Fix bug 616264. r=ehsan,sdwilsh, a=beta9+
authorDan Witte <dwitte@mozilla.com>
Wed, 22 Dec 2010 13:50:56 -0800
changeset 59617 d4e6e2377500bf0bbccbbc488056bc7a806ba3c9
parent 59616 efc1b8bed8b9f3dcd57ba6ddaa05b2a160d3853f
child 59618 026750b84bc2e69f916104cf1d391e3b4a311c41
push id1
push usershaver@mozilla.com
push dateTue, 04 Jan 2011 17:58:04 +0000
reviewersehsan, sdwilsh, beta9
bugs616264
milestone2.0b9pre
Fix bug 616264. r=ehsan,sdwilsh, a=beta9+
content/base/src/ThirdPartyUtil.cpp
extensions/cookie/test/unit/test_bug526789.js
netwerk/cookie/nsCookieService.cpp
netwerk/test/TestCookie.cpp
--- a/content/base/src/ThirdPartyUtil.cpp
+++ b/content/base/src/ThirdPartyUtil.cpp
@@ -54,40 +54,40 @@ ThirdPartyUtil::Init()
 
   nsresult rv;
   mTLDService = do_GetService(NS_EFFECTIVETLDSERVICE_CONTRACTID, &rv);
   return rv;
 }
 
 // Get the base domain for aHostURI; e.g. for "www.bbc.co.uk", this would be
 // "bbc.co.uk". Only properly-formed URI's are tolerated, though a trailing
-// dot may be present (and will be stripped). If aHostURI is an IP address,
-// an alias such as 'localhost', an eTLD such as 'co.uk', or the empty string,
-// aBaseDomain will be the exact host. The result of this function should only
-// be used in exact string comparisons, since substring comparisons will not
-// be valid for the special cases elided above.
+// dot may be present. If aHostURI is an IP address, an alias such as
+// 'localhost', an eTLD such as 'co.uk', or the empty string, aBaseDomain will
+// be the exact host. The result of this function should only be used in exact
+// string comparisons, since substring comparisons will not be valid for the
+// special cases elided above.
 nsresult
 ThirdPartyUtil::GetBaseDomain(nsIURI* aHostURI,
                               nsCString& aBaseDomain)
 {
   // Get the base domain. this will fail if the host contains a leading dot,
   // more than one trailing dot, or is otherwise malformed.
   nsresult rv = mTLDService->GetBaseDomain(aHostURI, 0, aBaseDomain);
   if (rv == NS_ERROR_HOST_IS_IP_ADDRESS ||
       rv == NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS) {
     // aHostURI is either an IP address, an alias such as 'localhost', an eTLD
     // such as 'co.uk', or the empty string. Uses the normalized host in such
     // cases.
     rv = aHostURI->GetAsciiHost(aBaseDomain);
   }
   NS_ENSURE_SUCCESS(rv, rv);
 
-  // aHostURI (and thus aBaseDomain) may contain a trailing dot; if so, trim it.
-  if (!aBaseDomain.IsEmpty() && aBaseDomain.Last() == '.')
-    aBaseDomain.Truncate(aBaseDomain.Length() - 1);
+  // aHostURI (and thus aBaseDomain) may be the string '.'. If so, fail.
+  if (aBaseDomain.Length() == 1 && aBaseDomain.Last() == '.')
+    return NS_ERROR_INVALID_ARG;
 
   // Reject any URIs without a host that aren't file:// URIs. This makes it the
   // only way we can get a base domain consisting of the empty string, which
   // means we can safely perform foreign tests on such URIs where "not foreign"
   // means "the involved URIs are all file://".
   if (aBaseDomain.IsEmpty()) {
     PRBool isFileURI = PR_FALSE;
     aHostURI->SchemeIs("file", &isFileURI);
--- a/extensions/cookie/test/unit/test_bug526789.js
+++ b/extensions/cookie/test/unit/test_bug526789.js
@@ -9,55 +9,69 @@ function run_test() {
   cm.removeAll();
 
