netwerk/cookie/nsCookieService.cpp

branch
TOR_BUG_3246
changeset 4
fc2d59ddac77
parent 0
6474c204b198
child 7
129ffea94266
     1.1 --- a/netwerk/cookie/nsCookieService.cpp	Wed Dec 31 06:55:50 2014 +0100
     1.2 +++ b/netwerk/cookie/nsCookieService.cpp	Wed Dec 31 07:22:50 2014 +0100
     1.3 @@ -262,6 +262,7 @@
     1.4      PR_LOG(GetCookieLog(), PR_LOG_DEBUG,("name: %s\n", aCookie->Name().get()));
     1.5      PR_LOG(GetCookieLog(), PR_LOG_DEBUG,("value: %s\n", aCookie->Value().get()));
     1.6      PR_LOG(GetCookieLog(), PR_LOG_DEBUG,("%s: %s\n", aCookie->IsDomain() ? "domain" : "host", aCookie->Host().get()));
     1.7 +    PR_LOG(GetCookieLog(), PR_LOG_DEBUG,("orighost: %s\n", aCookie->Origin().get()));
     1.8      PR_LOG(GetCookieLog(), PR_LOG_DEBUG,("path: %s\n", aCookie->Path().get()));
     1.9  
    1.10      PR_ExplodeTime(aCookie->Expiry() * int64_t(PR_USEC_PER_SEC),
    1.11 @@ -1634,9 +1635,19 @@
    1.12  
    1.13    bool isPrivate = aChannel && NS_UsePrivateBrowsing(aChannel);
    1.14  
    1.15 +  nsCOMPtr<nsIURI> firstPartyURI;
    1.16 +  mThirdPartyUtil->GetFirstPartyURI(aChannel, nullptr, getter_AddRefs(firstPartyURI));
    1.17 +  bool requireHostMatch;
    1.18 +  nsAutoCString origDomain;
    1.19 +  nsresult rv = GetBaseDomain(firstPartyURI, origDomain, requireHostMatch);
    1.20 +  if (NS_FAILED(rv)) {
    1.21 +    COOKIE_LOGFAILURE(GET_COOKIE, aHostURI, nullptr,
    1.22 +                      "couldn't get base domain from URI");
    1.23 +  }
    1.24 +
    1.25    nsAutoCString result;
    1.26    GetCookieStringInternal(aHostURI, isForeign, aHttpBound, appId,
    1.27 -                          inBrowserElement, isPrivate, result);
    1.28 +                          inBrowserElement, isPrivate, origDomain, result);
    1.29    *aCookie = result.IsEmpty() ? nullptr : ToNewCString(result);
    1.30    return NS_OK;
    1.31  }
    1.32 @@ -1716,6 +1727,10 @@
    1.33    return NS_OK;
    1.34  }
    1.35  
    1.36 +// FIXME:MSvB DEBUG DEBUG - DELETEME DELETEME - debug debug - deleteme deleteme
    1.37 +// FIXME:MSvB Setting a 3rd party cookie (on third.tld) for URL bar browsed
    1.38 +// FIXME:MSvB   site first.tld causes aHostURI (and later the origin var) to
    1.39 +// FIXME:MSvB   contain 'third.tld'
    1.40  void
    1.41  nsCookieService::SetCookieStringInternal(nsIURI             *aHostURI,
    1.42                                           bool                aIsForeign,
    1.43 @@ -1792,9 +1807,20 @@
    1.44      serverTime = PR_Now() / PR_USEC_PER_SEC;
    1.45    }
    1.46  
    1.47 +  // double keyed cookie boilerplate
    1.48 +  nsCOMPtr<nsIURI> firstPartyURI;
    1.49 +  mThirdPartyUtil->GetFirstPartyURI(aChannel, nullptr, getter_AddRefs(firstPartyURI));
    1.50 +  nsAutoCString origDomain;
    1.51 +  rv = GetBaseDomain(firstPartyURI, origDomain, requireHostMatch);
    1.52 +  if (NS_FAILED(rv)) {
    1.53 +    COOKIE_LOGFAILURE(GET_COOKIE, aHostURI, nullptr,
    1.54 +                      "couldn't get base domain from URI");
    1.55 +  }
    1.56 +
    1.57    // process each cookie in the header
    1.58 -  while (SetCookieInternal(aHostURI, key, requireHostMatch, cookieStatus,
    1.59 -                           aCookieHeader, serverTime, aFromHttp, aChannel)) {
    1.60 +  while (SetCookieInternal(aHostURI, key, requireHostMatch, origDomain,
