Gitweb links:
...log
http://git.netsurf-browser.org/netsurf.git/shortlog/1ef1edc9e0bc001f3324bc7fa616c4bd0cc79466
...commit
http://git.netsurf-browser.org/netsurf.git/commit/1ef1edc9e0bc001f3324bc7fa616c4bd0cc79466
...tree
http://git.netsurf-browser.org/netsurf.git/tree/1ef1edc9e0bc001f3324bc7fa616c4bd0cc79466
The branch, master has been updated
via 1ef1edc9e0bc001f3324bc7fa616c4bd0cc79466 (commit)
from 608a18caff8d1b994ab24fa74b64885e67e6348e (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commitdiff
http://git.netsurf-browser.org/netsurf.git/commit/?id=1ef1edc9e0bc001f3324bc7fa616c4bd0cc79466
commit 1ef1edc9e0bc001f3324bc7fa616c4bd0cc79466
Author: Vincent Sanders <vi...@kyllikki.org>
Commit: Vincent Sanders <vi...@kyllikki.org>
enable use of netsurf public suffix library to prevent supercookies
diff --git a/Docs/env.sh b/Docs/env.sh
index 6fb009c..b0a30c8 100644
--- a/Docs/env.sh
+++ b/Docs/env.sh
@@ -90,7 +90,7 @@ NS_GIT="git://git.netsurf-browser.org"
NS_BUILDSYSTEM="buildsystem"
# internal libraries all frontends require (order is important)
-NS_INTERNAL_LIBS="libwapcaplet libparserutils libhubbub libdom libcss libnsgif
libnsbmp libutf8proc libnsutils"
+NS_INTERNAL_LIBS="libwapcaplet libparserutils libhubbub libdom libcss libnsgif
libnsbmp libutf8proc libnsutils libnspsl"
# The browser itself
NS_BROWSER="netsurf"
diff --git a/Makefile b/Makefile
index 60810e1..9a9f4b3 100644
--- a/Makefile
+++ b/Makefile
@@ -525,6 +525,7 @@ NETSURF_FEATURE_CURL_CFLAGS := -DWITH_CURL
NETSURF_FEATURE_NSSVG_CFLAGS := -DWITH_NS_SVG
NETSURF_FEATURE_OPENSSL_CFLAGS := -DWITH_OPENSSL
NETSURF_FEATURE_ROSPRITE_CFLAGS := -DWITH_NSSPRITE
+NETSURF_FEATURE_NSPSL_CFLAGS := -DWITH_NSPSL
$(eval $(call pkg_config_find_and_add_enabled,OPENSSL,openssl,OpenSSL))
# freemint does not support pkg-config for libcurl
@@ -540,6 +541,7 @@ $(eval $(call
pkg_config_find_and_add_enabled,BMP,libnsbmp,BMP))
$(eval $(call pkg_config_find_and_add_enabled,GIF,libnsgif,GIF))
$(eval $(call pkg_config_find_and_add_enabled,NSSVG,libsvgtiny,SVG))
$(eval $(call pkg_config_find_and_add_enabled,ROSPRITE,librosprite,Sprite))
+$(eval $(call pkg_config_find_and_add_enabled,NSPSL,libnspsl,PSL))
# List of directories in which headers are searched for
INCLUDE_DIRS :=. include $(OBJROOT)
diff --git a/Makefile.defaults b/Makefile.defaults
index c2a91e6..619b8db 100644
--- a/Makefile.defaults
+++ b/Makefile.defaults
@@ -69,6 +69,9 @@ NETSURF_USE_DUKTAPE := YES
# Valid options: YES, NO
NETSURF_USE_HARU_PDF := NO
+# Enable the use of the Public suffix library to detect supercookies
+NETSURF_USE_NSPSL := AUTO
+
# Enable stripping the NetSurf binary
# Valid options: YES, NO
NETSURF_STRIP_BINARY := NO
diff --git a/content/urldb.c b/content/urldb.c
index 4888afc..b6eaf63 100644
--- a/content/urldb.c
+++ b/content/urldb.c
@@ -94,6 +94,9 @@
#include <string.h>
#include <strings.h>
#include <time.h>
+#ifdef WITH_NSPSL
+#include <nspsl.h>
+#endif
#include "utils/inet.h"
#include "utils/nsoption.h"
@@ -3353,6 +3356,7 @@ bool urldb_set_cookie(const char *header, nsurl *url,
nsurl *referer)
do {
struct cookie_internal_data *c;
+ const char *suffix;
char *dot;
size_t len;
@@ -3379,6 +3383,19 @@ bool urldb_set_cookie(const char *header, nsurl *url,
nsurl *referer)
goto error;
}
+#ifdef WITH_NSPSL
+ /* check domain is not a public suffix */
+ dot = c->domain;
+ if (*dot == '.') {
+ dot++;
+ }
+ suffix = nspsl_getpublicsuffix(dot);
+ if (suffix == NULL) {
+ LOG("domain %s was a public suffix domain", dot);
+ urldb_free_cookie(c);
+ goto error;
+ }
+#else
/* 4.3.2:ii Cookie domain must contain embedded dots */
dot = strchr(c->domain + 1, '.');
if (!dot || *(dot + 1) == '\0') {
@@ -3386,6 +3403,7 @@ bool urldb_set_cookie(const char *header, nsurl *url,
