From d1bf94dc4d647f70139a086b976e5d7a57d79a1c Mon Sep 17 00:00:00 2001
From: John Mark Bell <jmb@netsurf-browser.org>
Date: Tue, 30 Oct 2007 23:19:03 +0000
Subject: Work around sites sending domain cookies for .foo.com from hosts such
 as bar.bat.foo.com, then expecting domain matching to succeed. This causes me
 pain.

svn path=/trunk/netsurf/; revision=3637
---
 content/urldb.c | 25 ++++++++++++++++++++-----
 1 file changed, 20 insertions(+), 5 deletions(-)

(limited to 'content/urldb.c')

diff --git a/content/urldb.c b/content/urldb.c
index 0556bec5b..642428912 100644
--- a/content/urldb.c
+++ b/content/urldb.c
@@ -2751,12 +2751,27 @@ bool urldb_set_cookie(const char *header, const char *url,
 				goto error;
 			}
 
-			/* 4.3.2:iv Ensure H contains no dots */
-			for (int i = 0; i < (hlen - dlen); i++)
-				if (host[i] == '.') {
-					urldb_free_cookie(c);
-					goto error;
+			/* If you believe the spec, H should contain no
+			 * dots in _any_ cookie. Unfortunately, however,
+			 * reality differs in that many sites send domain
+			 * cookies of the form .foo.com from hosts such
+			 * as bar.bat.foo.com and then expect domain
+			 * matching to work. Thus we have to do what they
+			 * expect, regardless of any potential security
+			 * implications.
+			 *
+			 * Ensure that we're dealing with a domain cookie
+			 * here for extra paranoia.
+			 */
+			if (c->domain[0] != '.') {
+				/* 4.3.2:iv Ensure H contains no dots */
+				for (int i = 0; i < (hlen - dlen); i++) {
+					if (host[i] == '.') {
+						urldb_free_cookie(c);
+						goto error;
+					}
 				}
+			}
 		}
 
 		/* Now insert into database */
-- 
cgit v1.2.3