    1.61 +                           cookieStatus, aCookieHeader, serverTime,
    1.62 +                           aFromHttp, aChannel)) {
    1.63      // document.cookie can only set one cookie at a time
    1.64      if (!aFromHttp)
    1.65        break;
    1.66 @@ -2026,7 +2052,7 @@
    1.67    int64_t currentTimeInUsec = PR_Now();
    1.68  
    1.69    nsRefPtr<nsCookie> cookie =
    1.70 -    nsCookie::Create(aName, aValue, host, aPath,
    1.71 +    nsCookie::Create(aName, aValue, host, baseDomain, aPath,
    1.72                       aExpiry,
    1.73                       currentTimeInUsec,
    1.74                       nsCookie::GenerateUniqueCreationTime(currentTimeInUsec),
    1.75 @@ -2064,6 +2090,7 @@
    1.76    nsListIter matchIter;
    1.77    nsRefPtr<nsCookie> cookie;
    1.78    if (FindCookie(nsCookieKey(baseDomain, aAppId, aInBrowserElement),
    1.79 +                 baseDomain,
    1.80                   host,
    1.81                   PromiseFlatCString(aName),
    1.82                   PromiseFlatCString(aPath),
    1.83 @@ -2191,8 +2218,12 @@
    1.84    bool isSecure = 0 != aRow->AsInt32(IDX_SECURE);
    1.85    bool isHttpOnly = 0 != aRow->AsInt32(IDX_HTTPONLY);
    1.86  
    1.87 +  nsAutoCString baseDomain;
    1.88 +  rv = GetBaseDomainFromHost(host, baseDomain);
    1.89 +  NS_ASSERT_SUCCESS(rv);
    1.90 +
    1.91    // Create a new nsCookie and assign the data.
    1.92 -  return nsCookie::Create(name, value, host, path,
    1.93 +  return nsCookie::Create(name, value, host, baseDomain, path,
    1.94                            expiry,
    1.95                            lastAccessed,
    1.96                            creationTime,
    1.97 @@ -2579,6 +2610,7 @@
    1.98        nsCookie::Create(Substring(buffer, nameIndex, cookieIndex - nameIndex - 1),
    1.99                         Substring(buffer, cookieIndex, buffer.Length() - cookieIndex),
   1.100                         host,
   1.101 +                       baseDomain,
   1.102                         Substring(buffer, pathIndex, secureIndex - pathIndex - 1),
   1.103                         expires,
   1.104                         lastAccessedCounter,
   1.105 @@ -2664,6 +2696,7 @@
   1.106                                           uint32_t aAppId,
   1.107                                           bool aInBrowserElement,
   1.108                                           bool aIsPrivate,
   1.109 +                                         nsCString &aOrigDomain,
   1.110                                           nsCString &aCookieString)
   1.111  {
   1.112    NS_ASSERTION(aHostURI, "null host!");
   1.113 @@ -2732,6 +2765,13 @@
   1.114    for (nsCookieEntry::IndexType i = 0; i < cookies.Length(); ++i) {
   1.115      cookie = cookies[i];
   1.116  
   1.117 +    // Check the origin key. We only continue if the
   1.118 +    // saved origin matches matches the origin domain.
   1.119 +    // FIXME:MSvB, other places iterate cookies too, handle them likewise?
   1.120 +    if (cookie->Origin() != aOrigDomain) {
   1.121 +      continue;
   1.122 +    }
   1.123 +
   1.124      // check the host, since the base domain lookup is conservative.
   1.125      // first, check for an exact host or domain cookie match, e.g. "google.com"
   1.126      // or ".google.com"; second a subdomain match, e.g.