   // test that variants of 'baz.com' get normalized appropriately, but that
   // malformed hosts are rejected
   cm.add("baz.com", "/", "foo", "bar", false, false, true, expiry);
   do_check_eq(cm.countCookiesFromHost("baz.com"), 1);
   do_check_eq(cm.countCookiesFromHost("BAZ.com"), 1);
   do_check_eq(cm.countCookiesFromHost(".baz.com"), 1);
-  do_check_eq(cm.countCookiesFromHost("baz.com."), 1);
-  do_check_eq(cm.countCookiesFromHost(".baz.com."), 1);
+  do_check_eq(cm.countCookiesFromHost("baz.com."), 0);
+  do_check_eq(cm.countCookiesFromHost(".baz.com."), 0);
   do_check_throws(function() {
     cm.countCookiesFromHost("baz.com..");
   }, Cr.NS_ERROR_ILLEGAL_VALUE);
   do_check_throws(function() {
     cm.countCookiesFromHost("baz..com");
   }, Cr.NS_ERROR_ILLEGAL_VALUE);
   do_check_throws(function() {
     cm.countCookiesFromHost("..baz.com");
   }, Cr.NS_ERROR_ILLEGAL_VALUE);
   cm.remove("BAZ.com.", "foo", "/", false);
+  do_check_eq(cm.countCookiesFromHost("baz.com"), 1);
+  cm.remove("baz.com", "foo", "/", false);
   do_check_eq(cm.countCookiesFromHost("baz.com"), 0);
 
+  // Test that 'baz.com' and 'baz.com.' are treated differently
+  cm.add("baz.com.", "/", "foo", "bar", false, false, true, expiry);
+  do_check_eq(cm.countCookiesFromHost("baz.com"), 0);
+  do_check_eq(cm.countCookiesFromHost("BAZ.com"), 0);
+  do_check_eq(cm.countCookiesFromHost(".baz.com"), 0);
+  do_check_eq(cm.countCookiesFromHost("baz.com."), 1);
+  do_check_eq(cm.countCookiesFromHost(".baz.com."), 1);
+  cm.remove("baz.com", "foo", "/", false);
+  do_check_eq(cm.countCookiesFromHost("baz.com."), 1);
+  cm.remove("baz.com.", "foo", "/", false);
+  do_check_eq(cm.countCookiesFromHost("baz.com."), 0);
+
   // test that domain cookies are illegal for IP addresses, aliases such as
   // 'localhost', and eTLD's such as 'co.uk'
   cm.add("192.168.0.1", "/", "foo", "bar", false, false, true, expiry);
   do_check_eq(cm.countCookiesFromHost("192.168.0.1"), 1);
-  do_check_eq(cm.countCookiesFromHost("192.168.0.1."), 1);
+  do_check_eq(cm.countCookiesFromHost("192.168.0.1."), 0);
   do_check_throws(function() {
     cm.countCookiesFromHost(".192.168.0.1");
   }, Cr.NS_ERROR_ILLEGAL_VALUE);
   do_check_throws(function() {
     cm.countCookiesFromHost(".192.168.0.1.");
   }, Cr.NS_ERROR_ILLEGAL_VALUE);
 
   cm.add("localhost", "/", "foo", "bar", false, false, true, expiry);
   do_check_eq(cm.countCookiesFromHost("localhost"), 1);
-  do_check_eq(cm.countCookiesFromHost("localhost."), 1);
+  do_check_eq(cm.countCookiesFromHost("localhost."), 0);
   do_check_throws(function() {
     cm.countCookiesFromHost(".localhost");
   }, Cr.NS_ERROR_ILLEGAL_VALUE);
   do_check_throws(function() {
     cm.countCookiesFromHost(".localhost.");
   }, Cr.NS_ERROR_ILLEGAL_VALUE);
 
   cm.add("co.uk", "/", "foo", "bar", false, false, true, expiry);
   do_check_eq(cm.countCookiesFromHost("co.uk"), 1);
-  do_check_eq(cm.countCookiesFromHost("co.uk."), 1);
+  do_check_eq(cm.countCookiesFromHost("co.uk."), 0);
   do_check_throws(function() {
     cm.countCookiesFromHost(".co.uk");
   }, Cr.NS_ERROR_ILLEGAL_VALUE);
   do_check_throws(function() {
     cm.countCookiesFromHost(".co.uk.");
   }, Cr.NS_ERROR_ILLEGAL_VALUE);
 
   cm.removeAll();
@@ -117,37 +131,35 @@ function run_test() {
   do_check_eq(emptyuri.asciiHost, "");
   do_check_eq(NetUtil.newURI("file://./").asciiHost, "");
   do_check_eq(NetUtil.newURI("file://foo.bar/").asciiHost, "");
   cs.setCookieString(emptyuri, null, "foo2=bar", null);
   do_check_eq(getCookieCount(), 1);
   cs.setCookieString(emptyuri, null, "foo3=bar; domain=", null);
   do_check_eq(getCookieCount(), 2);
   cs.setCookieString(emptyuri, null, "foo4=bar; domain=.", null);
-  do_check_eq(getCookieCount(), 3);
+  do_check_eq(getCookieCount(), 2);
   cs.setCookieString(emptyuri, null, "foo5=bar; domain=bar.com", null);
-  do_check_eq(getCookieCount(), 3);
+  do_check_eq(getCookieCount(), 2);
 
