Fix behaviour to match RFC 6265 on encountering domain mismatch.

2013-02-24 19:35:25 +05:30 · 2013-02-24 19:35:25 +05:30 · 6443581d72
parent 3be7e0a53c
commit 6443581d72
2 changed files with 10 additions and 7 deletions
--- a/src/ChangeLog
+++ b/src/ChangeLog
@ -1,3 +1,8 @@
+2013-02-15  Darshit Shah <darnir@gmail.com>
+
+	* cookies.c (cookie_handle_set_cookie): Set cookie-descard_requested
+	to true on domain mismatch.
+
 2012-12-20  Tim Ruehsen  <tim.ruehsen@gmx.de>

 	* gnutls.c (ssl_connect_wget): added +VERS-SSL3.0 to fix
--- a/src/cookies.c
+++ b/src/cookies.c
@ -673,9 +673,6 @@ cookie_handle_set_cookie (struct cookie_jar *jar,

  if (!cookie->domain)
    {
-    copy_domain:
-      /* If the domain was not provided, we use the one we're talking
-         to, and set exact match.  */
      cookie->domain = xstrdup (host);
      cookie->domain_exact = 1;
      /* Set the port, but only if it's non-default. */
@ -687,11 +684,12 @@ cookie_handle_set_cookie (struct cookie_jar *jar,
      if (!check_domain_match (cookie->domain, host))
        {
          logprintf (LOG_NOTQUIET,
-                     _("Cookie coming from %s attempted to set domain to %s\n"),
-                     quotearg_style (escape_quoting_style, host),
+                     _("Cookie coming from %s attempted to set domain to "),
+                     quotearg_style (escape_quoting_style, host));
+          logprintf (LOG_NOTQUIET,
+                     _("%s\n"),
                     quotearg_style (escape_quoting_style, cookie->domain));
-          xfree (cookie->domain);
-          goto copy_domain;
+          cookie->discard_requested = true;
        }
    }