wininet: Added basic cookie domain validation in set_cookie function.

This commit is contained in:
Piotr Caban 2012-10-01 14:22:57 +02:00 committed by Alexandre Julliard
parent c34bc977a0
commit fc219b0ab3
2 changed files with 77 additions and 26 deletions

View File

@ -678,6 +678,43 @@ BOOL WINAPI InternetGetCookieA(LPCSTR lpszUrl, LPCSTR lpszCookieName,
return r; return r;
} }
/***********************************************************************
* IsDomainLegalCookieDomainW (WININET.@)
*/
BOOL WINAPI IsDomainLegalCookieDomainW( LPCWSTR s1, LPCWSTR s2 )
{
DWORD s1_len, s2_len;
FIXME("(%s, %s) semi-stub\n", debugstr_w(s1), debugstr_w(s2));
if (!s1 || !s2)
{
SetLastError(ERROR_INVALID_PARAMETER);
return FALSE;
}
if (s1[0] == '.' || !s1[0] || s2[0] == '.' || !s2[0])
{
SetLastError(ERROR_INVALID_NAME);
return FALSE;
}
if(!strchrW(s1, '.') || !strchrW(s2, '.'))
return FALSE;
s1_len = strlenW(s1);
s2_len = strlenW(s2);
if (s1_len > s2_len)
return FALSE;
if (strncmpiW(s1, s2+s2_len-s1_len, s1_len) || (s2_len>s1_len && s2[s2_len-s1_len-1]!='.'))
{
SetLastError(ERROR_INVALID_PARAMETER);
return FALSE;
}
return TRUE;
}
BOOL set_cookie(LPCWSTR domain, LPCWSTR path, LPCWSTR cookie_name, LPCWSTR cookie_data) BOOL set_cookie(LPCWSTR domain, LPCWSTR path, LPCWSTR cookie_name, LPCWSTR cookie_data)
{ {
cookie_domain *thisCookieDomain = NULL; cookie_domain *thisCookieDomain = NULL;
@ -727,7 +764,26 @@ BOOL set_cookie(LPCWSTR domain, LPCWSTR path, LPCWSTR cookie_name, LPCWSTR cooki
if (strncmpiW(ptr, szDomain, 7) == 0) if (strncmpiW(ptr, szDomain, 7) == 0)
{ {
ptr+=strlenW(szDomain); WCHAR *end_ptr;
ptr += sizeof(szDomain)/sizeof(szDomain[0])-1;
if(*ptr == '.')
ptr++;
end_ptr = strchrW(ptr, ';');
if(end_ptr)
*end_ptr = 0;
if(!IsDomainLegalCookieDomainW(ptr, domain))
{
if(value != data)
heap_free(value);
heap_free(data);
return FALSE;
}
if(end_ptr)
*end_ptr = ';';
domain = ptr; domain = ptr;
TRACE("Parsing new domain %s\n",debugstr_w(domain)); TRACE("Parsing new domain %s\n",debugstr_w(domain));
} }
@ -1059,28 +1115,3 @@ BOOL WINAPI InternetSetPerSiteCookieDecisionW( LPCWSTR pchHostName, DWORD dwDeci
FIXME("(%s, 0x%08x) stub\n", debugstr_w(pchHostName), dwDecision); FIXME("(%s, 0x%08x) stub\n", debugstr_w(pchHostName), dwDecision);
return FALSE; return FALSE;
} }
/***********************************************************************
* IsDomainLegalCookieDomainW (WININET.@)
*/
BOOL WINAPI IsDomainLegalCookieDomainW( LPCWSTR s1, LPCWSTR s2 )
{
const WCHAR *p;
FIXME("(%s, %s)\n", debugstr_w(s1), debugstr_w(s2));
if (!s1 || !s2)
{
SetLastError(ERROR_INVALID_PARAMETER);
return FALSE;
}
if (s1[0] == '.' || !s1[0] || s2[0] == '.' || !s2[0])
{
SetLastError(ERROR_INVALID_NAME);
return FALSE;
}
if (!(p = strchrW(s2, '.'))) return FALSE;
if (strchrW(p + 1, '.') && !strcmpW(p + 1, s1)) return TRUE;
else if (!strcmpW(s1, s2)) return TRUE;
return FALSE;
}

