Fix behaviour to match RFC 6265 on encountering domain mismatch.

diff --git a/src/ChangeLog b/src/ChangeLog
index bbc67352a6c0119858e98ab02c1155bd5587a440..c37fb85a5cffec66e84663ea1b23992cfd4b0836 100644 (file)
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,8 @@
+2013-02-15  Darshit Shah <darnir@gmail.com>
+
+       * cookies.c (cookie_handle_set_cookie): Set cookie-descard_requested
+       to true on domain mismatch.
+
 2012-12-20  Tim Ruehsen  <tim.ruehsen@gmx.de>
 
        * gnutls.c (ssl_connect_wget): added +VERS-SSL3.0 to fix

diff --git a/src/cookies.c b/src/cookies.c
index a10971ca86e35fc09ccfc2436e6227224610c64c..87cc554b66dfd3adbde21cd98a0721f1eb78477c 100644 (file)
--- a/src/cookies.c
+++ b/src/cookies.c
@@ -673,9 +673,6 @@ cookie_handle_set_cookie (struct cookie_jar *jar,
 
   if (!cookie->domain)
     {
-    copy_domain:
-      /* If the domain was not provided, we use the one we're talking
-         to, and set exact match.  */
       cookie->domain = xstrdup (host);
       cookie->domain_exact = 1;
       /* Set the port, but only if it's non-default. */
@@ -687,11 +684,12 @@ cookie_handle_set_cookie (struct cookie_jar *jar,
       if (!check_domain_match (cookie->domain, host))
         {
           logprintf (LOG_NOTQUIET,
-                     _("Cookie coming from %s attempted to set domain to %s\n"),
-                     quotearg_style (escape_quoting_style, host),
+                     _("Cookie coming from %s attempted to set domain to "),
+                     quotearg_style (escape_quoting_style, host));
+          logprintf (LOG_NOTQUIET,
+                     _("%s\n"),
                      quotearg_style (escape_quoting_style, cookie->domain));
-          xfree (cookie->domain);
-          goto copy_domain;
+          cookie->discard_requested = true;
         }
     }