diff options
author | Vincent Sanders <vince@kyllikki.org> | 2016-09-20 21:45:35 +0100 |
---|---|---|
committer | Vincent Sanders <vince@kyllikki.org> | 2016-09-20 21:45:35 +0100 |
commit | 1ef1edc9e0bc001f3324bc7fa616c4bd0cc79466 (patch) | |
tree | 6cd4fc9f16bb1fceae20ee497924d4b4e4030661 | |
parent | 608a18caff8d1b994ab24fa74b64885e67e6348e (diff) | |
download | netsurf-1ef1edc9e0bc001f3324bc7fa616c4bd0cc79466.tar.gz netsurf-1ef1edc9e0bc001f3324bc7fa616c4bd0cc79466.tar.bz2 |
enable use of netsurf public suffix library to prevent supercookies
-rw-r--r-- | Docs/env.sh | 2 | ||||
-rw-r--r-- | Makefile | 2 | ||||
-rw-r--r-- | Makefile.defaults | 3 | ||||
-rw-r--r-- | content/urldb.c | 18 |
4 files changed, 24 insertions, 1 deletions
diff --git a/Docs/env.sh b/Docs/env.sh index 6fb009cbb..b0a30c8d0 100644 --- a/Docs/env.sh +++ b/Docs/env.sh @@ -90,7 +90,7 @@ NS_GIT="git://git.netsurf-browser.org" NS_BUILDSYSTEM="buildsystem" # internal libraries all frontends require (order is important) -NS_INTERNAL_LIBS="libwapcaplet libparserutils libhubbub libdom libcss libnsgif libnsbmp libutf8proc libnsutils" +NS_INTERNAL_LIBS="libwapcaplet libparserutils libhubbub libdom libcss libnsgif libnsbmp libutf8proc libnsutils libnspsl" # The browser itself NS_BROWSER="netsurf" @@ -525,6 +525,7 @@ NETSURF_FEATURE_CURL_CFLAGS := -DWITH_CURL NETSURF_FEATURE_NSSVG_CFLAGS := -DWITH_NS_SVG NETSURF_FEATURE_OPENSSL_CFLAGS := -DWITH_OPENSSL NETSURF_FEATURE_ROSPRITE_CFLAGS := -DWITH_NSSPRITE +NETSURF_FEATURE_NSPSL_CFLAGS := -DWITH_NSPSL $(eval $(call pkg_config_find_and_add_enabled,OPENSSL,openssl,OpenSSL)) # freemint does not support pkg-config for libcurl @@ -540,6 +541,7 @@ $(eval $(call pkg_config_find_and_add_enabled,BMP,libnsbmp,BMP)) $(eval $(call pkg_config_find_and_add_enabled,GIF,libnsgif,GIF)) $(eval $(call pkg_config_find_and_add_enabled,NSSVG,libsvgtiny,SVG)) $(eval $(call pkg_config_find_and_add_enabled,ROSPRITE,librosprite,Sprite)) +$(eval $(call pkg_config_find_and_add_enabled,NSPSL,libnspsl,PSL)) # List of directories in which headers are searched for INCLUDE_DIRS :=. include $(OBJROOT) diff --git a/Makefile.defaults b/Makefile.defaults index c2a91e625..619b8db08 100644 --- a/Makefile.defaults +++ b/Makefile.defaults @@ -69,6 +69,9 @@ NETSURF_USE_DUKTAPE := YES # Valid options: YES, NO NETSURF_USE_HARU_PDF := NO +# Enable the use of the Public suffix library to detect supercookies +NETSURF_USE_NSPSL := AUTO + # Enable stripping the NetSurf binary # Valid options: YES, NO NETSURF_STRIP_BINARY := NO diff --git a/content/urldb.c b/content/urldb.c index 4888afcfe..b6eaf630b 100644 --- a/content/urldb.c +++ b/content/urldb.c @@ -94,6 +94,9 @@ #include <string.h> #include <strings.h> #include <time.h> +#ifdef WITH_NSPSL +#include <nspsl.h> +#endif #include "utils/inet.h" #include "utils/nsoption.h" @@ -3353,6 +3356,7 @@ bool urldb_set_cookie(const char *header, nsurl *url, nsurl *referer) do { struct cookie_internal_data *c; + const char *suffix; char *dot; size_t len; @@ -3379,6 +3383,19 @@ bool urldb_set_cookie(const char *header, nsurl *url, nsurl *referer) goto error; } +#ifdef WITH_NSPSL + /* check domain is not a public suffix */ + dot = c->domain; + if (*dot == '.') { + dot++; + } + suffix = nspsl_getpublicsuffix(dot); + if (suffix == NULL) { + LOG("domain %s was a public suffix domain", dot); + urldb_free_cookie(c); + goto error; + } +#else /* 4.3.2:ii Cookie domain must contain embedded dots */ dot = strchr(c->domain + 1, '.'); if (!dot || *(dot + 1) == '\0') { @@ -3386,6 +3403,7 @@ bool urldb_set_cookie(const char *header, nsurl *url, nsurl *referer) urldb_free_cookie(c); goto error; } +#endif /* Domain match fetch host with cookie domain */ if (strcasecmp(lwc_string_data(host), c->domain) != 0) { |