nagai/fune
3
0
Fork 0
forked from mirrors/gecko-dev
Code Pull requests Activity

Bug 1901325 - Backed out changeset 11097fcc4f76 a=RyanVM

Browse source 
This patch causes Firefox to mistakenly reject cookies if the following cookie
header appears to be a continuation of the previous one.
This is because when cookie headers get merged the are separated by a \n
character which is considered invalid since bug 1892748.

Original Revision: https://phabricator.services.mozilla.com/D213547

Differential Revision: https://phabricator.services.mozilla.com/D213679
This commit is contained in:
Valentin Gosu 2024-06-14 01:46:54 +00:00
parent 420356f373
commit 849ec03265
2 changed files with 30 additions and 15 deletions
repo.diff.show_diff_stats Download patch file Download diff file Expand all files Collapse all files

15
netwerk/cookie/CookieService.cpp
View file

@ -1690,21 +1690,6 @@ bool CookieService::GetTokenValue(nsACString::const_char_iterator& aIter,
// if on terminator, increment past & return true to process new cookie
if (isterminator(*aIter)) {
++aIter;
while (aIter != aEndIter && isvalueseparator(*aIter)) {
++aIter;
}
nsACString::const_char_iterator end = aIter - 1;
if (!isterminator(*end)) {
// The cookie isn't valid because we have multiple terminators or
// a terminator followed by a value separator. Add those invalid
// characters to the cookie string or value so it will be rejected.
if (aEqualsFound) {
aTokenString.Rebind(start, end);
} else {
aTokenValue.Rebind(start, end);
}
return false;
}
return true;
}
// fall-through: aIter is on ';', increment and return false

30
testing/web-platform/meta/cookies/attributes/attributes-ctl.sub.html.ini
View file

@ -2,9 +2,21 @@
[Cookie with %x9 after Secure attribute is handled correctly.]
expected: FAIL
[Cookie with %xa after Domain attribute value is handled correctly.]
expected: FAIL
[Cookie with %xa after Path attribute value is handled correctly.]
expected: FAIL
[Cookie with %xa in Max-Age attribute value is handled correctly.]
expected: FAIL
[Cookie with %xa after Max-Age attribute value is handled correctly.]
expected: FAIL
[Cookie with %xa after Expires attribute value is handled correctly.]
expected: FAIL
[Cookie with %xa in Secure attribute is handled correctly.]
expected: FAIL
@ -14,9 +26,21 @@
[Cookie with %xa in SameSite attribute value is handled correctly.]
expected: FAIL
[Cookie with %xd after Domain attribute value is handled correctly.]
expected: FAIL
[Cookie with %xd after Path attribute value is handled correctly.]
expected: FAIL
[Cookie with %xd in Max-Age attribute value is handled correctly.]
expected: FAIL
[Cookie with %xd after Max-Age attribute value is handled correctly.]
expected: FAIL
[Cookie with %xd after Expires attribute value is handled correctly.]
expected: FAIL
[Cookie with %xd in Secure attribute is handled correctly.]
expected: FAIL
@ -25,3 +49,9 @@
[Cookie with %xd in SameSite attribute value is handled correctly.]
expected: FAIL
[Cookie with %xa after SameSite attribute value is handled correctly.]
expected: FAIL
[Cookie with %xd after SameSite attribute value is handled correctly.]
expected: FAIL