Re: [Lynx-dev] invalid cookie domain

Fri, 09 Nov 2018 10:46:53 -0800 

Seems some rfc 2109 obsolete redondant domain suffix validation was breaking
something.

Attached a patch to apply on top of my previous patch regarding cookie path.

-- 
Sylvain

--- a/src/LYCookie.c
+++ b/src/LYCookie.c
@@ -369,9 +369,6 @@
     const char *ptr;
     domain_entry *de = NULL;
     BOOL Replacement = FALSE;
-    int invprompt_reasons = 0; /* what is wrong with this cookie - kw */
-
-#define FAILS_COND4 0x02
 
     if (co == NULL)
        return;
@@ -453,66 +450,6 @@
            freeCookie(co);
            return;
        }
-
-       /*
-        * RFC 2109 -
-        * Section 4.3.2, condition 4:  The request-host is an HDN (not IP
-        * address) and has the form HD, where D is the value of the Domain
-        * attribute, and H is a string that contains one or more dots.
-        *
-        * If cookie checking for this domain is set to INVCHECK_LOOSE, then we
-        * want to bypass this check.  The user should be queried if set to
-        * INVCHECK_QUERY.
-        */
-       ptr = ((hostname + strlen(hostname)) - strlen(co->domain));
-       if (StrChr(hostname, '.') < ptr) {
-           invcheck_behaviour_t invcheck_bv = (de ? de->invcheck_bv
-                                               : DEFAULT_INVCHECK_BV);
-
-           switch (invcheck_bv) {
-           case INVCHECK_LOOSE:
-               break;          /* continue as if nothing were wrong */
-
-           case INVCHECK_QUERY:
-               invprompt_reasons |= FAILS_COND4;
-               break;          /* will prompt later if we get that far */
-
-           case INVCHECK_STRICT:
-               CTrace((tfp,
-                       "store_cookie: Rejecting because '%s' is not a prefix 
of '%s'.\n",
-                       co->path, path));
-               freeCookie(co);
-               return;
-           }
-       }
-    }
-
-    /*
-     * If we found reasons for issuing an invalid cookie confirmation prompt,
-     * do that now.  Rejection by the user here is the last chance to
-     * completely ignore this cookie; after it passes this hurdle, it may at
-     * least supersede a previous cookie (even if it finally gets rejected).  -
-     * kw
-     */
-    if (invprompt_reasons) {
-       char *msg = 0;
-
-       if (invprompt_reasons & FAILS_COND4) {
-           HTSprintf0(&msg,
-                      INVALID_COOKIE_DOMAIN_CONFIRMATION,
-                      co->ddomain,
-                      hostname);
-           if (!HTForcedPrompt(cookie_noprompt, msg, NO)) {
-               CTrace((tfp,
-                       "store_cookie: Rejecting domain '%s' for host '%s'.\n",
-                       co->ddomain,
-                       hostname));
-               freeCookie(co);
-               FREE(msg);
-               return;
-           }
-       }
-       FREE(msg);
     }
 
     if (de == NULL) {

_______________________________________________
Lynx-dev mailing list
Lynx-dev@nongnu.org
https://lists.nongnu.org/mailman/listinfo/lynx-dev

Reply via email to