wininet: Added basic cookie domain validation in set_cookie function.
This commit is contained in:
parent
c34bc977a0
commit
fc219b0ab3
|
@ -678,6 +678,43 @@ BOOL WINAPI InternetGetCookieA(LPCSTR lpszUrl, LPCSTR lpszCookieName,
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/***********************************************************************
|
||||||
|
* IsDomainLegalCookieDomainW (WININET.@)
|
||||||
|
*/
|
||||||
|
BOOL WINAPI IsDomainLegalCookieDomainW( LPCWSTR s1, LPCWSTR s2 )
|
||||||
|
{
|
||||||
|
DWORD s1_len, s2_len;
|
||||||
|
|
||||||
|
FIXME("(%s, %s) semi-stub\n", debugstr_w(s1), debugstr_w(s2));
|
||||||
|
|
||||||
|
if (!s1 || !s2)
|
||||||
|
{
|
||||||
|
SetLastError(ERROR_INVALID_PARAMETER);
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
if (s1[0] == '.' || !s1[0] || s2[0] == '.' || !s2[0])
|
||||||
|
{
|
||||||
|
SetLastError(ERROR_INVALID_NAME);
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
if(!strchrW(s1, '.') || !strchrW(s2, '.'))
|
||||||
|
return FALSE;
|
||||||
|
|
||||||
|
s1_len = strlenW(s1);
|
||||||
|
s2_len = strlenW(s2);
|
||||||
|
if (s1_len > s2_len)
|
||||||
|
return FALSE;
|
||||||
|
|
||||||
|
if (strncmpiW(s1, s2+s2_len-s1_len, s1_len) || (s2_len>s1_len && s2[s2_len-s1_len-1]!='.'))
|
||||||
|
{
|
||||||
|
SetLastError(ERROR_INVALID_PARAMETER);
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
|
return TRUE;
|
||||||
|
}
|
||||||
|
|
||||||
BOOL set_cookie(LPCWSTR domain, LPCWSTR path, LPCWSTR cookie_name, LPCWSTR cookie_data)
|
BOOL set_cookie(LPCWSTR domain, LPCWSTR path, LPCWSTR cookie_name, LPCWSTR cookie_data)
|
||||||
{
|
{
|
||||||
cookie_domain *thisCookieDomain = NULL;
|
cookie_domain *thisCookieDomain = NULL;
|
||||||
|
@ -727,7 +764,26 @@ BOOL set_cookie(LPCWSTR domain, LPCWSTR path, LPCWSTR cookie_name, LPCWSTR cooki
|
||||||
|
|
||||||
if (strncmpiW(ptr, szDomain, 7) == 0)
|
if (strncmpiW(ptr, szDomain, 7) == 0)
|
||||||
{
|
{
|
||||||
ptr+=strlenW(szDomain);
|
WCHAR *end_ptr;
|
||||||
|
|
||||||
|
ptr += sizeof(szDomain)/sizeof(szDomain[0])-1;
|
||||||
|
if(*ptr == '.')
|
||||||
|
ptr++;
|
||||||
|
end_ptr = strchrW(ptr, ';');
|
||||||
|
if(end_ptr)
|
||||||
|
*end_ptr = 0;
|
||||||
|
|
||||||
|
if(!IsDomainLegalCookieDomainW(ptr, domain))
|
||||||
|
{
|
||||||
|
if(value != data)
|
||||||
|
heap_free(value);
|
||||||
|
heap_free(data);
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(end_ptr)
|
||||||
|
*end_ptr = ';';
|
||||||
|
|
||||||
domain = ptr;
|
domain = ptr;
|
||||||
TRACE("Parsing new domain %s\n",debugstr_w(domain));
|
TRACE("Parsing new domain %s\n",debugstr_w(domain));
|
||||||
}
|
}
|
||||||
|
@ -1059,28 +1115,3 @@ BOOL WINAPI InternetSetPerSiteCookieDecisionW( LPCWSTR pchHostName, DWORD dwDeci
|
||||||
FIXME("(%s, 0x%08x) stub\n", debugstr_w(pchHostName), dwDecision);
|
FIXME("(%s, 0x%08x) stub\n", debugstr_w(pchHostName), dwDecision);
|
||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
/***********************************************************************
|
|
||||||
* IsDomainLegalCookieDomainW (WININET.@)
|
|
||||||
*/
|
|
||||||
BOOL WINAPI IsDomainLegalCookieDomainW( LPCWSTR s1, LPCWSTR s2 )
|
|
||||||
{
|
|
||||||
const WCHAR *p;
|
|
||||||
|
|
||||||
FIXME("(%s, %s)\n", debugstr_w(s1), debugstr_w(s2));
|
|
||||||
|
|
||||||
if (!s1 || !s2)
|
|
||||||
{
|
|
||||||
SetLastError(ERROR_INVALID_PARAMETER);
|
|
||||||
return FALSE;
|
|
||||||
}
|
|
||||||
if (s1[0] == '.' || !s1[0] || s2[0] == '.' || !s2[0])
|
|
||||||
{
|
|
||||||
SetLastError(ERROR_INVALID_NAME);
|
|
||||||
return FALSE;
|
|
||||||
}
|
|
||||||
if (!(p = strchrW(s2, '.'))) return FALSE;
|
|
||||||
if (strchrW(p + 1, '.') && !strcmpW(p + 1, s1)) return TRUE;
|
|
||||||
else if (!strcmpW(s1, s2)) return TRUE;
|
|
||||||
return FALSE;
|
|
||||||
}
|
|
||||||
|
|
|
@ -496,6 +496,15 @@ static void test_complicated_cookie(void)
|
||||||
ret = GetUrlCacheEntryInfo(buffer, NULL, &len);
|
ret = GetUrlCacheEntryInfo(buffer, NULL, &len);
|
