w3.org
 » 
w3.org - lib
 » 
w3.org - www-lib

HTCookie.c Patch

View: New views
2 Messages — Rating Filter:   Alert me  

HTCookie.c Patch

by Jesse Morgan-2 :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Hey Guys,
I was using libwww and discovered issues when the value of a cookie is either null or contains = signs. The attached patch
fixes the issue. The patch is against the 5.4.0 release.

--
Jesse Morgan
253-397-1372
jesse@...
www.jesterpm.net

diff -rup w3c-libwww-5.4.0/Library/src/HTCookie.c w3c-libwww-5.4.0.patched/Library/src/HTCookie.c
--- w3c-libwww-5.4.0/Library/src/HTCookie.c 1999-07-30 18:30:16.000000000 -0700
+++ w3c-libwww-5.4.0.patched/Library/src/HTCookie.c 2006-06-14 09:51:48.000000000 -0700
@@ -242,17 +242,47 @@ PRIVATE BOOL HTCookieHolder_deleteAll (v
 /* ------------------------------------------------------------------------- */
 
 /*
+** Added By Jesse Morgan <jesse@...> on 2006-05-22
+** Splits a KEY=VALUE pair into a KEY and VALUE
+*/
+PRIVATE int HTCookie_splitPair (char * pair, char ** key, char ** value)
+{
+ char * index = strchr(pair, '=');
+
+ if (index == NULL) {
+ return HT_ERROR;
+ }
+
+ *key = pair;
+ *index = '\0';
+ *value = ++index;
+
+ return HT_OK;
+}
+
+
+/*
 **  MIME header parser for the Set-Cookie header field. We parse the cookies
 **  and create HTCookie objects and store them in the cookie holder so that
 **  the cookie after filter can deal with them accordingly.
+**  Modified by Jesse Morgan <jesse@...> on 2006-05-22 to properly
+**  parse cookies such as: Set-Cookie: MYUSERINFO=; and
+**  MSCulture=IP=000.000.000.000
 */
 PRIVATE int HTCookie_parseSetCookie (HTRequest * request, HTResponse * response,
      char * token, char * value)
 
 {
-    char * cookie_name = HTNextField(&value);
-    char * cookie_value = HTNextField(&value);
-    if (cookie_name && *cookie_name && cookie_value) {
+
+
+ char * cookie_name = NULL;
+     char * cookie_value = NULL;
+
+ if (HTCookie_splitPair(HTNextParam(&value), &cookie_name, &cookie_value) != HT_OK) {
+ return HT_ERROR; /* Malformed Cookie */
+ }
+
+ if (cookie_name && *cookie_name && cookie_value) {
  HTCookie * cookie = HTCookie_new();
  char * param_pair;
 
@@ -264,8 +294,13 @@ PRIVATE int HTCookie_parseSetCookie (HTR
 
  /* Parse cookie parameters */
  while ((param_pair = HTNextParam(&value))) {
-    char * tok = HTNextField(¶m_pair);
-    char * val = param_pair;
+    char * tok = NULL;
+    char * val = NULL;
+
+ if (HTCookie_splitPair(param_pair, &tok, &val) != HT_OK) {
+ return HT_ERROR; /* Malformed Cookie */
+ }
+
     if (tok) {
  if (!strcasecomp(tok, "expires") && val && *val) {
     HTTRACE(STREAM_TRACE, "Cookie...... Expires `%s\'\n" _ val);
@@ -288,6 +323,7 @@ PRIVATE int HTCookie_parseSetCookie (HTR
     return HT_OK;
 }
 
+
 /*
 **  Check whether the application provides us with a cookie or more.
 */

Re: HTCookie.c Patch

by Vic Bancroft-2 :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message


Jesse Morgan wrote:

>I was using libwww and discovered issues when the value of a cookie is either null or contains = signs.
>
Ouch.

>The attached patch fixes the issue. The patch is against the 5.4.0 release.
>  
>
Most excellent, here is what it looks like as applied to the HEAD . . .

[bancroft@hilbert libwww]$ cvs diff ChangeLog Library/src/HTCookie.c
Index: ChangeLog
===================================================================
RCS file: /sources/public/libwww/ChangeLog,v
retrieving revision 1.55
diff -r1.55 ChangeLog
2a3,7
> 2006-06-18       Vic Bancroft <bancroft@...>
>
>       * Library/src/HTCookie.c: add private function HTCookie_splitPair to
>         split a KEY=VALUE pair, from Jesse Morgan
>
Index: Library/src/HTCookie.c
===================================================================
RCS file: /sources/public/libwww/Library/src/HTCookie.c,v
retrieving revision 2.5
diff -r2.5 HTCookie.c
244a245,263

> ** Added By Jesse Morgan <jesse@...> on 2006-05-22
> ** Splits a KEY=VALUE pair into a KEY and VALUE
> */
> PRIVATE int HTCookie_splitPair (char * pair, char ** key, char ** value)
> {
>       char * index = strchr(pair, '=');
>
>       if (index == NULL) {
>                       return HT_ERROR;
>       }
>
>       *key    = pair;
>       *index  = '\0';
>       *value  = ++index;
>
>       return HT_OK;
> }
>
> /*
253,254c272,278
<     char * cookie_name = HTNextField(&value);
<     char * cookie_value = HTNextField(&value);
---
>     char * cookie_name = NULL;
>     char * cookie_value = NULL;
>
>     if (HTCookie_splitPair(HTNextParam(&value), &cookie_name, &cookie_value) != HT_OK) {
>        return HT_ERROR; /* Malformed Cookie */
>     }
>
267,268c291,297
<           char * tok = HTNextField(¶m_pair);
<           char * val = param_pair;
---
>           char * tok = NULL;
>           char * val = NULL;
>
>           if (HTCookie_splitPair(param_pair, &tok, &val) != HT_OK) {
>             return HT_ERROR; /* Malformed Cookie */
>           }
>

This results in new revision: 1.56 of ChangeLog and new revision: 2.6 of
HTCookie.c . . .

more,
l8r,
v

--
"The future is here. It's just not evenly distributed yet."
 -- William Gibson, quoted by Whitfield Diffie


Free embeddable forum powered by Nabble Forum Help