Support libpsl for cookie domain checking

diff --git a/ChangeLog b/ChangeLog
index a48e4695d22510c42baedfcfba746c4d0a7366a7..cb3114d90ef5c5a30d7512e3c0cc23a76ab50d9e 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2014-05-30  Darshit Shah  <darnir@gmail.com>
+
+       * configure.ac: Allow compilation without libpsl.
+       * README.checkout: Add libpsl as a dependency.
+

 2014-05-24  Giuseppe Scrivano  <gscrivan@redhat.com>
 
        * gnulib: update module.
 2014-05-24  Giuseppe Scrivano  <gscrivan@redhat.com>
 
        * gnulib: update module.

diff --git a/NEWS b/NEWS
index d911febe38469c8cbddee1f15f6320f39e15823a..2922cde2e69c37b40bc770aa9ed0e119f31ed390 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -8,6 +8,8 @@ Please send GNU Wget bug reports to <bug-wget@gnu.org>.
 \f
 * Changes in Wget X.Y.Z
 
 \f
 * Changes in Wget X.Y.Z
 

+** Use libpsl for verifying cookie domains
+

 ** Default progress bar output changed
 
 ** Introduce --show-progress to force display the progress bar
 ** Default progress bar output changed
 
 ** Introduce --show-progress to force display the progress bar

diff --git a/README.checkout b/README.checkout
index 7c0f42b4d9baafe7251014fae8163371abc95352..e55a7e42d0048452f63f38c9cfc5e865ef467ab3 100644 (file)
--- a/README.checkout
+++ b/README.checkout
@@ -4,8 +4,8 @@ Compiling From Repository Sources
    does not contain automatically-generated files, even when these are
    normally present in the distribution tarballs. Therefore, to build GNU
    Wget from the sources in the repository, you'll need to have one or
    does not contain automatically-generated files, even when these are
    normally present in the distribution tarballs. Therefore, to build GNU
    Wget from the sources in the repository, you'll need to have one or

-   more of the following (note that gettext, OpenSSL, libidn and libiconv
-   are not absolutely required):
+   more of the following (note that gettext, OpenSSL, libidn, libiconv
+   and libpsl are not absolutely required):

 
      * [20]autoconf (currently, GNU Wget requires version 2.61). This is
        needed to generate the configure script from configure.in. This is
 
      * [20]autoconf (currently, GNU Wget requires version 2.61). This is
        needed to generate the configure script from configure.in. This is


@@ -68,6 +68,9 @@ Compiling From Repository Sources
 
      * [34]git is used to fetch gnulib files trough the bootstrap.sh script.
 
 
      * [34]git is used to fetch gnulib files trough the bootstrap.sh script.
 

+     * [35]libpsl is required for using a public suffix list to check for valid
+       cookie domains.
+

    For those who might be confused as to what to do once they check out
    the source code, considering configure and Makefile do not yet exist at
    that point, a shell script called bootstrap.sh has been provided. After
    For those who might be confused as to what to do once they check out
    the source code, considering configure and Makefile do not yet exist at
    that point, a shell script called bootstrap.sh has been provided. After


@@ -96,21 +99,21 @@ Compiling From Repository Sources
 
  Originally written by Hrvoje Niksic <hniksic@xemacs.org>.
 
 
  Originally written by Hrvoje Niksic <hniksic@xemacs.org>.
 

-     * [35]Edit
-     * [36]Comments
-     * [37]Info
-     * [38]Attachments
+     * [36]Edit
+     * [37]Comments
+     * [38]Info
+     * [39]Attachments

      * More Actions:
        [Raw Text................] Do
 
      * More Actions:
        [Raw Text................] Do
 

-     * [39]MoinMoin Powered
-     * [40]Python Powered
-     * [41]GPL licensed
-     * [42]Valid HTML 4.01
+     * [40]MoinMoin Powered
+     * [41]Python Powered
+     * [42]GPL licensed
+     * [43]Valid HTML 4.01

      __________________________________________________________________
 
    All content © 2007 Free Software Foundation. For terms of use,
      __________________________________________________________________
 
    All content © 2007 Free Software Foundation. For terms of use,

-   redistribution, and modification, please see the [43]WikiLicense page.
+   redistribution, and modification, please see the [44]WikiLicense page.

