From: Darshit Shah <darnir@gmail.com>
Date: Fri, 30 May 2014 16:40:12 +0000 (+0530)
Subject: Support libpsl for cookie domain checking
X-Git-Url: http://sjero.net/git/?p=wget;a=commitdiff_plain;h=854ebbf4ddadfa5634648504a7b26159165958ed

Support libpsl for cookie domain checking
---

diff --git a/ChangeLog b/ChangeLog
index a48e4695..cb3114d9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2014-05-30  Darshit Shah  <darnir@gmail.com>
+
+	* configure.ac: Allow compilation without libpsl.
+	* README.checkout: Add libpsl as a dependency.
+
 2014-05-24  Giuseppe Scrivano  <gscrivan@redhat.com>
 
 	* gnulib: update module.
diff --git a/NEWS b/NEWS
index d911febe..2922cde2 100644
--- a/NEWS
+++ b/NEWS
@@ -8,6 +8,8 @@ Please send GNU Wget bug reports to <bug-wget@gnu.org>.
 
 * Changes in Wget X.Y.Z
 
+** Use libpsl for verifying cookie domains
+
 ** Default progress bar output changed
 
 ** Introduce --show-progress to force display the progress bar
diff --git a/README.checkout b/README.checkout
index 7c0f42b4..e55a7e42 100644
--- a/README.checkout
+++ b/README.checkout
@@ -4,8 +4,8 @@ Compiling From Repository Sources
    does not contain automatically-generated files, even when these are
    normally present in the distribution tarballs. Therefore, to build GNU
    Wget from the sources in the repository, you'll need to have one or
-   more of the following (note that gettext, OpenSSL, libidn and libiconv
-   are not absolutely required):
+   more of the following (note that gettext, OpenSSL, libidn, libiconv
+   and libpsl are not absolutely required):
 
      * [20]autoconf (currently, GNU Wget requires version 2.61). This is
        needed to generate the configure script from configure.in. This is
@@ -68,6 +68,9 @@ Compiling From Repository Sources
 
      * [34]git is used to fetch gnulib files trough the bootstrap.sh script.
 
+     * [35]libpsl is required for using a public suffix list to check for valid
+       cookie domains.
+
    For those who might be confused as to what to do once they check out
    the source code, considering configure and Makefile do not yet exist at
    that point, a shell script called bootstrap.sh has been provided. After
@@ -96,21 +99,21 @@ Compiling From Repository Sources
 
  Originally written by Hrvoje Niksic <hniksic@xemacs.org>.
 
-     * [35]Edit
-     * [36]Comments
-     * [37]Info
-     * [38]Attachments
+     * [36]Edit
+     * [37]Comments
+     * [38]Info
+     * [39]Attachments
      * More Actions:
        [Raw Text................] Do
 
-     * [39]MoinMoin Powered
-     * [40]Python Powered
-     * [41]GPL licensed
-     * [42]Valid HTML 4.01
+     * [40]MoinMoin Powered
+     * [41]Python Powered
+     * [42]GPL licensed
+     * [43]Valid HTML 4.01
      __________________________________________________________________
 
    All content © 2007 Free Software Foundation. For terms of use,
-   redistribution, and modification, please see the [43]WikiLicense page.
+   redistribution, and modification, please see the [44]WikiLicense page.
 
 References
 
@@ -129,12 +132,13 @@ References
   32. http://www.gnu.org/software/libidn/
   33. http://www.gnu.org/software/libiconv/
   34. http://git-scm.com/
-  35. http://wget.addictivecode.org/CompilingRepoSources?action=edit&editor=text
-  36. http://wget.addictivecode.org/CompilingRepoSources
-  37. http://wget.addictivecode.org/CompilingRepoSources?action=info
-  38. http://wget.addictivecode.org/CompilingRepoSources?action=AttachFile
-  39. http://moinmo.in/
-  40. http://moinmo.in/Python
-  41. http://moinmo.in/GPL
-  42. http://validator.w3.org/check?uri=referer
-  43. http://wget.addictivecode.org/WikiLicense
+  35. https://github.com/rockdaboot/libpsl
+  36. http://wget.addictivecode.org/CompilingRepoSources?action=edit&editor=text
+  37. http://wget.addictivecode.org/CompilingRepoSources
+  38. http://wget.addictivecode.org/CompilingRepoSources?action=info
+  39. http://wget.addictivecode.org/CompilingRepoSources?action=AttachFile
+  40. http://moinmo.in/
+  41. http://moinmo.in/Python
+  42. http://moinmo.in/GPL
+  43. http://validator.w3.org/check?uri=referer
+  44. http://wget.addictivecode.org/WikiLicense
diff --git a/configure.ac b/configure.ac
index c5437bf9..d2c2e702 100644
--- a/configure.ac
+++ b/configure.ac
@@ -61,6 +61,10 @@ dnl
 dnl Process features.
 dnl
 