-  do_check_eq(cs.getCookieString(emptyuri, null), "foo2=bar; foo3=bar; foo4=bar");
+  do_check_eq(cs.getCookieString(emptyuri, null), "foo2=bar; foo3=bar");
 
   do_check_eq(cm.countCookiesFromHost("baz.com"), 0);
-  do_check_eq(cm.countCookiesFromHost(""), 3);
+  do_check_eq(cm.countCookiesFromHost(""), 2);
   do_check_throws(function() {
     cm.countCookiesFromHost(".");
   }, Cr.NS_ERROR_ILLEGAL_VALUE);
 
   e = cm.getCookiesFromHost("baz.com");
   do_check_false(e.hasMoreElements());
   e = cm.getCookiesFromHost("");
   do_check_true(e.hasMoreElements());
   e.getNext();
   do_check_true(e.hasMoreElements());
   e.getNext();
-  do_check_true(e.hasMoreElements());
-  e.getNext();
   do_check_false(e.hasMoreElements());
   do_check_throws(function() {
     cm.getCookiesFromHost(".");
   }, Cr.NS_ERROR_ILLEGAL_VALUE);
 
   cm.removeAll();
 
   // test that an empty host to add() or remove() works,
@@ -161,22 +173,27 @@ function run_test() {
 
   cm.remove("", "foo2", "/", false);
   do_check_eq(getCookieCount(), 0);
   do_check_throws(function() {
     cm.remove(".", "foo3", "/", false);
   }, Cr.NS_ERROR_ILLEGAL_VALUE);
 
   // test that the 'domain' attribute accepts a leading dot for IP addresses,
-  // aliases such as 'localhost', eTLD's such as 'co.uk', and the empty host;
-  // but that the resulting cookie is for the exact host only.
+  // aliases such as 'localhost', and eTLD's such as 'co.uk'; but that the
+  // resulting cookie is for the exact host only.
   testDomainCookie("http://192.168.0.1/", "192.168.0.1");
   testDomainCookie("http://localhost/", "localhost");
   testDomainCookie("http://co.uk/", "co.uk");
-  testDomainCookie("file:///", "");
+
+  // Test that trailing dots are treated differently for purposes of the
+  // 'domain' attribute when using setCookieString.
+  testTrailingDotCookie("http://192.168.0.1", "192.168.0.1");
+  testTrailingDotCookie("http://localhost", "localhost");
+  testTrailingDotCookie("http://foo.com", "foo.com");
 
   cm.removeAll();
 }
 
 function getCookieCount() {
   var count = 0;
   var cm = Cc["@mozilla.org/cookiemanager;1"].getService(Ci.nsICookieManager2);
   var enumerator = cm.enumerator;
@@ -203,8 +220,27 @@ function testDomainCookie(uriString, dom
 
   cs.setCookieString(uri, null, "foo=bar; domain=." + domain, null);
   e = cm.getCookiesFromHost(domain);
   do_check_true(e.hasMoreElements());
   do_check_eq(e.getNext().QueryInterface(Ci.nsICookie2).host, domain);
   cm.removeAll();
 }
 
+function testTrailingDotCookie(uriString, domain) {
+  var cs = Cc["@mozilla.org/cookieService;1"].getService(Ci.nsICookieService);
+  var cm = Cc["@mozilla.org/cookiemanager;1"].getService(Ci.nsICookieManager2);
+
+  cm.removeAll();
+
+  var uri = NetUtil.newURI(uriString);
+  cs.setCookieString(uri, null, "foo=bar; domain=" + domain + ".", null);
+  do_check_eq(cm.countCookiesFromHost(domain), 0);
+  do_check_eq(cm.countCookiesFromHost(domain + "."), 0);
+  cm.removeAll();
+
+  uri = NetUtil.newURI(uriString + ".");
+  cs.setCookieString(uri, null, "foo=bar; domain=" + domain, null);
+  do_check_eq(cm.countCookiesFromHost(domain), 0);
+  do_check_eq(cm.countCookiesFromHost(domain + "."), 0);
+  cm.removeAll();
+}
+
--- a/netwerk/cookie/nsCookieService.cpp
+++ b/netwerk/cookie/nsCookieService.cpp
@@ -1507,17 +1507,17 @@ nsCookieService::SetCookieStringInternal
     NS_WARNING("No DBState! Profile already closed?");
     return;
   }
 
