summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVincent Sanders <vince@kyllikki.org>2016-09-20 21:45:35 +0100
committerVincent Sanders <vince@kyllikki.org>2016-09-20 21:45:35 +0100
commit1ef1edc9e0bc001f3324bc7fa616c4bd0cc79466 (patch)
tree6cd4fc9f16bb1fceae20ee497924d4b4e4030661
parent608a18caff8d1b994ab24fa74b64885e67e6348e (diff)
downloadnetsurf-1ef1edc9e0bc001f3324bc7fa616c4bd0cc79466.tar.gz
netsurf-1ef1edc9e0bc001f3324bc7fa616c4bd0cc79466.tar.bz2
enable use of netsurf public suffix library to prevent supercookies
-rw-r--r--Docs/env.sh2
-rw-r--r--Makefile2
-rw-r--r--Makefile.defaults3
-rw-r--r--content/urldb.c18
4 files changed, 24 insertions, 1 deletions
diff --git a/Docs/env.sh b/Docs/env.sh
index 6fb009cbb..b0a30c8d0 100644
--- a/Docs/env.sh
+++ b/Docs/env.sh
@@ -90,7 +90,7 @@ NS_GIT="git://git.netsurf-browser.org"
NS_BUILDSYSTEM="buildsystem"
# internal libraries all frontends require (order is important)
-NS_INTERNAL_LIBS="libwapcaplet libparserutils libhubbub libdom libcss libnsgif libnsbmp libutf8proc libnsutils"
+NS_INTERNAL_LIBS="libwapcaplet libparserutils libhubbub libdom libcss libnsgif libnsbmp libutf8proc libnsutils libnspsl"
# The browser itself
NS_BROWSER="netsurf"
diff --git a/Makefile b/Makefile
index 60810e153..9a9f4b3d6 100644
--- a/Makefile
+++ b/Makefile
@@ -525,6 +525,7 @@ NETSURF_FEATURE_CURL_CFLAGS := -DWITH_CURL
NETSURF_FEATURE_NSSVG_CFLAGS := -DWITH_NS_SVG
NETSURF_FEATURE_OPENSSL_CFLAGS := -DWITH_OPENSSL
NETSURF_FEATURE_ROSPRITE_CFLAGS := -DWITH_NSSPRITE
+NETSURF_FEATURE_NSPSL_CFLAGS := -DWITH_NSPSL
$(eval $(call pkg_config_find_and_add_enabled,OPENSSL,openssl,OpenSSL))
# freemint does not support pkg-config for libcurl
@@ -540,6 +541,7 @@ $(eval $(call pkg_config_find_and_add_enabled,BMP,libnsbmp,BMP))
$(eval $(call pkg_config_find_and_add_enabled,GIF,libnsgif,GIF))
$(eval $(call pkg_config_find_and_add_enabled,NSSVG,libsvgtiny,SVG))
$(eval $(call pkg_config_find_and_add_enabled,ROSPRITE,librosprite,Sprite))
+$(eval $(call pkg_config_find_and_add_enabled,NSPSL,libnspsl,PSL))
# List of directories in which headers are searched for
INCLUDE_DIRS :=. include $(OBJROOT)
diff --git a/Makefile.defaults b/Makefile.defaults
index c2a91e625..619b8db08 100644
--- a/Makefile.defaults
+++ b/Makefile.defaults
@@ -69,6 +69,9 @@ NETSURF_USE_DUKTAPE := YES
# Valid options: YES, NO
NETSURF_USE_HARU_PDF := NO
+# Enable the use of the Public suffix library to detect supercookies
+NETSURF_USE_NSPSL := AUTO
+
# Enable stripping the NetSurf binary
# Valid options: YES, NO
NETSURF_STRIP_BINARY := NO
diff --git a/content/urldb.c b/content/urldb.c
index 4888afcfe..b6eaf630b 100644
--- a/content/urldb.c
+++ b/content/urldb.c
@@ -94,6 +94,9 @@
#include <string.h>
#include <strings.h>
#include <time.h>
+#ifdef WITH_NSPSL
+#include <nspsl.h>
+#endif
#include "utils/inet.h"
#include "utils/nsoption.h"
@@ -3353,6 +3356,7 @@ bool urldb_set_cookie(const char *header, nsurl *url, nsurl *referer)
do {
struct cookie_internal_data *c;
+ const char *suffix;
char *dot;
size_t len;
@@ -3379,6 +3383,19 @@ bool urldb_set_cookie(const char *header, nsurl *url, nsurl *referer)
goto error;
}
+#ifdef WITH_NSPSL
+ /* check domain is not a public suffix */
+ dot = c->domain;
+ if (*dot == '.') {
+ dot++;
+ }
+ suffix = nspsl_getpublicsuffix(dot);
+ if (suffix == NULL) {
+ LOG("domain %s was a public suffix domain", dot);
+ urldb_free_cookie(c);
+ goto error;
+ }
+#else
/* 4.3.2:ii Cookie domain must contain embedded dots */
dot = strchr(c->domain + 1, '.');
if (!dot || *(dot + 1) == '\0') {
@@ -3386,6 +3403,7 @@ bool urldb_set_cookie(const char *header, nsurl *url, nsurl *referer)
urldb_free_cookie(c);
goto error;
}
+#endif
/* Domain match fetch host with cookie domain */
if (strcasecmp(lwc_string_data(host), c->domain) != 0) {