nsurl *referer)
urldb_free_cookie(c);
goto error;
}
+#endif
/* Domain match fetch host with cookie domain */
if (strcasecmp(lwc_string_data(host), c->domain) != 0) {
-----------------------------------------------------------------------
Summary of changes:
Docs/env.sh | 2 +-
Makefile | 2 ++
Makefile.defaults | 3 +++
content/urldb.c | 18 ++++++++++++++++++
4 files changed, 24 insertions(+), 1 deletion(-)
diff --git a/Docs/env.sh b/Docs/env.sh
index 6fb009c..b0a30c8 100644
--- a/Docs/env.sh
+++ b/Docs/env.sh
@@ -90,7 +90,7 @@ NS_GIT="git://git.netsurf-browser.org"
NS_BUILDSYSTEM="buildsystem"
# internal libraries all frontends require (order is important)
-NS_INTERNAL_LIBS="libwapcaplet libparserutils libhubbub libdom libcss libnsgif
libnsbmp libutf8proc libnsutils"
+NS_INTERNAL_LIBS="libwapcaplet libparserutils libhubbub libdom libcss libnsgif
libnsbmp libutf8proc libnsutils libnspsl"
# The browser itself
NS_BROWSER="netsurf"
diff --git a/Makefile b/Makefile
index 60810e1..9a9f4b3 100644
--- a/Makefile
+++ b/Makefile
@@ -525,6 +525,7 @@ NETSURF_FEATURE_CURL_CFLAGS := -DWITH_CURL
NETSURF_FEATURE_NSSVG_CFLAGS := -DWITH_NS_SVG
NETSURF_FEATURE_OPENSSL_CFLAGS := -DWITH_OPENSSL
NETSURF_FEATURE_ROSPRITE_CFLAGS := -DWITH_NSSPRITE
+NETSURF_FEATURE_NSPSL_CFLAGS := -DWITH_NSPSL
$(eval $(call pkg_config_find_and_add_enabled,OPENSSL,openssl,OpenSSL))
# freemint does not support pkg-config for libcurl
@@ -540,6 +541,7 @@ $(eval $(call
pkg_config_find_and_add_enabled,BMP,libnsbmp,BMP))
$(eval $(call pkg_config_find_and_add_enabled,GIF,libnsgif,GIF))
$(eval $(call pkg_config_find_and_add_enabled,NSSVG,libsvgtiny,SVG))
$(eval $(call pkg_config_find_and_add_enabled,ROSPRITE,librosprite,Sprite))
+$(eval $(call pkg_config_find_and_add_enabled,NSPSL,libnspsl,PSL))
# List of directories in which headers are searched for
INCLUDE_DIRS :=. include $(OBJROOT)
diff --git a/Makefile.defaults b/Makefile.defaults
index c2a91e6..619b8db 100644
--- a/Makefile.defaults
+++ b/Makefile.defaults
@@ -69,6 +69,9 @@ NETSURF_USE_DUKTAPE := YES
# Valid options: YES, NO
NETSURF_USE_HARU_PDF := NO
+# Enable the use of the Public suffix library to detect supercookies
+NETSURF_USE_NSPSL := AUTO
+
# Enable stripping the NetSurf binary
# Valid options: YES, NO
NETSURF_STRIP_BINARY := NO
diff --git a/content/urldb.c b/content/urldb.c
index 4888afc..b6eaf63 100644
--- a/content/urldb.c
+++ b/content/urldb.c
@@ -94,6 +94,9 @@
#include <string.h>
#include <strings.h>
#include <time.h>
+#ifdef WITH_NSPSL
+#include <nspsl.h>
+#endif
#include "utils/inet.h"
#include "utils/nsoption.h"
@@ -3353,6 +3356,7 @@ bool urldb_set_cookie(const char *header, nsurl *url,
nsurl *referer)
do {
struct cookie_internal_data *c;
+ const char *suffix;
char *dot;
size_t len;
@@ -3379,6 +3383,19 @@ bool urldb_set_cookie(const char *header, nsurl *url,
nsurl *referer)
goto error;
}
+#ifdef WITH_NSPSL
+ /* check domain is not a public suffix */
+ dot = c->domain;
+ if (*dot == '.') {
+ dot++;
+ }
+ suffix = nspsl_getpublicsuffix(dot);
+ if (suffix == NULL) {
+ LOG("domain %s was a public suffix domain", dot);
+ urldb_free_cookie(c);
+ goto error;
+ }
+#else
/* 4.3.2:ii Cookie domain must contain embedded dots */
dot = strchr(c->domain + 1, '.');
if (!dot || *(dot + 1) == '\0') {
@@ -3386,6 +3403,7 @@ bool urldb_set_cookie(const char *header, nsurl *url,
nsurl *referer)
urldb_free_cookie(c);
goto error;
}
+#endif
/* Domain match fetch host with cookie domain */
if (strcasecmp(lwc_string_data(host), c->domain) != 0) {
--
NetSurf Browser
_______________________________________________
netsurf-commits mailing list
netsurf-commits@netsurf-browser.org
http://listmaster.pepperfish.net/cgi-bin/mailman/listinfo/netsurf-commits-netsurf-browser.org
