mirror of
https://github.com/xroche/httrack.git
synced 2026-07-14 21:00:57 +03:00
Compare commits
1 Commits
master
...
fix-cookie
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
8df74c34ab |
@@ -1708,6 +1708,9 @@ void treathead(t_cookie * cookie, const char *adr, const char *fil, htsblk * ret
|
||||
#if DEBUG_COOK
|
||||
printf("set-cookie detected\n");
|
||||
#endif
|
||||
/* Over-long host overflows the fail-safe domain[] copy (abort); drop it. */
|
||||
if (adr && strlen(jump_identification_const(adr)) >= sizeof(domain))
|
||||
return;
|
||||
while(*a) {
|
||||
char *token_st, *token_end;
|
||||
char *value_st, *value_end;
|
||||
|
||||
@@ -1816,6 +1816,27 @@ static int st_cookies(httrackp *opt, int argc, char **argv) {
|
||||
http_cookie_header(&cookie, dom, "/", hdr, sizeof(hdr));
|
||||
if (strcmp(hdr, expected) != 0)
|
||||
err = 1;
|
||||
|
||||
/* A hostile over-long request host must not overflow domain[256] in
|
||||
treathead's default-domain copy (that would abort the mirror). */
|
||||
{
|
||||
static t_cookie ck2;
|
||||
htsblk r;
|
||||
char host[600];
|
||||
|
||||
memset(&r, 0, sizeof(r));
|
||||
memset(host, 'a', sizeof(host) - 1);
|
||||
host[sizeof(host) - 1] = '\0';
|
||||
ck2.max_len = (int) sizeof(ck2.data);
|
||||
ck2.data[0] = '\0';
|
||||
treathead(&ck2, host, "/", &r, "Set-Cookie: SID=1; path=/");
|
||||
if (strnotempty(ck2.data)) // oversize-host cookie was not dropped
|
||||
err = 1;
|
||||
/* control: a normal host still yields a cookie through treathead */
|
||||
treathead(&ck2, dom, "/", &r, "Set-Cookie: SID=1; path=/");
|
||||
if (strstr(ck2.data, "SID") == NULL) // guard wrongly dropped a valid cookie
|
||||
err = 1;
|
||||
}
|
||||
if (strstr(hdr, "$Version") != NULL || strstr(hdr, "$Path") != NULL)
|
||||
err = 1;
|
||||
if (strstr(hdr, "junk") != NULL) // wrong-domain cookie leaked
|
||||
|
||||
Reference in New Issue
Block a user