diff options
author | John Mark Bell <jmb@netsurf-browser.org> | 2007-01-28 16:34:50 +0000 |
---|---|---|
committer | John Mark Bell <jmb@netsurf-browser.org> | 2007-01-28 16:34:50 +0000 |
commit | 9612b35de181826d9ca3bad7a8084625274a44a4 (patch) | |
tree | ab8fb7fab24bf63cf117dafb9fbebcffcd54a9a6 | |
parent | df4dbaf4cfebf0b8b5ec9ae7d0bf6ae467609a4e (diff) | |
download | netsurf-9612b35de181826d9ca3bad7a8084625274a44a4.tar.gz netsurf-9612b35de181826d9ca3bad7a8084625274a44a4.tar.bz2 |
Improve domain matching of referer and host.
Lose comparison of schemes - this was spurious and wrong.
Fixes 1646417.
svn path=/trunk/netsurf/; revision=3152
-rw-r--r-- | content/urldb.c | 49 |
1 files changed, 30 insertions, 19 deletions
diff --git a/content/urldb.c b/content/urldb.c index 7d7b5aa15..cc6d370a3 100644 --- a/content/urldb.c +++ b/content/urldb.c @@ -2613,37 +2613,48 @@ bool urldb_set_cookie(const char *header, const char *url, } if (referer) { - char *rhost, *rscheme; + char *rhost; /* Ensure that url's host name domain matches * referer's (4.3.5) */ - res = url_scheme(referer, &rscheme); - if (res != URL_FUNC_OK) { - goto error; - } - res = url_host(referer, &rhost); if (res != URL_FUNC_OK) { - free(rscheme); goto error; } - if (strcasecmp(scheme, rscheme) != 0) { - /* Schemes don't match => fail */ - free(rhost); - free(rscheme); - goto error; - } - - /* Domain match host names (both are FQDN or IP) */ + /* Domain match host names */ if (strcasecmp(host, rhost) != 0) { - free(rhost); - free(rscheme); - goto error; + /* Not exact match, so try the following: + * + * 1) host = A.B; rhost = B (i.e. strip first + * segment from host and compare against rhost) + * 2) host = A.B; rhost = C.B (i.e. strip first + * segment off both hosts and compare) */ + const char *dot = strchr(host, '.'); + const char *rdot = strchr(host, '.'); + + if (!dot || !rdot) { + free(rhost); + goto error; + } + + /* 1 */ + if (strcasecmp(dot + 1, rhost) != 0) { + /* B must contain embedded dots */ + if (strchr(rdot + 1, '.') == NULL) { + free(rhost); + goto error; + } + + /* 2 */ + if (strcasecmp(dot, rdot) != 0) { + free(rhost); + goto error; + } + } } free(rhost); - free(rscheme); } end = cur + strlen(cur) - 2 /* Trailing CRLF */; |