Gitweb links: ...log http://git.netsurf-browser.org/netsurf.git/shortlog/1ef1edc9e0bc001f3324bc7fa616c4bd0cc79466 ...commit http://git.netsurf-browser.org/netsurf.git/commit/1ef1edc9e0bc001f3324bc7fa616c4bd0cc79466 ...tree http://git.netsurf-browser.org/netsurf.git/tree/1ef1edc9e0bc001f3324bc7fa616c4bd0cc79466
The branch, master has been updated via 1ef1edc9e0bc001f3324bc7fa616c4bd0cc79466 (commit) from 608a18caff8d1b994ab24fa74b64885e67e6348e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commitdiff http://git.netsurf-browser.org/netsurf.git/commit/?id=1ef1edc9e0bc001f3324bc7fa616c4bd0cc79466 commit 1ef1edc9e0bc001f3324bc7fa616c4bd0cc79466 Author: Vincent Sanders <vi...@kyllikki.org> Commit: Vincent Sanders <vi...@kyllikki.org> enable use of netsurf public suffix library to prevent supercookies diff --git a/Docs/env.sh b/Docs/env.sh index 6fb009c..b0a30c8 100644 --- a/Docs/env.sh +++ b/Docs/env.sh @@ -90,7 +90,7 @@ NS_GIT="git://git.netsurf-browser.org" NS_BUILDSYSTEM="buildsystem" # internal libraries all frontends require (order is important) -NS_INTERNAL_LIBS="libwapcaplet libparserutils libhubbub libdom libcss libnsgif libnsbmp libutf8proc libnsutils" +NS_INTERNAL_LIBS="libwapcaplet libparserutils libhubbub libdom libcss libnsgif libnsbmp libutf8proc libnsutils libnspsl" # The browser itself NS_BROWSER="netsurf" diff --git a/Makefile b/Makefile index 60810e1..9a9f4b3 100644 --- a/Makefile +++ b/Makefile @@ -525,6 +525,7 @@ NETSURF_FEATURE_CURL_CFLAGS := -DWITH_CURL NETSURF_FEATURE_NSSVG_CFLAGS := -DWITH_NS_SVG NETSURF_FEATURE_OPENSSL_CFLAGS := -DWITH_OPENSSL NETSURF_FEATURE_ROSPRITE_CFLAGS := -DWITH_NSSPRITE +NETSURF_FEATURE_NSPSL_CFLAGS := -DWITH_NSPSL $(eval $(call pkg_config_find_and_add_enabled,OPENSSL,openssl,OpenSSL)) # freemint does not support pkg-config for libcurl @@ -540,6 +541,7 @@ $(eval $(call pkg_config_find_and_add_enabled,BMP,libnsbmp,BMP)) $(eval $(call pkg_config_find_and_add_enabled,GIF,libnsgif,GIF)) $(eval $(call pkg_config_find_and_add_enabled,NSSVG,libsvgtiny,SVG)) $(eval $(call pkg_config_find_and_add_enabled,ROSPRITE,librosprite,Sprite)) +$(eval $(call pkg_config_find_and_add_enabled,NSPSL,libnspsl,PSL)) # List of directories in which headers are searched for INCLUDE_DIRS :=. include $(OBJROOT) diff --git a/Makefile.defaults b/Makefile.defaults index c2a91e6..619b8db 100644 --- a/Makefile.defaults +++ b/Makefile.defaults @@ -69,6 +69,9 @@ NETSURF_USE_DUKTAPE := YES # Valid options: YES, NO NETSURF_USE_HARU_PDF := NO +# Enable the use of the Public suffix library to detect supercookies +NETSURF_USE_NSPSL := AUTO + # Enable stripping the NetSurf binary # Valid options: YES, NO NETSURF_STRIP_BINARY := NO diff --git a/content/urldb.c b/content/urldb.c index 4888afc..b6eaf63 100644 --- a/content/urldb.c +++ b/content/urldb.c @@ -94,6 +94,9 @@ #include <string.h> #include <strings.h> #include <time.h> +#ifdef WITH_NSPSL +#include <nspsl.h> +#endif #include "utils/inet.h" #include "utils/nsoption.h" @@ -3353,6 +3356,7 @@ bool urldb_set_cookie(const char *header, nsurl *url, nsurl *referer) do { struct cookie_internal_data *c; + const char *suffix; char *dot; size_t len; @@ -3379,6 +3383,19 @@ bool urldb_set_cookie(const char *header, nsurl *url, nsurl *referer) goto error; } +#ifdef WITH_NSPSL + /* check domain is not a public suffix */ + dot = c->domain; + if (*dot == '.') { + dot++; + } + suffix = nspsl_getpublicsuffix(dot); + if (suffix == NULL) { + LOG("domain %s was a public suffix domain", dot); + urldb_free_cookie(c); + goto error; + } +#else /* 4.3.2:ii Cookie domain must contain embedded dots */ dot = strchr(c->domain + 1, '.'); if (!dot || *(dot + 1) == '\0') { @@ -3386,6 +3403,7 @@ bool urldb_set_cookie(const char *header, nsurl *url, nsurl *referer) urldb_free_cookie(c); goto error; } +#endif /* Domain match fetch host with cookie domain */ if (strcasecmp(lwc_string_data(host), c->domain) != 0) { ----------------------------------------------------------------------- Summary of changes: Docs/env.sh | 2 +- Makefile | 2 ++ Makefile.defaults | 3 +++ content/urldb.c | 18 ++++++++++++++++++ 4 files changed, 24 insertions(+), 1 deletion(-) diff --git a/Docs/env.sh b/Docs/env.sh index 6fb009c..b0a30c8 100644 --- a/Docs/env.sh +++ b/Docs/env.sh @@ -90,7 +90,7 @@ NS_GIT="git://git.netsurf-browser.org" NS_BUILDSYSTEM="buildsystem" # internal libraries all frontends require (order is important) -NS_INTERNAL_LIBS="libwapcaplet libparserutils libhubbub libdom libcss libnsgif libnsbmp libutf8proc libnsutils" +NS_INTERNAL_LIBS="libwapcaplet libparserutils libhubbub libdom libcss libnsgif libnsbmp libutf8proc libnsutils libnspsl" # The browser itself NS_BROWSER="netsurf" diff --git a/Makefile b/Makefile index 60810e1..9a9f4b3 100644 --- a/Makefile +++ b/Makefile @@ -525,6 +525,7 @@ NETSURF_FEATURE_CURL_CFLAGS := -DWITH_CURL NETSURF_FEATURE_NSSVG_CFLAGS := -DWITH_NS_SVG NETSURF_FEATURE_OPENSSL_CFLAGS := -DWITH_OPENSSL NETSURF_FEATURE_ROSPRITE_CFLAGS := -DWITH_NSSPRITE +NETSURF_FEATURE_NSPSL_CFLAGS := -DWITH_NSPSL $(eval $(call pkg_config_find_and_add_enabled,OPENSSL,openssl,OpenSSL)) # freemint does not support pkg-config for libcurl @@ -540,6 +541,7 @@ $(eval $(call pkg_config_find_and_add_enabled,BMP,libnsbmp,BMP)) $(eval $(call pkg_config_find_and_add_enabled,GIF,libnsgif,GIF)) $(eval $(call pkg_config_find_and_add_enabled,NSSVG,libsvgtiny,SVG)) $(eval $(call pkg_config_find_and_add_enabled,ROSPRITE,librosprite,Sprite)) +$(eval $(call pkg_config_find_and_add_enabled,NSPSL,libnspsl,PSL)) # List of directories in which headers are searched for INCLUDE_DIRS :=. include $(OBJROOT) diff --git a/Makefile.defaults b/Makefile.defaults index c2a91e6..619b8db 100644 --- a/Makefile.defaults +++ b/Makefile.defaults @@ -69,6 +69,9 @@ NETSURF_USE_DUKTAPE := YES # Valid options: YES, NO NETSURF_USE_HARU_PDF := NO +# Enable the use of the Public suffix library to detect supercookies +NETSURF_USE_NSPSL := AUTO + # Enable stripping the NetSurf binary # Valid options: YES, NO NETSURF_STRIP_BINARY := NO diff --git a/content/urldb.c b/content/urldb.c index 4888afc..b6eaf63 100644 --- a/content/urldb.c +++ b/content/urldb.c @@ -94,6 +94,9 @@ #include <string.h> #include <strings.h> #include <time.h> +#ifdef WITH_NSPSL +#include <nspsl.h> +#endif #include "utils/inet.h" #include "utils/nsoption.h" @@ -3353,6 +3356,7 @@ bool urldb_set_cookie(const char *header, nsurl *url, nsurl *referer) do { struct cookie_internal_data *c; + const char *suffix; char *dot; size_t len; @@ -3379,6 +3383,19 @@ bool urldb_set_cookie(const char *header, nsurl *url, nsurl *referer) goto error; } +#ifdef WITH_NSPSL + /* check domain is not a public suffix */ + dot = c->domain; + if (*dot == '.') { + dot++; + } + suffix = nspsl_getpublicsuffix(dot); + if (suffix == NULL) { + LOG("domain %s was a public suffix domain", dot); + urldb_free_cookie(c); + goto error; + } +#else /* 4.3.2:ii Cookie domain must contain embedded dots */ dot = strchr(c->domain + 1, '.'); if (!dot || *(dot + 1) == '\0') { @@ -3386,6 +3403,7 @@ bool urldb_set_cookie(const char *header, nsurl *url, nsurl *referer) urldb_free_cookie(c); goto error; } +#endif /* Domain match fetch host with cookie domain */ if (strcasecmp(lwc_string_data(host), c->domain) != 0) { -- NetSurf Browser _______________________________________________ netsurf-commits mailing list netsurf-commits@netsurf-browser.org http://listmaster.pepperfish.net/cgi-bin/mailman/listinfo/netsurf-commits-netsurf-browser.org