Re: [Bug-wget] Issue in cookie path checking
cookies.c:727:59: warning: pointer/integer type mismatch in
conditional expression ('char *' and 'int')
[-Wconditional-type-mismatch]
if (!check_path_match (cookie-path, trailing_slash ?
strdupdelim (path, trailing_slash + 1) : '/'))
Hi Yasuhisa,
Thanks a lot or the patch file! However, I am unable to compile the
sources with your patch applied.
The issue occrus at cookies.c:653. I'm assuming you wanted to write:
return patch_matches (cookie_patch, path) != 0;
There's also an issue with the ternary operation you introduce at cookies.c:727
My compiler gave me the following warning message, which I do believe
is not a false positive and should be fixed:
cookies.c:727:59: warning: pointer/integer type mismatch in
conditional expression ('char *' and 'int')
[-Wconditional-type-mismatch]
if (!check_path_match (cookie-path, trailing_slash ? strdupdelim
(path, trailing_slash + 1) : '/'))
It would be very nice of you if you could fix these issues. The code
seems to be correct otherwise to me.
On Thu, Jun 12, 2014 at 8:09 PM, yasuhisa.ishik...@kumaneko.org wrote:
Hi Darshit,
Sorry to be late. I have never used git so it takes long for me to learn
how to generate path using git.
I’m not sure I have done it well. If there are something wrong with this
attachment, please correct.
Regards,
Yasuhisa Ishikawa
2014/06/04 3:09、Darshit Shah dar...@gmail.com のメール:
Hi Yasuhisa,
Thanks for the patch. The cookie domain patch checking code in Wget
was old and only based on a heuristic. However, we are currently in
the process of using libpsl a library that handles this for us. I have
submitted a patch which is currently in the pipeline that adds support
for using libpsl to perform cookie domain name checking.
Your code may stil be useful in the fallback mechanism. Could you
please send a patch file as generated by `git format-patch` against
the current HEAD of the tree and also add the details to the relevant
ChangeLog file? It would make applying the patch so much easier for
us.
On Thu, May 8, 2014 at 8:12 PM, yasuhisa.ishik...@kumaneko.org
yasuhisa.ishik...@kumaneko.org wrote:
Hi all,
I found two issues in path checking code in cookie.c.
In cookie_handle_set_cookie(), path in Set-Cookie header should be
checked so as not to be accepted when it is upper than that of
requested document.
However, current implementation works as:
- check_path_match() validate the path of requested document
when its prefix is same with cookie_path.
path_matches(full_path, prefix) checks if full_path starts with prefix.
Current code allows /foo/bar/test.html to issue path=/ cookie.
Expected behavior is opposite. cookie_path must be child of current path.
- cookie-path is compared with path(full document path including filename)
in stead of its parent path.
I applied following fix, and it works as expected. Please consider to merge
this fix in next release.
$ diff -c wget-1.15/src/cookies.c.orig wget-1.15/src/cookies.c
*** wget-1.15/src/cookies.c.orig2013-10-21 23:50:12.0 +0900
--- wget-1.15/src/cookies.c 2014-05-08 22:47:57.317467164 +0900
***
*** 634,640
static bool
check_path_match (const char *cookie_path, const char *path)
{
! return path_matches (path, cookie_path) != 0;
}
/* Prepend '/' to string S. S is copied to fresh stack-allocated
--- 634,640
static bool
check_path_match (const char *cookie_path, const char *path)
{
! return path_matches (cookie_path, path) != 0;
}
/* Prepend '/' to string S. S is copied to fresh stack-allocated
***
*** 707,713
else
{
/* The cookie sets its own path; verify that it is legal. */
! if (!check_path_match (cookie-path, path))
{
DEBUGP ((Attempt to fake the path: %s, %s\n,
cookie-path, path));
--- 707,714
else
{
/* The cookie sets its own path; verify that it is legal. */
! char *trailing_slash = strrchr (path, '/');
! if (!check_path_match (cookie-path, trailing_slash ? strdupdelim
(path, trailing_slash + 1) : '/'))
{
DEBUGP ((Attempt to fake the path: %s, %s\n,
cookie-path, path));
$
Thanks,
Yasuhisa Ishikawa
--
Thanking You,
Darshit Shah
--
Thanking You,
Darshit Shah
Re: [Bug-wget] Issue in cookie path checking
Darshit,
Sorry, I’m not familiar with git and git clone”ed branch so I could not run
make before.