||||||
ok(!ret, "GetUrlCacheEntryInfo succeeded\n");
|
ok(!ret, "GetUrlCacheEntryInfo succeeded\n");
|
||||||
ok(GetLastError() == ERROR_FILE_NOT_FOUND, "GetLastError() = %d\n", GetLastError());
|
ok(GetLastError() == ERROR_FILE_NOT_FOUND, "GetLastError() = %d\n", GetLastError());
|
||||||
|
|
||||||
|
/* try setting cookie for different domain */
|
||||||
|
ret = InternetSetCookie("http://www.aaa.example.com/bar",NULL,"E=F; domain=different.com");
|
||||||
|
ok(!ret, "InternetSetCookie succeeded\n");
|
||||||
|
ok(GetLastError() == ERROR_INVALID_PARAMETER, "GetLastError() = %d\n", GetLastError());
|
||||||
|
ret = InternetSetCookie("http://www.aaa.example.com.pl/bar",NULL,"E=F; domain=example.com.pl");
|
||||||
|
ok(ret, "InternetSetCookie failed with error: %d\n", GetLastError());
|
||||||
|
ret = InternetSetCookie("http://www.aaa.example.com.pl/bar",NULL,"E=F; domain=com.pl");
|
||||||
|
todo_wine ok(!ret, "InternetSetCookie succeeded\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
static void test_cookie_url(void)
|
static void test_cookie_url(void)
|
||||||
|
@ -828,6 +837,8 @@ static void test_IsDomainLegalCookieDomainW(void)
|
||||||
static const WCHAR dot_com[] = {'.','c','o','m',0};
|
static const WCHAR dot_com[] = {'.','c','o','m',0};
|
||||||
static const WCHAR gmail_com[] = {'g','m','a','i','l','.','c','o','m',0};
|
static const WCHAR gmail_com[] = {'g','m','a','i','l','.','c','o','m',0};
|
||||||
static const WCHAR dot_gmail_com[] = {'.','g','m','a','i','l','.','c','o','m',0};
|
static const WCHAR dot_gmail_com[] = {'.','g','m','a','i','l','.','c','o','m',0};
|
||||||
|
static const WCHAR www_gmail_com[] = {'w','w','w','.','g','m','a','i','l','.','c','o','m',0};
|
||||||
|
static const WCHAR www_mail_gmail_com[] = {'w','w','w','.','m','a','i','l','.','g','m','a','i','l','.','c','o','m',0};
|
||||||
static const WCHAR mail_gmail_com[] = {'m','a','i','l','.','g','m','a','i','l','.','c','o','m',0};
|
static const WCHAR mail_gmail_com[] = {'m','a','i','l','.','g','m','a','i','l','.','c','o','m',0};
|
||||||
static const WCHAR gmail_co_uk[] = {'g','m','a','i','l','.','c','o','.','u','k',0};
|
static const WCHAR gmail_co_uk[] = {'g','m','a','i','l','.','c','o','.','u','k',0};
|
||||||
static const WCHAR co_uk[] = {'c','o','.','u','k',0};
|
static const WCHAR co_uk[] = {'c','o','.','u','k',0};
|
||||||
|
@ -924,6 +935,12 @@ static void test_IsDomainLegalCookieDomainW(void)
|
||||||
ret = pIsDomainLegalCookieDomainW(gmail_com, gmail_com);
|
ret = pIsDomainLegalCookieDomainW(gmail_com, gmail_com);
|
||||||
ok(ret, "IsDomainLegalCookieDomainW failed\n");
|
ok(ret, "IsDomainLegalCookieDomainW failed\n");
|
||||||
|
|
||||||
|
ret = pIsDomainLegalCookieDomainW(gmail_com, www_gmail_com);
|
||||||
|
ok(ret, "IsDomainLegalCookieDomainW failed\n");
|
||||||
|
|
||||||
|
ret = pIsDomainLegalCookieDomainW(gmail_com, www_mail_gmail_com);
|
||||||
|
ok(ret, "IsDomainLegalCookieDomainW failed\n");
|
||||||
|
|
||||||
SetLastError(0xdeadbeef);
|
SetLastError(0xdeadbeef);
|
||||||
ret = pIsDomainLegalCookieDomainW(gmail_co_uk, co_uk);
|
ret = pIsDomainLegalCookieDomainW(gmail_co_uk, co_uk);
|
||||||
error = GetLastError();
|
error = GetLastError();
|
||||||
|
@ -940,6 +957,9 @@ static void test_IsDomainLegalCookieDomainW(void)
|
||||||
ret = pIsDomainLegalCookieDomainW(gmail_co_uk, dot_co_uk);
|
ret = pIsDomainLegalCookieDomainW(gmail_co_uk, dot_co_uk);
|
||||||
ok(!ret, "IsDomainLegalCookieDomainW succeeded\n");
|
ok(!ret, "IsDomainLegalCookieDomainW succeeded\n");
|
||||||
|
|
||||||
|
ret = pIsDomainLegalCookieDomainW(co_uk, gmail_co_uk);
|
||||||
|
todo_wine ok(!ret, "IsDomainLegalCookieDomainW succeeded\n");
|
||||||
|
|
||||||
ret = pIsDomainLegalCookieDomainW(gmail_co_uk, gmail_co_uk);
|
ret = pIsDomainLegalCookieDomainW(gmail_co_uk, gmail_co_uk);
|
||||||
ok(ret, "IsDomainLegalCookieDomainW failed\n");
|
ok(ret, "IsDomainLegalCookieDomainW failed\n");
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue