[cookies] Check cookie path according to RFC 6265. Added test

2024-12-04 14:46:47 -05:00 · 2020-05-10 15:52:33 +02:00 · 2020-05-10 15:52:33 +02:00 · 8c377a083d
commit 8c377a083d
parent 3ea14631bb
5 changed files with 92 additions and 14 deletions
--- a/src/cookies/Makefile
+++ b/src/cookies/Makefile
@ -1,9 +1,15 @@
 top_builddir=../..
 include $(top_builddir)/Makefile.config

-OBJS = cookies.o dialogs.o parser.o
+OBJS = cookies.o dialogs.o path.o parser.o
 PROG = parsetst

+TEST_PROGS = \
+ cookies-t$(EXEEXT)
+
+TESTDEPS = path.o
+
+
 PARSETSTDEPS = \
 $(top_builddir)/src/util/error.o \
 $(top_builddir)/src/util/string.o
--- a/src/cookies/cookies-t.c
+++ b/src/cookies/cookies-t.c
@ -0,0 +1,12 @@
+/* Tool for testing the cookies path  */
+
+#include <stdio.h>
+#include "path.h"
+
+int main(int argc, char **argv)
+{
+	int res = is_path_prefix(argv[1], argv[2]);
+	printf("is_path_prefix(\"%s\", \"%s\")=%d\n", argv[1], argv[2], res);
+
+	return !res;
+}
--- a/src/cookies/cookies.c
+++ b/src/cookies/cookies.c
@ -22,6 +22,7 @@
 #include "bfu/dialog.h"
 #include "cookies/cookies.h"
 #include "cookies/dialogs.h"
+#include "cookies/path.h"
 #include "cookies/parser.h"
 #include "config/home.h"
 #include "config/kbdbind.h"
@ -605,19 +606,6 @@ accept_cookie_never(void *idp)
 #endif


-static inline int
-is_path_prefix(unsigned char *d, unsigned char *s)
-{
-	int dl = strlen(d);
-
-	/* TODO: strlcmp()? --pasky */
-
-	if (dl > strlen(s)) return 0;
-
-	return !memcmp(d, s, dl) && (s[dl] == '\0' || s[dl] == '/');
-}
-
-
 static struct string *
 send_cookies_common(struct uri *uri, unsigned int httponly)
 {
--- a/src/cookies/path.c
+++ b/src/cookies/path.c
@ -0,0 +1,20 @@
+/* Cookie path matching */
+
+#include <string.h>
+
+int
+is_path_prefix(unsigned char *cookiepath, unsigned char *requestpath)
+{
+	int dl = strlen(cookiepath);
+	int sl = strlen(requestpath);
+
+	if (dl > sl) return 0;
+
+	if (memcmp(cookiepath, requestpath, dl)) return 0;
+
+	if (dl == sl) return 1;
+
+	if (cookiepath[dl - 1] == '/') return 1;
+
+	return (requestpath[dl] == '/');
+}
--- a/src/cookies/test-cookies-t
+++ b/src/cookies/test-cookies-t
@ -0,0 +1,52 @@
+#!/bin/sh
+
+test_description='Test cookie path.'
+
+. "$TEST_LIB"
+
+test_is_path_prefix_expect_success () {
+	desc="$1"; shift
+	cookiepath="$1"; shift
+	requestpath="$1"; shift
+
+	test_expect_success "$desc" \
+		"cookies-t \"$cookiepath\" \"$requestpath\""
+}
+
+test_is_path_prefix_expect_failure () {
+	desc="$1"; shift
+	cookiepath="$1"; shift
+	requestpath="$1"; shift
+
+	test_expect_failure "$desc" \
+		"cookies-t \"$cookiepath\" \"$requestpath\""
+}
+
+
+test_is_path_prefix_expect_success \
+'The cookie-path and the request-path are identical.' \
+'/test' \
+'/test'
+
+test_is_path_prefix_expect_success \
+'The cookie-path is a prefix of the request-path, and the last character of the cookie-path is ("/").' \
+'/some/thing/' \
+'/some/thing/more'
+
+test_is_path_prefix_expect_success \
+'The cookie-path is a prefix of the request-path, and the first character of the request-path that is not included in the cookie-path is a ("/") character.' \
+'/some/thing' \
+'/some/thing/stupid'
+
+test_is_path_prefix_expect_failure \
+'The cookie-path and the request-path are not identical.' \
+'/test' \
+'/testb'
+
+test_is_path_prefix_expect_failure \
+'The cookie-path is longer.' \
+'/test/' \
+'/test'
+
+
+test_done