I hope this work….
0001-2014-06-16-Yasuhisa-Ishikawa-yasuhisa.ishikawa-kuman.patch
Description: Binary data
Yasuhisa Ishikawa
2014/06/16 18:06、Darshit Shah dar...@gmail.com のメール:
cookies.c:727:59: warning: pointer/integer type mismatch in
conditional expression ('char *' and 'int')
[-Wconditional-type-mismatch]
if (!check_path_match (cookie-path, trailing_slash ?
strdupdelim (path, trailing_slash + 1) : '/'))
Hi Yasuhisa,
Thanks a lot or the patch file! However, I am unable to compile the
sources with your patch applied.
The issue occrus at cookies.c:653. I'm assuming you wanted to write:
return patch_matches (cookie_patch, path) != 0;
There's also an issue with the ternary operation you introduce at
cookies.c:727
My compiler gave me the following warning message, which I do believe
is not a false positive and should be fixed:
cookies.c:727:59: warning: pointer/integer type mismatch in
conditional expression ('char *' and 'int')
[-Wconditional-type-mismatch]
if (!check_path_match (cookie-path, trailing_slash ? strdupdelim
(path, trailing_slash + 1) : '/'))
It would be very nice of you if you could fix these issues. The code
seems to be correct otherwise to me.
On Thu, Jun 12, 2014 at 8:09 PM, yasuhisa.ishik...@kumaneko.org wrote:
Hi Darshit,
Sorry to be late. I have never used git so it takes long for me to learn
how to generate path using git.
I’m not sure I have done it well. If there are something wrong with this
attachment, please correct.
Regards,
Yasuhisa Ishikawa
2014/06/04 3:09、Darshit Shah dar...@gmail.com のメール:
Hi Yasuhisa,
Thanks for the patch. The cookie domain patch checking code in Wget
was old and only based on a heuristic. However, we are currently in
the process of using libpsl a library that handles this for us. I have
submitted a patch which is currently in the pipeline that adds support
for using libpsl to perform cookie domain name checking.
Your code may stil be useful in the fallback mechanism. Could you
please send a patch file as generated by `git format-patch` against
the current HEAD of the tree and also add the details to the relevant
ChangeLog file? It would make applying the patch so much easier for
us.
On Thu, May 8, 2014 at 8:12 PM, yasuhisa.ishik...@kumaneko.org
yasuhisa.ishik...@kumaneko.org wrote:
Hi all,
I found two issues in path checking code in cookie.c.
In cookie_handle_set_cookie(), path in Set-Cookie header should be
checked so as not to be accepted when it is upper than that of
requested document.
However, current implementation works as:
- check_path_match() validate the path of requested document
when its prefix is same with cookie_path.
path_matches(full_path, prefix) checks if full_path starts with prefix.
Current code allows /foo/bar/test.html to issue path=/ cookie.
Expected behavior is opposite. cookie_path must be child of current path.
- cookie-path is compared with path(full document path including filename)
in stead of its parent path.
I applied following fix, and it works as expected. Please consider to
merge this fix in next release.
$ diff -c wget-1.15/src/cookies.c.orig wget-1.15/src/cookies.c
*** wget-1.15/src/cookies.c.orig2013-10-21 23:50:12.0 +0900
--- wget-1.15/src/cookies.c 2014-05-08 22:47:57.317467164 +0900
***
*** 634,640
static bool
check_path_match (const char *cookie_path, const char *path)
{
! return path_matches (path, cookie_path) != 0;
}
/* Prepend '/' to string S. S is copied to fresh stack-allocated
--- 634,640
static bool
check_path_match (const char *cookie_path, const char *path)
{
! return path_matches (cookie_path, path) != 0;
}
/* Prepend '/' to string S. S is copied to fresh stack-allocated
***
*** 707,713
else
{
/* The cookie sets its own path; verify that it is legal. */
! if (!check_path_match (cookie-path, path))
{
DEBUGP ((Attempt to fake the path: %s, %s\n,
cookie-path, path));
--- 707,714
else
{
/* The cookie sets its own path; verify that it is legal. */
! char *trailing_slash = strrchr (path, '/');
! if (!check_path_match (cookie-path, trailing_slash ? strdupdelim
(path, trailing_slash + 1) : '/'))
{
DEBUGP ((Attempt to fake the path: %s, %s\n,
cookie-path, path));
$
Thanks,
Yasuhisa Ishikawa
--
Thanking You,
Darshit Shah
--
Thanking You,
Darshit Shah
Re: [Bug-wget] Issue in cookie path checking
Hi Darshit,
Sorry to be late. I have never used git so it takes long for me to learn
how to generate path using git.
