disallow illegal characters in cookie names. r=jduell a=sylvestre
authorNicholas Hurley <hurley@todesschaf.org>
Thu, 17 Dec 2015 14:41:38 -0800
changeset 304095 e9eb6a09da71616dfab7aa902f0afb3453d6dfef
parent 304094 47c9ab8f0eb6451189141bb8a5e376ac8e6eb6ff
child 304096 f36808a4aeff6a161d6c934f32acea2c1ba7c0e3
push id5422
push userkwierso@gmail.com
push dateTue, 22 Dec 2015 21:37:31 +0000
treeherdermozilla-beta@e9eb6a09da71 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjduell, sylvestre
bugs1233784
milestone44.0
Bug 1233784 - Disallow illegal characters in cookie names. r=jduell a=sylvestre
netwerk/cookie/nsCookieService.cpp
netwerk/test/unit/test_cookie_blacklist.js
--- a/netwerk/cookie/nsCookieService.cpp
+++ b/netwerk/cookie/nsCookieService.cpp
@@ -3173,17 +3173,23 @@ nsCookieService::SetCookieInternal(nsIUR
   }
 
   // reject cookie if it's over the size limit, per RFC2109
   if ((cookieAttributes.name.Length() + cookieAttributes.value.Length()) > kMaxBytesPerCookie) {
     COOKIE_LOGFAILURE(SET_COOKIE, aHostURI, savedCookieHeader, "cookie too big (> 4kb)");
     return newCookie;
   }
 
-  if (cookieAttributes.name.Contains('\t')) {
+  const char illegalNameCharacters[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
+                                         0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+                                         0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12,
+                                         0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
+                                         0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E,
+                                         0x1F, 0x20, 0x00 };
+  if (cookieAttributes.name.FindCharInSet(illegalNameCharacters, 0) != -1) {
     COOKIE_LOGFAILURE(SET_COOKIE, aHostURI, savedCookieHeader, "invalid name character");
     return newCookie;
   }
 
   // domain & path checks
   if (!CheckDomain(cookieAttributes, aHostURI, aKey.mBaseDomain, aRequireHostMatch)) {
     COOKIE_LOGFAILURE(SET_COOKIE, aHostURI, savedCookieHeader, "failed the domain tests");
     return newCookie;
--- a/netwerk/test/unit/test_cookie_blacklist.js
+++ b/netwerk/test/unit/test_cookie_blacklist.js
@@ -4,13 +4,14 @@ function run_test() {
   var ios = Cc["@mozilla.org/network/io-service;1"].getService(Ci.nsIIOService);
   var cookieURI = ios.newURI("http://mozilla.org/test_cookie_blacklist.js",
                              null, null);
 
   var cookieService = Cc["@mozilla.org/cookieService;1"]
                         .getService(Ci.nsICookieService);
   cookieService.setCookieStringFromHttp(cookieURI, cookieURI, null, "BadCookie1=\x01", null, null);
   cookieService.setCookieStringFromHttp(cookieURI, cookieURI, null, "BadCookie2=\v", null, null);
+  cookieService.setCookieStringFromHttp(cookieURI, cookieURI, null, "Bad\x07Name=illegal", null, null);
   cookieService.setCookieStringFromHttp(cookieURI, cookieURI, null, GOOD_COOKIE, null, null);
 
   var storedCookie = cookieService.getCookieString(cookieURI, null);
   do_check_eq(storedCookie, GOOD_COOKIE);
 }