[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Emacs-diffs] master 6252386: (url-cookie-host-can-set-p): Protect again
From: |
Lars Ingebrigtsen |
Subject: |
[Emacs-diffs] master 6252386: (url-cookie-host-can-set-p): Protect against zero-length domains |
Date: |
Wed, 7 Jun 2017 10:19:54 -0400 (EDT) |
branch: master
commit 62523863780d3894c92f84dd474278eeddc4a0e0
Author: Lars Ingebrigtsen <address@hidden>
Commit: Lars Ingebrigtsen <address@hidden>
(url-cookie-host-can-set-p): Protect against zero-length domains
* lisp/url/url-cookie.el (url-cookie-host-can-set-p): Protect
against zero-length domains.
Backtrace of a real-world site that triggers a bug:
Debugger entered--Lisp error: (args-out-of-range "" 0)
url-cookie-host-can-set-p("www.washingtonpost.com" "")
url-cookie-handle-set-cookie("utm_term=0;Expires=Thursday,
01-January-1970 00:00:00 GMT; path=/; domain=")
url-http-handle-cookies()
---
lisp/url/url-cookie.el | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/lisp/url/url-cookie.el b/lisp/url/url-cookie.el
index ac4ac59..4912db6 100644
--- a/lisp/url/url-cookie.el
+++ b/lisp/url/url-cookie.el
@@ -229,16 +229,19 @@ telling Microsoft that."
(defun url-cookie-host-can-set-p (host domain)
(let ((last nil)
(case-fold-search t))
- (if (string= host domain) ; Apparently netscape lets you do this
- t
+ (cond
+ ((string= host domain) ; Apparently netscape lets you do this
+ t)
+ ((zerop (length domain))
+ nil)
+ (t
;; Remove the dot from wildcard domains before matching.
(when (eq ?. (aref domain 0))
(setq domain (substring domain 1)))
(and (url-domsuf-cookie-allowed-p domain)
;; Need to check and make sure the host is actually _in_ the
;; domain it wants to set a cookie for though.
- (string-match (concat (regexp-quote domain)
- "$") host)))))
+ (string-match (concat (regexp-quote domain) "$") host))))))
(defun url-cookie-handle-set-cookie (str)
(setq url-cookies-changed-since-last-save t)
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Emacs-diffs] master 6252386: (url-cookie-host-can-set-p): Protect against zero-length domains,
Lars Ingebrigtsen <=