I’m not sure I have done it well. If there are something wrong with this
attachment, please correct.
0001-2014-06-12-Yasuhisa-Ishikawa-yasuhisa.ishikawa-kuman.patch
Description: Binary data
Regards,
Yasuhisa Ishikawa
2014/06/04 3:09、Darshit Shah dar...@gmail.com のメール:
Hi Yasuhisa,
Thanks for the patch. The cookie domain patch checking code in Wget
was old and only based on a heuristic. However, we are currently in
the process of using libpsl a library that handles this for us. I have
submitted a patch which is currently in the pipeline that adds support
for using libpsl to perform cookie domain name checking.
Your code may stil be useful in the fallback mechanism. Could you
please send a patch file as generated by `git format-patch` against
the current HEAD of the tree and also add the details to the relevant
ChangeLog file? It would make applying the patch so much easier for
us.
On Thu, May 8, 2014 at 8:12 PM, yasuhisa.ishik...@kumaneko.org
yasuhisa.ishik...@kumaneko.org wrote:
Hi all,
I found two issues in path checking code in cookie.c.
In cookie_handle_set_cookie(), path in Set-Cookie header should be
checked so as not to be accepted when it is upper than that of
requested document.
However, current implementation works as:
- check_path_match() validate the path of requested document
when its prefix is same with cookie_path.
path_matches(full_path, prefix) checks if full_path starts with prefix.
Current code allows /foo/bar/test.html to issue path=/ cookie.
Expected behavior is opposite. cookie_path must be child of current path.
- cookie-path is compared with path(full document path including filename)
in stead of its parent path.
I applied following fix, and it works as expected. Please consider to merge
this fix in next release.
$ diff -c wget-1.15/src/cookies.c.orig wget-1.15/src/cookies.c
*** wget-1.15/src/cookies.c.orig2013-10-21 23:50:12.0 +0900
--- wget-1.15/src/cookies.c 2014-05-08 22:47:57.317467164 +0900
***
*** 634,640
static bool
check_path_match (const char *cookie_path, const char *path)
{
! return path_matches (path, cookie_path) != 0;
}
/* Prepend '/' to string S. S is copied to fresh stack-allocated
--- 634,640
static bool
check_path_match (const char *cookie_path, const char *path)
{
! return path_matches (cookie_path, path) != 0;
}
/* Prepend '/' to string S. S is copied to fresh stack-allocated
***
*** 707,713
else
{
/* The cookie sets its own path; verify that it is legal. */
! if (!check_path_match (cookie-path, path))
{
DEBUGP ((Attempt to fake the path: %s, %s\n,
cookie-path, path));
--- 707,714
else
{
/* The cookie sets its own path; verify that it is legal. */
! char *trailing_slash = strrchr (path, '/');
! if (!check_path_match (cookie-path, trailing_slash ? strdupdelim
(path, trailing_slash + 1) : '/'))
{
DEBUGP ((Attempt to fake the path: %s, %s\n,
cookie-path, path));
$
Thanks,
Yasuhisa Ishikawa
--
Thanking You,
Darshit Shah
Re: [Bug-wget] Issue in cookie path checking
Hi Yasuhisa,
Thanks for the patch. The cookie domain patch checking code in Wget
was old and only based on a heuristic. However, we are currently in
the process of using libpsl a library that handles this for us. I have
submitted a patch which is currently in the pipeline that adds support
for using libpsl to perform cookie domain name checking.
Your code may stil be useful in the fallback mechanism. Could you
please send a patch file as generated by `git format-patch` against
the current HEAD of the tree and also add the details to the relevant
ChangeLog file? It would make applying the patch so much easier for
us.
