[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev Accepting invalid cookies - was: cookie bug (not in lynx)

From: brian j. pardy
Subject: Re: lynx-dev Accepting invalid cookies - was: cookie bug (not in lynx)
Date: Tue, 29 Dec 1998 16:34:38 -0800 (PST)

On Tue, 29 Dec 1998, Klaus Weide wrote:

> On Tue, 29 Dec 1998, brian j. pardy wrote:
> > On Tue, 29 Dec 1998, Klaus Weide wrote:
> > > On Mon, 28 Dec 1998, brian j. pardy wrote:
> > > > 
> > > > Perhaps a new option similar to COOKIE_ACCEPT_DOMAINS to specify
> > > > servers that are specifically allowed to set invalid domains?
> > > 
> > > I'm all for giving the user fine-grained control over cookies, but
> > > there are some difficulties with this.  Part of the checks is
> > > comparing two domain names (the one from the cookie and the actual
> > > server hostname).  Should that hypothetical new option set a property
> > > of (1) the domain given in the set-cookie or (2) of the hostname?  You
> > > seem to have (2) in mind, but (1) would be more equivalent to what
> > 
> > With (1), unless I'm missing something, a user could set "" as
> > a domain which can be set via invalid cookies -- which it seems would
> > allow *any* hostname to set a cookie for "".
> Only if we allow the host_matches() test to be completely bypassed - which
> I think we shouldn't do anyway.
> If we still leave the host_matches() test in place (maybe modified?),
> then "" as well as "" and ""
> could set a "" cookie, but unrelated hosts could not.

Okay.  I'll work for now on getting a proper flag for domains that are
specified, and then we can decide on just what to do with it and how.

> > Under (2), "" could be a domain which has the (currently
> > not existing) "I can set invalid domains" flag, and be allowed to set 
> > cookies for domains below it (ie for "").
> In that case it seems to make more sense, yes.  In some other cases,
> it may be not so good - the user has to know all the potential
> hostnames, unless there is some kind of pattern matching.  (Like
> etc., or
> etc...  Well
> this is not a very relevant example since they are probably meant to
> always be accesses as, but other case where hostnames can
> change on a whim are possible.)  I don't know how important this is,
> just wanted to bring it up as a potential consideration.

I thought about pattern matching for COOKIE_ACCEPT_DOMAINS and 
COOKIE_REJECT_DOMAINS and I was simply too lazy to code it.  This is
indeed a thought, but since the (two or three) sites I accept cookies
from don't have the problem we're working on, I don't feel qualified
to decide.

> I was thinking of (1) as the more obvious choice, because we already
> have per-domain-attribute configuration info.  By putting a new flag
> into domain_entry (maybe making bv a bitmask), the already existing
> mechanisms could be used or duplicated, and then the (currently not
> existing) "cookies for this domain can be set by invalid hosts" flag
> could be changed from The Cookie Jar page at runtime.

I've made bv a bitmask, keeping all of the original settings.  Some of
them are mutually exclusive, that needs to be hacked through. 

I think the actual creation of this extra flag in the domain_entry struct
is removed from whether implementation is chosen to be (1) or (2).

> [...]
> I also think the option should be named something else than
> COOKIE_INVALID_DOMAINS, I find that confusing.
> COOKIE_ACCEPT_INVALID_DOMAINS sounds more like it, but seems to imply
> choice (1) from above.  If you continue to go with (2), it should be

I agree that it is a pretty miserably named option, I just wanted a name
so I can start to play with it.  

> I hope you don't find I am complaining too much.  I shouldn't, since you
> are writing the code. :)

It's not a problem. :)  I'm just a hacker and can occasionally put things
together without fully thinking them through.  Other voices help.

Okay, I think I have it mostly handled.

New patch is at:


(It's about 16K, and this mail is long enough already.)

* de->bv has been made a bitmask, with corresponding #defines in LYCookie.h
* options and functions should freely be renamed to something better :)
* look at my FIXME line in LYHandleCookies() (I think) -- I'm not sure
  how those should be displayed.
* this will NOT change behavior from stock dev.12, but is a basis to begin
  changing behavior
* I haven't checked for memory leaks, but since 95% is cannibalized from
  earlier code w/o leaks, it should be okay
* the various tests/sets on de->bv have been hacked to grok a bitfield, but
  since some options are mutually exclusive, these should all be audited
* the new option hasn't been commented in lynx.cfg yet, or added to the
  forms/menu options code, or to .lynxrc-saving code.  Sorry.
* a couple typos that stuck out
* probably a couple other gotchas I'm not remembering :)

GPG & PGP public keys: <URL:> 
PGP fingerprint: 42 57 B3 D2 39 8E 74 C3  5E 4D AC 43 25 D2 26 D4

reply via email to

[Prev in Thread] Current Thread [Next in Thread]