   // get the base domain for the host URI.
   // e.g. for "www.bbc.co.uk", this would be "bbc.co.uk".
   // file:// URI's (i.e. with an empty host) are allowed, but any other
   // scheme must have a non-empty host. A trailing dot in the host
-  // is acceptable, and will be stripped.
+  // is acceptable.
   PRBool requireHostMatch;
   nsCAutoString baseDomain;
   nsresult rv = GetBaseDomain(aHostURI, baseDomain, requireHostMatch);
   if (NS_FAILED(rv)) {
     COOKIE_LOGFAILURE(SET_COOKIE, aHostURI, aCookieHeader, 
                       "couldn't get base domain from URI");
     return;
   }
@@ -2339,27 +2339,24 @@ nsCookieService::GetCookieStringInternal
     NS_WARNING("No DBState! Profile already closed?");
     return;
   }
 
   // get the base domain, host, and path from the URI.
   // e.g. for "www.bbc.co.uk", the base domain would be "bbc.co.uk".
   // file:// URI's (i.e. with an empty host) are allowed, but any other
   // scheme must have a non-empty host. A trailing dot in the host
-  // is acceptable, and will be stripped.
+  // is acceptable.
   PRBool requireHostMatch;
   nsCAutoString baseDomain, hostFromURI, pathFromURI;
   nsresult rv = GetBaseDomain(aHostURI, baseDomain, requireHostMatch);
   if (NS_SUCCEEDED(rv))
     rv = aHostURI->GetAsciiHost(hostFromURI);
   if (NS_SUCCEEDED(rv))
     rv = aHostURI->GetPath(pathFromURI);
-  // trim any trailing dot
-  if (!hostFromURI.IsEmpty() && hostFromURI.Last() == '.')
-    hostFromURI.Truncate(hostFromURI.Length() - 1);
   if (NS_FAILED(rv)) {
     COOKIE_LOGFAILURE(GET_COOKIE, aHostURI, nsnull, "invalid host/path from URI");
     return;
   }
 
   // check default prefs
   CookieStatus cookieStatus = CheckPrefs(aHostURI, aIsForeign, baseDomain,
                                          requireHostMatch, nsnull);
@@ -2968,20 +2965,20 @@ nsCookieService::ParseAttributes(nsDepen
 
 /******************************************************************************
  * nsCookieService impl:
  * private domain & permission compliance enforcement functions
  ******************************************************************************/
 
 // Get the base domain for aHostURI; e.g. for "www.bbc.co.uk", this would be
 // "bbc.co.uk". Only properly-formed URI's are tolerated, though a trailing
-// dot may be present (and will be stripped). If aHostURI is an IP address,
-// an alias such as 'localhost', an eTLD such as 'co.uk', or the empty string,
-// aBaseDomain will be the exact host, and aRequireHostMatch will be true to
-// indicate that substring matches should not be performed.
+// dot may be present. If aHostURI is an IP address, an alias such as
+// 'localhost', an eTLD such as 'co.uk', or the empty string, aBaseDomain will
+// be the exact host, and aRequireHostMatch will be true to indicate that
+// substring matches should not be performed.
 nsresult
 nsCookieService::GetBaseDomain(nsIURI    *aHostURI,
                                nsCString &aBaseDomain,
                                PRBool    &aRequireHostMatch)
 {
   // get the base domain. this will fail if the host contains a leading dot,
   // more than one trailing dot, or is otherwise malformed.
   nsresult rv = mTLDService->GetBaseDomain(aHostURI, 0, aBaseDomain);
@@ -2990,44 +2987,44 @@ nsCookieService::GetBaseDomain(nsIURI   
   if (aRequireHostMatch) {
     // aHostURI is either an IP address, an alias such as 'localhost', an eTLD
     // such as 'co.uk', or the empty string. use the host as a key in such
     // cases.
     rv = aHostURI->GetAsciiHost(aBaseDomain);
   }
   NS_ENSURE_SUCCESS(rv, rv);
 
