1
0
Fork 0

[cookies] Check cookie path according to RFC 6265. Added test

This commit is contained in:
Witold Filipczyk 2020-05-10 15:52:33 +02:00
parent 3ea14631bb
commit 8c377a083d
5 changed files with 92 additions and 14 deletions

View File

@ -1,9 +1,15 @@
top_builddir=../..
include $(top_builddir)/Makefile.config
OBJS = cookies.o dialogs.o parser.o
OBJS = cookies.o dialogs.o path.o parser.o
PROG = parsetst
TEST_PROGS = \
cookies-t$(EXEEXT)
TESTDEPS = path.o
PARSETSTDEPS = \
$(top_builddir)/src/util/error.o \
$(top_builddir)/src/util/string.o

12
src/cookies/cookies-t.c Normal file
View File

@ -0,0 +1,12 @@
/* Tool for testing the cookies path */
#include <stdio.h>
#include "path.h"
int main(int argc, char **argv)
{
int res = is_path_prefix(argv[1], argv[2]);
printf("is_path_prefix(\"%s\", \"%s\")=%d\n", argv[1], argv[2], res);
return !res;
}

View File

@ -22,6 +22,7 @@
#include "bfu/dialog.h"
#include "cookies/cookies.h"
#include "cookies/dialogs.h"
#include "cookies/path.h"
#include "cookies/parser.h"
#include "config/home.h"
#include "config/kbdbind.h"
@ -605,19 +606,6 @@ accept_cookie_never(void *idp)
#endif
static inline int
is_path_prefix(unsigned char *d, unsigned char *s)
{
int dl = strlen(d);
/* TODO: strlcmp()? --pasky */
if (dl > strlen(s)) return 0;
return !memcmp(d, s, dl) && (s[dl] == '\0' || s[dl] == '/');
}
static struct string *
send_cookies_common(struct uri *uri, unsigned int httponly)
{

20
src/cookies/path.c Normal file
View File

@ -0,0 +1,20 @@
/* Cookie path matching */
#include <string.h>
int
is_path_prefix(unsigned char *cookiepath, unsigned char *requestpath)
{
int dl = strlen(cookiepath);
int sl = strlen(requestpath);
if (dl > sl) return 0;
if (memcmp(cookiepath, requestpath, dl)) return 0;
if (dl == sl) return 1;
if (cookiepath[dl - 1] == '/') return 1;
return (requestpath[dl] == '/');
}

View File

@ -0,0 +1,52 @@
#!/bin/sh
test_description='Test cookie path.'
. "$TEST_LIB"
test_is_path_prefix_expect_success () {
desc="$1"; shift
cookiepath="$1"; shift
requestpath="$1"; shift
test_expect_success "$desc" \
"cookies-t \"$cookiepath\" \"$requestpath\""
}
test_is_path_prefix_expect_failure () {
desc="$1"; shift
cookiepath="$1"; shift
requestpath="$1"; shift
test_expect_failure "$desc" \
"cookies-t \"$cookiepath\" \"$requestpath\""
}
test_is_path_prefix_expect_success \
'The cookie-path and the request-path are identical.' \
'/test' \
'/test'
test_is_path_prefix_expect_success \
'The cookie-path is a prefix of the request-path, and the last character of the cookie-path is ("/").' \
'/some/thing/' \
'/some/thing/more'
test_is_path_prefix_expect_success \
'The cookie-path is a prefix of the request-path, and the first character of the request-path that is not included in the cookie-path is a ("/") character.' \
'/some/thing' \
'/some/thing/stupid'
test_is_path_prefix_expect_failure \
'The cookie-path and the request-path are not identical.' \
'/test' \
'/testb'
test_is_path_prefix_expect_failure \
'The cookie-path is longer.' \
'/test/' \
'/test'
test_done