bug-wget
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] Issue in cookie path checking

From: address@hidden
Subject: Re: [Bug-wget] Issue in cookie path checking
Date: Mon, 16 Jun 2014 22:44:50 +0900 
Darshit,

 Sorry, I’m not familiar with git and "git clone”ed branch so I could not run 
make before.
 I hope this work….

Attachment: 0001-2014-06-16-Yasuhisa-Ishikawa-yasuhisa.ishikawa-kuman.patch
Description: Binary data


Yasuhisa Ishikawa


2014/06/16 18:06、Darshit Shah <address@hidden> のメール:

> cookies.c:727:59: warning: pointer/integer type mismatch in
> conditional expression ('char *' and 'int')
> [-Wconditional-type-mismatch]
>      if (!check_path_match (cookie->path, trailing_slash ?
> strdupdelim (path, trailing_slash + 1) : '/'))
> Hi Yasuhisa,
> 
> Thanks a lot or the patch file! However, I am unable to compile the
> sources with your patch applied.
> 
> The issue occrus at cookies.c:653. I'm assuming you wanted to write:
> return patch_matches (cookie_patch, path) != 0;
> 
> There's also an issue with the ternary operation you introduce at 
> cookies.c:727
> My compiler gave me the following warning message, which I do believe
> is not a false positive and should be fixed:
> 
> cookies.c:727:59: warning: pointer/integer type mismatch in
> conditional expression ('char *' and 'int')
> [-Wconditional-type-mismatch]
>     if (!check_path_match (cookie->path, trailing_slash ? strdupdelim
> (path, trailing_slash + 1) : '/'))
> 
> It would be very nice of you if you could fix these issues. The code
> seems to be correct otherwise to me.
> 
> On Thu, Jun 12, 2014 at 8:09 PM,  <address@hidden> wrote:
>> Hi Darshit,
>> 
>> Sorry to be late. I have never used git so it takes long for me to learn
>> how to generate path using git.
>> 
>> I’m not sure I have done it well. If there are something wrong with this
>> attachment, please correct.
>> 
>> 
>> 
>> 
>> 
>> 
>> Regards,
>> Yasuhisa Ishikawa
>> 
>> 2014/06/04 3:09、Darshit Shah <address@hidden> のメール:
>> 
>>> Hi Yasuhisa,
>>> 
>>> Thanks for the patch. The cookie domain patch checking code in Wget
>>> was old and only based on a heuristic. However, we are currently in
>>> the process of using libpsl a library that handles this for us. I have
>>> submitted a patch which is currently in the pipeline that adds support
>>> for using libpsl to perform cookie domain name checking.
>>> 
>>> Your code may stil be useful in the fallback mechanism. Could you
>>> please send a patch file as generated by `git format-patch` against
>>> the current HEAD of the tree and also add the details to the relevant
>>> ChangeLog file? It would make applying the patch so much easier for
>>> us.
>>> 
>>> On Thu, May 8, 2014 at 8:12 PM, address@hidden
>>> <address@hidden> wrote:
>>>> Hi all,
>>>> 
>>>> I found two issues in path checking code in cookie.c.
>>>> 
>>>> In cookie_handle_set_cookie(), path in Set-Cookie header should be
>>>> checked so as not to be accepted when it is upper than that of
>>>> requested document.
>>>> 
>>>> However, current implementation works as:
>>>> 
>>>> - check_path_match() validate the path of requested document
>>>> when its prefix is same with cookie_path.
>>>> path_matches(full_path, prefix) checks if full_path starts with prefix.
>>>> Current code allows /foo/bar/test.html to issue path=/ cookie.
>>>> Expected behavior is opposite. cookie_path must be child of current path.
>>>> 
>>>> - cookie->path is compared with path(full document path including filename)
>>>> in stead of its parent path.
>>>> 
>>>> I applied following fix, and it works as expected. Please consider to 
>>>> merge this fix in next release.
>>>> 
>>>> $ diff -c wget-1.15/src/cookies.c.orig wget-1.15/src/cookies.c
>>>> *** wget-1.15/src/cookies.c.orig        2013-10-21 23:50:12.000000000 +0900
>>>> --- wget-1.15/src/cookies.c     2014-05-08 22:47:57.317467164 +0900
>>>> ***************
>>>> *** 634,640 ****
>>>> static bool
>>>> check_path_match (const char *cookie_path, const char *path)
>>>> {
>>>> !   return path_matches (path, cookie_path) != 0;
>>>> }
>>>> 
>>>> /* Prepend '/' to string S.  S is copied to fresh stack-allocated
>>>> --- 634,640 ----
>>>> static bool
>>>> check_path_match (const char *cookie_path, const char *path)
>>>> {
>>>> !   return path_matches (cookie_path, path) != 0;
>>>> }
>>>> 
>>>> /* Prepend '/' to string S.  S is copied to fresh stack-allocated
>>>> ***************
>>>> *** 707,713 ****
>>>>   else
>>>>     {
>>>>       /* The cookie sets its own path; verify that it is legal. */
>>>> !       if (!check_path_match (cookie->path, path))
>>>>         {
>>>>           DEBUGP (("Attempt to fake the path: %s, %s\n",
>>>>                    cookie->path, path));
>>>> --- 707,714 ----
>>>>   else
>>>>     {
>>>>       /* The cookie sets its own path; verify that it is legal. */
>>>> !       char *trailing_slash = strrchr (path, '/');
>>>> !       if (!check_path_match (cookie->path, trailing_slash ? strdupdelim 
>>>> (path, trailing_slash + 1) : '/'))
>>>>         {
>>>>           DEBUGP (("Attempt to fake the path: %s, %s\n",
>>>>                    cookie->path, path));
>>>> $
>>>> 
>>>> Thanks,
>>>> Yasuhisa Ishikawa
>>> 
>>> 
>>> 
>>> --
>>> Thanking You,
>>> Darshit Shah
>> 
>> 
> 
> 
> 
> -- 
> Thanking You,
> Darshit Shah
reply via email to
[Prev in Thread] Current Thread [Next in Thread]