   1.127 @@ -2854,6 +2894,7 @@
   1.128  nsCookieService::SetCookieInternal(nsIURI                        *aHostURI,
   1.129                                     const nsCookieKey             &aKey,
   1.130                                     bool                           aRequireHostMatch,
   1.131 +                                   const nsCString               &aOrigin,
   1.132                                     CookieStatus                   aStatus,
   1.133                                     nsDependentCString            &aCookieHeader,
   1.134                                     int64_t                        aServerTime,
   1.135 @@ -2910,10 +2951,13 @@
   1.136    }
   1.137  
   1.138    // create a new nsCookie and copy attributes
   1.139 +//FIXME:MSvB, The name and value vars are neither host nor key
   1.140 +//FIXME:MSvB, host shows up in cookie inspector, as a index key
   1.141    nsRefPtr<nsCookie> cookie =
   1.142      nsCookie::Create(cookieAttributes.name,
   1.143                       cookieAttributes.value,
   1.144                       cookieAttributes.host,
   1.145 +                     aOrigin,
   1.146                       cookieAttributes.path,
   1.147                       cookieAttributes.expiryTime,
   1.148                       currentTimeInUsec,
   1.149 @@ -2975,8 +3019,8 @@
   1.150    }
   1.151  
   1.152    nsListIter matchIter;
   1.153 -  bool foundCookie = FindCookie(aKey, aCookie->Host(),
   1.154 -    aCookie->Name(), aCookie->Path(), matchIter);
   1.155 +  bool foundCookie = FindCookie(aKey, aCookie->Origin(),
   1.156 +    aCookie->Host(), aCookie->Name(), aCookie->Path(), matchIter);
   1.157  
   1.158    nsRefPtr<nsCookie> oldCookie;
   1.159    nsCOMPtr<nsIArray> purgedList;
   1.160 @@ -3885,9 +3929,11 @@
   1.161      return NS_ERROR_NOT_AVAILABLE;
   1.162    }
   1.163  
   1.164 -  nsAutoCString host, name, path;
   1.165 +  nsAutoCString host, origin, name, path;
   1.166    nsresult rv = aCookie->GetHost(host);
   1.167    NS_ENSURE_SUCCESS(rv, rv);
   1.168 +  rv = aCookie->GetOrigin(origin);
   1.169 +  NS_ENSURE_SUCCESS(rv, rv);
   1.170    rv = aCookie->GetName(name);
   1.171    NS_ENSURE_SUCCESS(rv, rv);
   1.172    rv = aCookie->GetPath(path);
   1.173 @@ -3898,7 +3944,7 @@
   1.174    NS_ENSURE_SUCCESS(rv, rv);
   1.175  
   1.176    nsListIter iter;
   1.177 -  *aFoundCookie = FindCookie(DEFAULT_APP_KEY(baseDomain), host, name, path, iter);
   1.178 +  *aFoundCookie = FindCookie(DEFAULT_APP_KEY(baseDomain), origin, host, name, path, iter);
   1.179    return NS_OK;
   1.180  }
   1.181  
   1.182 @@ -4105,6 +4151,7 @@
   1.183  // find an exact cookie specified by host, name, and path that hasn't expired.
   1.184  bool
   1.185  nsCookieService::FindCookie(const nsCookieKey    &aKey,
   1.186 +                            const nsAFlatCString &aOrigin,
   1.187                              const nsAFlatCString &aHost,
   1.188                              const nsAFlatCString &aName,
   1.189                              const nsAFlatCString &aPath,
   1.190 @@ -4120,7 +4167,8 @@
   1.191    for (nsCookieEntry::IndexType i = 0; i < cookies.Length(); ++i) {
   1.192      nsCookie *cookie = cookies[i];
   1.193  
   1.194 -    if (aHost.Equals(cookie->Host()) &&
   1.195 +    if (aOrigin.Equals(cookie->Origin()) &&
   1.196 +        aHost.Equals(cookie->Host()) &&
   1.197          aPath.Equals(cookie->Path()) &&
   1.198          aName.Equals(cookie->Name())) {
   1.199        aIter = nsListIter(entry, i);

mercurial