olegk 2003/01/28 14:09:52 Modified: httpclient/src/java/org/apache/commons/httpclient/cookie CookieSpecBase.java RFC2109Spec.java httpclient/src/test/org/apache/commons/httpclient TestCookie.java Log: PR: 16497, 16505 Submitted by: Oleg Kalnichevski Fixes the following bugs: http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16497 http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16505 Revision Changes Path 1.10 +10 -3 jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/cookie/CookieSpecBase.java Index: CookieSpecBase.java =================================================================== RCS file: /home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/cookie/CookieSpecBase.java,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- CookieSpecBase.java 28 Jan 2003 04:40:23 -0000 1.9 +++ CookieSpecBase.java 28 Jan 2003 22:09:48 -0000 1.10 @@ -446,6 +446,13 @@ + "\". Domain of origin: \"" + host + "\""); } } + else { + if (!host.equals(cookie.getDomain())) { + throw new MalformedCookieException( + "Illegal domain attribute \"" + cookie.getDomain() + + "\". Domain of origin: \"" + host + "\""); + } + } // another security check... we musn't allow the server to give us a // cookie that doesn't match this path 1.9 +26 -20 jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/cookie/RFC2109Spec.java Index: RFC2109Spec.java =================================================================== RCS file: /home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/cookie/RFC2109Spec.java,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- RFC2109Spec.java 28 Jan 2003 04:40:23 -0000 1.8 +++ RFC2109Spec.java 28 Jan 2003 22:09:48 -0000 1.9 @@ -167,17 +167,22 @@ if (dotIndex < 0 || dotIndex == cookie.getDomain().length() - 1) { throw new MalformedCookieException("Domain attribute \"" + cookie.getDomain() - + "\" violates RFC 2109: domain must contain an " - + "embedded dot"); + + "\" violates RFC 2109: domain must contain an embedded dot"); } - // host minus domain may not contain any dots - if (host.substring(0, - host.length() - - cookie.getDomain().length()).indexOf('.') != -1) { - throw new MalformedCookieException("Domain attribute \"" - + cookie.getDomain() - + "\" violates RFC 2109: host minus domain may not " - + "contain any dots"); + host = host.toLowerCase(); + if (host.indexOf('.') >= 0) { + if (!host.endsWith(cookie.getDomain())) { + throw new MalformedCookieException( + "Illegal domain attribute \"" + cookie.getDomain() + + "\". Domain of origin: \"" + host + "\""); + } + // host minus domain may not contain any dots + String hostWithoutDomain = host.substring(0, host.length() - cookie.getDomain().length()); + if (hostWithoutDomain.indexOf('.') != -1) { + throw new MalformedCookieException("Domain attribute \"" + + cookie.getDomain() + + "\" violates RFC 2109: host minus domain may not contain any dots"); + } } } } @@ -246,7 +251,13 @@ if (cookie == null) { throw new IllegalArgumentException("Cookie may not be null"); } - return formatCookieAsVer(cookie, cookie.getVersion()); + int ver = cookie.getVersion(); + StringBuffer buffer = new StringBuffer(); + buffer.append(formatNameValuePair("$Version", + Integer.toString(ver), ver)); + buffer.append("; "); + buffer.append(formatCookieAsVer(cookie, ver)); + return buffer.toString(); } /** @@ -286,11 +297,6 @@ */ public Header formatCookieHeader(Cookie cookie) { LOG.trace("enter RFC2109Spec.formatCookieHeader(Cookie)"); - StringBuffer buffer = new StringBuffer(); - buffer.append(formatNameValuePair("$Version", - Integer.toString(cookie.getVersion()), cookie.getVersion())); - buffer.append("; "); - buffer.append(formatCookie(cookie)); - return new Header("Cookie", buffer.toString()); + return new Header("Cookie", formatCookie(cookie)); } } 1.20 +48 -6 jakarta-commons/httpclient/src/test/org/apache/commons/httpclient/TestCookie.java Index: TestCookie.java =================================================================== RCS file: /home/cvs/jakarta-commons/httpclient/src/test/org/apache/commons/httpclient/TestCookie.java,v retrieving revision 1.19 retrieving revision 1.20 diff -u -r1.19 -r1.20 --- TestCookie.java 23 Jan 2003 22:48:25 -0000 1.19 +++ TestCookie.java 28 Jan 2003 22:09:51 -0000 1.20 @@ -792,7 +792,48 @@ // Expected } } + + /** + * Tests if default cookie validator rejects cookies originating from a host without domain + * where domain attribute does not match the host of origin + */ + public void testInvalidDomainWithSimpleHostName() { + CookieSpec parser = CookiePolicy.getDefaultSpec(); + Header setCookie = null; + Cookie[] cookies = null; + try { + setCookie = new Header( + "Set-Cookie", "name=\"value\"; version=\"1\"; path=\"/\"; domain=\".mydomain.com\""); + cookies = parser.parse("host", 80, "/", false, setCookie ); + try { + parser.validate("host", 80, "/", false, cookies[0]); + fail("MalformedCookieException must have thrown"); + } + catch(MalformedCookieException expected) { + } + } + catch(HttpException e) { + e.printStackTrace(); + fail("Unexpected exception: " + e.toString()); + } + try { + setCookie = new Header( + "Set-Cookie", "name=\"value\"; version=\"1\"; path=\"/\"; domain=\"host1\""); + cookies = parser.parse("host2", 80, "/", false, setCookie ); + try { + parser.validate("host2", 80, "/", false, cookies[0]); + fail("MalformedCookieException must have thrown"); + } + catch(MalformedCookieException expected) { + } + } + catch(HttpException e) { + e.printStackTrace(); + fail("Unexpected exception: " + e.toString()); + } + } + /** * Makes sure that a cookie matches with a path of the same value. */ @@ -817,6 +858,7 @@ } + /** * Tests generic cookie formatting. */ @@ -872,14 +914,14 @@ cookies = parser.parse("myhost.mydomain.com", 80, "/", false, setCookie ); parser.validate("myhost.mydomain.com", 80, "/", false, cookies[0]); String s1 = parser.formatCookie(cookies[0]); - assertEquals(s1, "name=\"value\"; $Domain=\".mydomain.com\"; $Path=\"/\""); + assertEquals(s1, "$Version=\"1\"; name=\"value\"; $Domain=\".mydomain.com\"; $Path=\"/\""); setCookie = new Header( "Set-Cookie", "name=value; path=/; domain=.mydomain.com"); cookies = parser.parse("myhost.mydomain.com", 80, "/", false, setCookie ); parser.validate("myhost.mydomain.com", 80, "/", false, cookies[0]); String s2 = parser.formatCookie(cookies[0]); - assertEquals(s2, "name=value; $Domain=.mydomain.com; $Path=/"); + assertEquals(s2, "$Version=0; name=value; $Domain=.mydomain.com; $Path=/"); } catch(HttpException e) { e.printStackTrace();
-- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>