 
 References
 
 
 References
 


@@ -129,12 +132,13 @@ References
   32. http://www.gnu.org/software/libidn/
   33. http://www.gnu.org/software/libiconv/
   34. http://git-scm.com/
   32. http://www.gnu.org/software/libidn/
   33. http://www.gnu.org/software/libiconv/
   34. http://git-scm.com/

-  35. http://wget.addictivecode.org/CompilingRepoSources?action=edit&editor=text
-  36. http://wget.addictivecode.org/CompilingRepoSources
-  37. http://wget.addictivecode.org/CompilingRepoSources?action=info
-  38. http://wget.addictivecode.org/CompilingRepoSources?action=AttachFile
-  39. http://moinmo.in/
-  40. http://moinmo.in/Python
-  41. http://moinmo.in/GPL
-  42. http://validator.w3.org/check?uri=referer
-  43. http://wget.addictivecode.org/WikiLicense
+  35. https://github.com/rockdaboot/libpsl
+  36. http://wget.addictivecode.org/CompilingRepoSources?action=edit&editor=text
+  37. http://wget.addictivecode.org/CompilingRepoSources
+  38. http://wget.addictivecode.org/CompilingRepoSources?action=info
+  39. http://wget.addictivecode.org/CompilingRepoSources?action=AttachFile
+  40. http://moinmo.in/
+  41. http://moinmo.in/Python
+  42. http://moinmo.in/GPL
+  43. http://validator.w3.org/check?uri=referer
+  44. http://wget.addictivecode.org/WikiLicense

diff --git a/configure.ac b/configure.ac
index c5437bf9de8f06637f332311f5981624f0897c5e..d2c2e7021b757ff01af6115c212139c6dfa23e2d 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -61,6 +61,10 @@ dnl
 dnl Process features.
 dnl
 
 dnl Process features.
 dnl
 

+AC_ARG_WITH(libpsl,
+    AS_HELP_STRING([--without-libpsl],
+                   [disable support for libpsl cookie checking.]))
+

 AC_ARG_WITH(ssl,
 [[  --without-ssl           disable SSL autodetection
   --with-ssl={gnutls,openssl} specify the SSL backend.  GNU TLS is the default.]])
 AC_ARG_WITH(ssl,
 [[  --without-ssl           disable SSL autodetection
   --with-ssl={gnutls,openssl} specify the SSL backend.  GNU TLS is the default.]])


@@ -237,6 +241,11 @@ dnl
 dnl Checks for libraries.
 dnl
 
 dnl Checks for libraries.
 dnl
 

+AS_IF([test x"$with_libpsl" != xno], [
+  with_libpsl=yes
+  AC_CHECK_LIB([psl], [psl_builtin])
+])
+

 AS_IF([test x"$with_zlib" != xno], [
   with_zlib=yes
   AC_CHECK_LIB(z, compress)
 AS_IF([test x"$with_zlib" != xno], [
   with_zlib=yes
   AC_CHECK_LIB(z, compress)


@@ -358,6 +367,7 @@ else
   fi
 fi
 
   fi
 fi
 

+

 dnl **********************************************************************
 dnl Checks for IPv6
 dnl **********************************************************************
 dnl **********************************************************************
 dnl Checks for IPv6
 dnl **********************************************************************


@@ -580,6 +590,7 @@ AC_MSG_NOTICE([Summary of build options:
   Libs:              $LIBS
   SSL:               $with_ssl
   Zlib:              $with_zlib
   Libs:              $LIBS
   SSL:               $with_ssl
   Zlib:              $with_zlib

+  PSL:               $with_libpsl

   Digest:            $ENABLE_DIGEST
   NTLM:              $ENABLE_NTLM
   OPIE:              $ENABLE_OPIE
   Digest:            $ENABLE_DIGEST
   NTLM:              $ENABLE_NTLM
   OPIE:              $ENABLE_OPIE

diff --git a/src/ChangeLog b/src/ChangeLog
index ceac5aaa74d75fbe6dd6fc372c03c22f15d298f2..10dd42bba9da5e2c19ae6131664518a2ab4bea5a 100644 (file)
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,8 @@
+2014-05-30  Darshit Shah  <darnir@gmail.com>
+
+       * cookies.c (check_domain_match): Use libpsl to check if the cookie domain
+       is valid. Also remove unneeded test for numeric addresses.
+