+AC_ARG_WITH(libpsl,
+    AS_HELP_STRING([--without-libpsl],
+                   [disable support for libpsl cookie checking.]))
+
 AC_ARG_WITH(ssl,
 [[  --without-ssl           disable SSL autodetection
   --with-ssl={gnutls,openssl} specify the SSL backend.  GNU TLS is the default.]])
@@ -237,6 +241,11 @@ dnl
 dnl Checks for libraries.
 dnl
 
+AS_IF([test x"$with_libpsl" != xno], [
+  with_libpsl=yes
+  AC_CHECK_LIB([psl], [psl_builtin])
+])
+
 AS_IF([test x"$with_zlib" != xno], [
   with_zlib=yes
   AC_CHECK_LIB(z, compress)
@@ -358,6 +367,7 @@ else
   fi
 fi
 
+
 dnl **********************************************************************
 dnl Checks for IPv6
 dnl **********************************************************************
@@ -580,6 +590,7 @@ AC_MSG_NOTICE([Summary of build options:
   Libs:              $LIBS
   SSL:               $with_ssl
   Zlib:              $with_zlib
+  PSL:               $with_libpsl
   Digest:            $ENABLE_DIGEST
   NTLM:              $ENABLE_NTLM
   OPIE:              $ENABLE_OPIE
diff --git a/src/ChangeLog b/src/ChangeLog
index ceac5aaa..10dd42bb 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,8 @@
+2014-05-30  Darshit Shah  <darnir@gmail.com>
+
+	* cookies.c (check_domain_match): Use libpsl to check if the cookie domain
+	is valid. Also remove unneeded test for numeric addresses.
+
 2014-05-30  Darshit Shah  <darnir@gmail.com>
 
 	* connect.{c,h}, convert.{c,h}, cookies.{c,h}, ftp-ls.c, ftp.h, gettext.h,
@@ -22,7 +27,6 @@
 	needs to modify the string.
 	(bar_set_params): Add support for noscroll parameter to bar.
 
-
 2014-05-03  Tim Ruehsen  <tim.ruehsen@gmx.de>
 
 	* ftp-ls.c (ftp_parse_vms_ls): Explicitly typecast strlen's output
diff --git a/src/build_info.c.in b/src/build_info.c.in
index c0b1677f..7b46da89 100644
--- a/src/build_info.c.in
+++ b/src/build_info.c.in
@@ -7,6 +7,7 @@ large-file      SIZEOF_OFF_T >= 8
 nls             defined ENABLE_NLS
 ntlm            defined ENABLE_NTLM
 opie            defined ENABLE_OPIE
+psl             defined HAVE_LIBPSL
 
 ssl choice:
     openssl     defined HAVE_LIBSSL || defined HAVE_LIBSSL32
diff --git a/src/cookies.c b/src/cookies.c
index 7f5ba962..2c78fdf0 100644
--- a/src/cookies.c
+++ b/src/cookies.c
@@ -51,6 +51,7 @@ as that of the covered work.  */
 #include <assert.h>
 #include <errno.h>
 #include <time.h>
+#include <libpsl.h>
 #include "utils.h"
 #include "hash.h"
 #include "cookies.h"
@@ -503,14 +504,27 @@ numeric_address_p (const char *addr)
 static bool
 check_domain_match (const char *cookie_domain, const char *host)
 {
+
+#ifdef HAVE_LIBPSL
   DEBUGP (("cdm: 1"));
+  const psl_ctx_t *psl;
+  int is_acceptable;
+
+  if (!(psl = psl_builtin()))
+    {
+      DEBUGP (("\nlibpsl not built with a public suffix list. "
+               "Falling back to simple heuristics.\n"));
+      goto no_psl;
+    }
+
+  is_acceptable = psl_is_cookie_domain_acceptable (psl, host, cookie_domain);
+  return true ? (is_acceptable == 1) : false;
 
-  /* Numeric address requires exact match.  It also requires HOST to
-     be an IP address.  */
-  if (numeric_address_p (cookie_domain))
-    return 0 == strcmp (cookie_domain, host);
+no_psl:
+#endif
 
-  DEBUGP ((" 2"));
+  /* For efficiency make some elementary checks first */
+  DEBUGP (("cdm: 2"));
 
   /* For the sake of efficiency, check for exact match first. */
   if (0 == strcasecmp (cookie_domain, host))