-  // aHost (and thus aBaseDomain) may contain a trailing dot; if so, trim it.
-  if (!aBaseDomain.IsEmpty() && aBaseDomain.Last() == '.')
-    aBaseDomain.Truncate(aBaseDomain.Length() - 1);
+  // aHost (and thus aBaseDomain) may be the string '.'. If so, fail.
+  if (aBaseDomain.Length() == 1 && aBaseDomain.Last() == '.')
+    return NS_ERROR_INVALID_ARG;
 
   // block any URIs without a host that aren't file:// URIs.
   if (aBaseDomain.IsEmpty()) {
     PRBool isFileURI = PR_FALSE;
     aHostURI->SchemeIs("file", &isFileURI);
     if (!isFileURI)
       return NS_ERROR_INVALID_ARG;
   }
 
   return NS_OK;
 }
 
 // Get the base domain for aHost; e.g. for "www.bbc.co.uk", this would be
 // "bbc.co.uk". This is done differently than GetBaseDomain(): it is assumed
 // that aHost is already normalized, and it may contain a leading dot
-// (indicating that it represents a domain). A trailing dot must not be present.
+// (indicating that it represents a domain). A trailing dot may be present.
 // If aHost is an IP address, an alias such as 'localhost', an eTLD such as
 // 'co.uk', or the empty string, aBaseDomain will be the exact host, and a
 // leading dot will be treated as an error.
 nsresult
 nsCookieService::GetBaseDomainFromHost(const nsACString &aHost,
                                        nsCString        &aBaseDomain)
 {
-  // aHost must not contain a trailing dot, or be the string '.'.
-  if (!aHost.IsEmpty() && aHost.Last() == '.')
+  // aHost must not be the string '.'.
+  if (aHost.Length() == 1 && aHost.Last() == '.')
     return NS_ERROR_INVALID_ARG;
 
   // aHost may contain a leading dot; if so, strip it now.
   nsDependentCString host(aHost);
   PRBool domain = !host.IsEmpty() && host.First() == '.';
   if (domain)
     host.Rebind(host.BeginReading() + 1, host.EndReading());
 
@@ -3046,40 +3043,35 @@ nsCookieService::GetBaseDomainFromHost(c
     aBaseDomain = host;
     return NS_OK;
   }
   return rv;
 }
 
 // Normalizes the given hostname, component by component. ASCII/ACE
 // components are lower-cased, and UTF-8 components are normalized per
-// RFC 3454 and converted to ACE. Any trailing dot is stripped.
+// RFC 3454 and converted to ACE.
 nsresult
 nsCookieService::NormalizeHost(nsCString &aHost)
 {
   if (!IsASCII(aHost)) {
     nsCAutoString host;
     nsresult rv = mIDNService->ConvertUTF8toACE(aHost, host);
     if (NS_FAILED(rv))
       return rv;
 
     aHost = host;
   }
 
-  // Only strip the trailing dot if it wouldn't result in the empty string;
-  // in that case, treat it like a leading dot.
-  if (aHost.Length() > 1 && aHost.Last() == '.')
-    aHost.Truncate(aHost.Length() - 1);
-
   ToLowerCase(aHost);
   return NS_OK;
 }
 
 // returns PR_TRUE if 'a' is equal to or a subdomain of 'b',
-// assuming no leading or trailing dots are present.
+// assuming no leading dots are present.
 static inline PRBool IsSubdomainOf(const nsCString &a, const nsCString &b)
 {
   if (a == b)
     return PR_TRUE;
   if (a.Length() > b.Length())
     return a[a.Length() - b.Length() - 1] == '.' && StringEndsWith(a, b);
   return PR_FALSE;
 }
@@ -3153,25 +3145,23 @@ nsCookieService::CheckDomain(nsCookieAtt
                              nsIURI             *aHostURI,
                              const nsCString    &aBaseDomain,
                              PRBool              aRequireHostMatch)
 {
   // get host from aHostURI
   nsCAutoString hostFromURI;
   aHostURI->GetAsciiHost(hostFromURI);
 
-  // trim any trailing dot
-  if (!hostFromURI.IsEmpty() && hostFromURI.Last() == '.')
-    hostFromURI.Truncate(hostFromURI.Length() - 1);
-
   // if a domain is given, check the host has permission
   if (!aCookieAttributes.host.IsEmpty()) {
-    // Tolerate leading '.' characters.
-    if (aCookieAttributes.host.First() == '.')
+    // Tolerate leading '.' characters, but not if it's otherwise an empty host.
+    if (aCookieAttributes.host.Length() > 1 &&
+        aCookieAttributes.host.First() == '.') {
       aCookieAttributes.host.Cut(0, 1);
+    }
 
