Re: [Lynx-dev] invalid cookie domain

2018-11-09 Thread sylvain . bertrand 
Seems some rfc 2109 obsolete redondant domain suffix validation was breaking
something.

Attached a patch to apply on top of my previous patch regarding cookie path.

-- 
Sylvain
--- a/src/LYCookie.c
+++ b/src/LYCookie.c
@@ -369,9 +369,6 @@
 const char *ptr;
 domain_entry *de = NULL;
 BOOL Replacement = FALSE;
-int invprompt_reasons = 0; /* what is wrong with this cookie - kw */
-
-#define FAILS_COND4 0x02
 
 if (co == NULL)
return;
@@ -453,66 +450,6 @@
freeCookie(co);
return;
}
-
-   /*
-* RFC 2109 -
-* Section 4.3.2, condition 4:  The request-host is an HDN (not IP
-* address) and has the form HD, where D is the value of the Domain
-* attribute, and H is a string that contains one or more dots.
-*
-* If cookie checking for this domain is set to INVCHECK_LOOSE, then we
-* want to bypass this check.  The user should be queried if set to
-* INVCHECK_QUERY.
-*/
-   ptr = ((hostname + strlen(hostname)) - strlen(co->domain));
-   if (StrChr(hostname, '.') < ptr) {
-   invcheck_behaviour_t invcheck_bv = (de ? de->invcheck_bv
-   : DEFAULT_INVCHECK_BV);
-
-   switch (invcheck_bv) {
-   case INVCHECK_LOOSE:
-   break;  /* continue as if nothing were wrong */
-
-   case INVCHECK_QUERY:
-   invprompt_reasons |= FAILS_COND4;
-   break;  /* will prompt later if we get that far */
-
-   case INVCHECK_STRICT:
-   CTrace((tfp,
-   "store_cookie: Rejecting because '%s' is not a prefix 
of '%s'.\n",
-   co->path, path));
-   freeCookie(co);
-   return;
-   }
-   }
-}
-
-/*
- * If we found reasons for issuing an invalid cookie confirmation prompt,
- * do that now.  Rejection by the user here is the last chance to
- * completely ignore this cookie; after it passes this hurdle, it may at
- * least supersede a previous cookie (even if it finally gets rejected).  -
- * kw
- */
-if (invprompt_reasons) {
-   char *msg = 0;
-
-   if (invprompt_reasons & FAILS_COND4) {
-   HTSprintf0(&msg,
-  INVALID_COOKIE_DOMAIN_CONFIRMATION,
-  co->ddomain,
-  hostname);
-   if (!HTForcedPrompt(cookie_noprompt, msg, NO)) {
-   CTrace((tfp,
-   "store_cookie: Rejecting domain '%s' for host '%s'.\n",
-   co->ddomain,
-   hostname));
-   freeCookie(co);
-   FREE(msg);
-   return;
-   }
-   }
-   FREE(msg);
 }
 
 if (de == NULL) {
___
Lynx-dev mailing list
Lynx-dev@nongnu.org
https://lists.nongnu.org/mailman/listinfo/lynx-dev

Re: [Lynx-dev] invalid cookie domain

2018-11-09 Thread sylvain . bertrand 
It seems there is obsolete rfc 2109 logic interfering with rfc 6265 logic.

-- 
Sylvain

___
Lynx-dev mailing list
Lynx-dev@nongnu.org
https://lists.nongnu.org/mailman/listinfo/lynx-dev