 2014-05-30  Darshit Shah  <darnir@gmail.com>
 
        * connect.{c,h}, convert.{c,h}, cookies.{c,h}, ftp-ls.c, ftp.h, gettext.h,
 2014-05-30  Darshit Shah  <darnir@gmail.com>
 
        * connect.{c,h}, convert.{c,h}, cookies.{c,h}, ftp-ls.c, ftp.h, gettext.h,


@@ -22,7 +27,6 @@
        needs to modify the string.
        (bar_set_params): Add support for noscroll parameter to bar.
 
        needs to modify the string.
        (bar_set_params): Add support for noscroll parameter to bar.
 

-

 2014-05-03  Tim Ruehsen  <tim.ruehsen@gmx.de>
 
        * ftp-ls.c (ftp_parse_vms_ls): Explicitly typecast strlen's output
 2014-05-03  Tim Ruehsen  <tim.ruehsen@gmx.de>
 
        * ftp-ls.c (ftp_parse_vms_ls): Explicitly typecast strlen's output

diff --git a/src/build_info.c.in b/src/build_info.c.in
index c0b1677f048cbf86b6a0d43a6ade8772adc8719d..7b46da89eb2b7dabc462ac08534527865aaf49bc 100644 (file)
--- a/src/build_info.c.in
+++ b/src/build_info.c.in
@@ -7,6 +7,7 @@ large-file      SIZEOF_OFF_T >= 8
 nls             defined ENABLE_NLS
 ntlm            defined ENABLE_NTLM
 opie            defined ENABLE_OPIE
 nls             defined ENABLE_NLS
 ntlm            defined ENABLE_NTLM
 opie            defined ENABLE_OPIE

+psl             defined HAVE_LIBPSL

 
 ssl choice:
     openssl     defined HAVE_LIBSSL || defined HAVE_LIBSSL32
 
 ssl choice:
     openssl     defined HAVE_LIBSSL || defined HAVE_LIBSSL32

diff --git a/src/cookies.c b/src/cookies.c
index 7f5ba96290cab3c583678c90fd482c02f96a741b..2c78fdf0cd3ad4135def6ddb8d9f2573e989a924 100644 (file)
--- a/src/cookies.c
+++ b/src/cookies.c
@@ -51,6 +51,7 @@ as that of the covered work.  */
 #include <assert.h>
 #include <errno.h>
 #include <time.h>
 #include <assert.h>
 #include <errno.h>
 #include <time.h>

+#include <libpsl.h>

 #include "utils.h"
 #include "hash.h"
 #include "cookies.h"
 #include "utils.h"
 #include "hash.h"
 #include "cookies.h"


@@ -503,14 +504,27 @@ numeric_address_p (const char *addr)
 static bool
 check_domain_match (const char *cookie_domain, const char *host)
 {
 static bool
 check_domain_match (const char *cookie_domain, const char *host)
 {

+
+#ifdef HAVE_LIBPSL

   DEBUGP (("cdm: 1"));
   DEBUGP (("cdm: 1"));

+  const psl_ctx_t *psl;
+  int is_acceptable;
+
+  if (!(psl = psl_builtin()))
+    {
+      DEBUGP (("\nlibpsl not built with a public suffix list. "
+               "Falling back to simple heuristics.\n"));
+      goto no_psl;
+    }
+
+  is_acceptable = psl_is_cookie_domain_acceptable (psl, host, cookie_domain);
+  return true ? (is_acceptable == 1) : false;

 
 

-  /* Numeric address requires exact match.  It also requires HOST to
-     be an IP address.  */
-  if (numeric_address_p (cookie_domain))
-    return 0 == strcmp (cookie_domain, host);
+no_psl:
+#endif

 
 

-  DEBUGP ((" 2"));
+  /* For efficiency make some elementary checks first */
+  DEBUGP (("cdm: 2"));

 
   /* For the sake of efficiency, check for exact match first. */
   if (0 == strcasecmp (cookie_domain, host))
 
   /* For the sake of efficiency, check for exact match first. */
   if (0 == strcasecmp (cookie_domain, host))