     // switch to lowercase now, to avoid case-insensitive compares everywhere
     ToLowerCase(aCookieAttributes.host);
 
     // check whether the host is either an IP address, an alias such as
     // 'localhost', an eTLD such as 'co.uk', or the empty string. in these
     // cases, require an exact string match for the domain, and leave the cookie
     // as a non-domain one. bug 105917 originally noted the requirement to deal
--- a/netwerk/test/TestCookie.cpp
+++ b/netwerk/test/TestCookie.cpp
@@ -304,21 +304,21 @@ main(PRInt32 argc, char *argv[])
 
       // test some basic variations of the domain & path
       SetACookie(cookieService, "http://www.basic.com", nsnull, "test=basic", nsnull);
       GetACookie(cookieService, "http://www.basic.com", nsnull, getter_Copies(cookie));
       rv[0] = CheckResult(cookie.get(), MUST_EQUAL, "test=basic");
       GetACookie(cookieService, "http://www.basic.com/testPath/testfile.txt", nsnull, getter_Copies(cookie));
       rv[1] = CheckResult(cookie.get(), MUST_EQUAL, "test=basic");
       GetACookie(cookieService, "http://www.basic.com./", nsnull, getter_Copies(cookie));
-      rv[2] = CheckResult(cookie.get(), MUST_EQUAL, "test=basic");
+      rv[2] = CheckResult(cookie.get(), MUST_BE_NULL);
       GetACookie(cookieService, "http://www.basic.com.", nsnull, getter_Copies(cookie));
-      rv[3] = CheckResult(cookie.get(), MUST_EQUAL, "test=basic");
+      rv[3] = CheckResult(cookie.get(), MUST_BE_NULL);
       GetACookie(cookieService, "http://www.basic.com./testPath/testfile.txt", nsnull, getter_Copies(cookie));
-      rv[4] = CheckResult(cookie.get(), MUST_EQUAL, "test=basic");
+      rv[4] = CheckResult(cookie.get(), MUST_BE_NULL);
       GetACookie(cookieService, "http://www.basic2.com/", nsnull, getter_Copies(cookie));
       rv[5] = CheckResult(cookie.get(), MUST_BE_NULL);
       SetACookie(cookieService, "http://www.basic.com", nsnull, "test=basic; max-age=-1", nsnull);
       GetACookie(cookieService, "http://www.basic.com/", nsnull, getter_Copies(cookie));
       rv[6] = CheckResult(cookie.get(), MUST_BE_NULL);
 
       allTestsPassed = PrintResult(rv, 7) && allTestsPassed;
 
@@ -327,17 +327,17 @@ main(PRInt32 argc, char *argv[])
       sBuffer = PR_sprintf_append(sBuffer, "*** Beginning domain tests...\n");
 
       // test some variations of the domain & path, for different domains of
       // a domain cookie
       SetACookie(cookieService, "http://www.domain.com", nsnull, "test=domain; domain=domain.com", nsnull);
       GetACookie(cookieService, "http://domain.com", nsnull, getter_Copies(cookie));
       rv[0] = CheckResult(cookie.get(), MUST_EQUAL, "test=domain");
       GetACookie(cookieService, "http://domain.com.", nsnull, getter_Copies(cookie));
-      rv[1] = CheckResult(cookie.get(), MUST_EQUAL, "test=domain");
+      rv[1] = CheckResult(cookie.get(), MUST_BE_NULL);
       GetACookie(cookieService, "http://www.domain.com", nsnull, getter_Copies(cookie));
       rv[2] = CheckResult(cookie.get(), MUST_EQUAL, "test=domain");
       GetACookie(cookieService, "http://foo.domain.com", nsnull, getter_Copies(cookie));
       rv[3] = CheckResult(cookie.get(), MUST_EQUAL, "test=domain");
       SetACookie(cookieService, "http://www.domain.com", nsnull, "test=domain; domain=domain.com; max-age=-1", nsnull);
       GetACookie(cookieService, "http://domain.com", nsnull, getter_Copies(cookie));
       rv[4] = CheckResult(cookie.get(), MUST_BE_NULL);