View File

@ -496,6 +496,15 @@ static void test_complicated_cookie(void)
ret = GetUrlCacheEntryInfo(buffer, NULL, &len); ret = GetUrlCacheEntryInfo(buffer, NULL, &len);
ok(!ret, "GetUrlCacheEntryInfo succeeded\n"); ok(!ret, "GetUrlCacheEntryInfo succeeded\n");
ok(GetLastError() == ERROR_FILE_NOT_FOUND, "GetLastError() = %d\n", GetLastError()); ok(GetLastError() == ERROR_FILE_NOT_FOUND, "GetLastError() = %d\n", GetLastError());
/* try setting cookie for different domain */
ret = InternetSetCookie("http://www.aaa.example.com/bar",NULL,"E=F; domain=different.com");
ok(!ret, "InternetSetCookie succeeded\n");
ok(GetLastError() == ERROR_INVALID_PARAMETER, "GetLastError() = %d\n", GetLastError());
ret = InternetSetCookie("http://www.aaa.example.com.pl/bar",NULL,"E=F; domain=example.com.pl");
ok(ret, "InternetSetCookie failed with error: %d\n", GetLastError());
ret = InternetSetCookie("http://www.aaa.example.com.pl/bar",NULL,"E=F; domain=com.pl");
todo_wine ok(!ret, "InternetSetCookie succeeded\n");
} }
static void test_cookie_url(void) static void test_cookie_url(void)
@ -828,6 +837,8 @@ static void test_IsDomainLegalCookieDomainW(void)
static const WCHAR dot_com[] = {'.','c','o','m',0}; static const WCHAR dot_com[] = {'.','c','o','m',0};
static const WCHAR gmail_com[] = {'g','m','a','i','l','.','c','o','m',0}; static const WCHAR gmail_com[] = {'g','m','a','i','l','.','c','o','m',0};
static const WCHAR dot_gmail_com[] = {'.','g','m','a','i','l','.','c','o','m',0}; static const WCHAR dot_gmail_com[] = {'.','g','m','a','i','l','.','c','o','m',0};
static const WCHAR www_gmail_com[] = {'w','w','w','.','g','m','a','i','l','.','c','o','m',0};
static const WCHAR www_mail_gmail_com[] = {'w','w','w','.','m','a','i','l','.','g','m','a','i','l','.','c','o','m',0};
static const WCHAR mail_gmail_com[] = {'m','a','i','l','.','g','m','a','i','l','.','c','o','m',0}; static const WCHAR mail_gmail_com[] = {'m','a','i','l','.','g','m','a','i','l','.','c','o','m',0};
static const WCHAR gmail_co_uk[] = {'g','m','a','i','l','.','c','o','.','u','k',0}; static const WCHAR gmail_co_uk[] = {'g','m','a','i','l','.','c','o','.','u','k',0};
static const WCHAR co_uk[] = {'c','o','.','u','k',0}; static const WCHAR co_uk[] = {'c','o','.','u','k',0};
@ -924,6 +935,12 @@ static void test_IsDomainLegalCookieDomainW(void)
ret = pIsDomainLegalCookieDomainW(gmail_com, gmail_com); ret = pIsDomainLegalCookieDomainW(gmail_com, gmail_com);
ok(ret, "IsDomainLegalCookieDomainW failed\n"); ok(ret, "IsDomainLegalCookieDomainW failed\n");
ret = pIsDomainLegalCookieDomainW(gmail_com, www_gmail_com);
ok(ret, "IsDomainLegalCookieDomainW failed\n");
ret = pIsDomainLegalCookieDomainW(gmail_com, www_mail_gmail_com);
ok(ret, "IsDomainLegalCookieDomainW failed\n");
SetLastError(0xdeadbeef); SetLastError(0xdeadbeef);
ret = pIsDomainLegalCookieDomainW(gmail_co_uk, co_uk); ret = pIsDomainLegalCookieDomainW(gmail_co_uk, co_uk);
error = GetLastError(); error = GetLastError();
@ -940,6 +957,9 @@ static void test_IsDomainLegalCookieDomainW(void)
ret = pIsDomainLegalCookieDomainW(gmail_co_uk, dot_co_uk); ret = pIsDomainLegalCookieDomainW(gmail_co_uk, dot_co_uk);
ok(!ret, "IsDomainLegalCookieDomainW succeeded\n"); ok(!ret, "IsDomainLegalCookieDomainW succeeded\n");
ret = pIsDomainLegalCookieDomainW(co_uk, gmail_co_uk);
todo_wine ok(!ret, "IsDomainLegalCookieDomainW succeeded\n");
ret = pIsDomainLegalCookieDomainW(gmail_co_uk, gmail_co_uk); ret = pIsDomainLegalCookieDomainW(gmail_co_uk, gmail_co_uk);
ok(ret, "IsDomainLegalCookieDomainW failed\n"); ok(ret, "IsDomainLegalCookieDomainW failed\n");