On Thu, May 8, 2014 at 8:12 PM, yasuhisa.ishik...@kumaneko.org
yasuhisa.ishik...@kumaneko.org wrote:
Hi all,
I found two issues in path checking code in cookie.c.
In cookie_handle_set_cookie(), path in Set-Cookie header should be
checked so as not to be accepted when it is upper than that of
requested document.
However, current implementation works as:
- check_path_match() validate the path of requested document
when its prefix is same with cookie_path.
path_matches(full_path, prefix) checks if full_path starts with prefix.
Current code allows /foo/bar/test.html to issue path=/ cookie.
Expected behavior is opposite. cookie_path must be child of current path.
- cookie-path is compared with path(full document path including filename)
in stead of its parent path.
I applied following fix, and it works as expected. Please consider to merge
this fix in next release.
$ diff -c wget-1.15/src/cookies.c.orig wget-1.15/src/cookies.c
*** wget-1.15/src/cookies.c.orig2013-10-21 23:50:12.0 +0900
--- wget-1.15/src/cookies.c 2014-05-08 22:47:57.317467164 +0900
***
*** 634,640
static bool
check_path_match (const char *cookie_path, const char *path)
{
! return path_matches (path, cookie_path) != 0;
}
/* Prepend '/' to string S. S is copied to fresh stack-allocated
--- 634,640
static bool
check_path_match (const char *cookie_path, const char *path)
{
! return path_matches (cookie_path, path) != 0;
}
/* Prepend '/' to string S. S is copied to fresh stack-allocated
***
*** 707,713
else
{
/* The cookie sets its own path; verify that it is legal. */
! if (!check_path_match (cookie-path, path))
{
DEBUGP ((Attempt to fake the path: %s, %s\n,
cookie-path, path));
--- 707,714
else
{
/* The cookie sets its own path; verify that it is legal. */
! char *trailing_slash = strrchr (path, '/');
! if (!check_path_match (cookie-path, trailing_slash ? strdupdelim
(path, trailing_slash + 1) : '/'))
{
DEBUGP ((Attempt to fake the path: %s, %s\n,
cookie-path, path));
$
Thanks,
Yasuhisa Ishikawa
--
Thanking You,
Darshit Shah
[Bug-wget] Issue in cookie path checking
Hi all,
I found two issues in path checking code in cookie.c.
In cookie_handle_set_cookie(), path in Set-Cookie header should be
checked so as not to be accepted when it is upper than that of
requested document.
However, current implementation works as:
- check_path_match() validate the path of requested document
when its prefix is same with cookie_path.
path_matches(full_path, prefix) checks if full_path starts with prefix.
Current code allows /foo/bar/test.html to issue path=/ cookie.
Expected behavior is opposite. cookie_path must be child of current path.
- cookie-path is compared with path(full document path including filename)
in stead of its parent path.
I applied following fix, and it works as expected. Please consider to merge
this fix in next release.
$ diff -c wget-1.15/src/cookies.c.orig wget-1.15/src/cookies.c
*** wget-1.15/src/cookies.c.orig2013-10-21 23:50:12.0 +0900
--- wget-1.15/src/cookies.c 2014-05-08 22:47:57.317467164 +0900
***
*** 634,640
static bool
check_path_match (const char *cookie_path, const char *path)
{
! return path_matches (path, cookie_path) != 0;
}
/* Prepend '/' to string S. S is copied to fresh stack-allocated
--- 634,640
static bool
check_path_match (const char *cookie_path, const char *path)
{
! return path_matches (cookie_path, path) != 0;
}
/* Prepend '/' to string S. S is copied to fresh stack-allocated
***
*** 707,713
else
{
/* The cookie sets its own path; verify that it is legal. */
! if (!check_path_match (cookie-path, path))
{
DEBUGP ((Attempt to fake the path: %s, %s\n,
cookie-path, path));
--- 707,714
else
{
/* The cookie sets its own path; verify that it is legal. */
! char *trailing_slash = strrchr (path, '/');
! if (!check_path_match (cookie-path, trailing_slash ? strdupdelim
(path, trailing_slash + 1) : '/'))
{
DEBUGP ((Attempt to fake the path: %s, %s\n,
cookie-path, path));
$
Thanks,
Yasuhisa Ishikawa
