From 6443581d72c753cfc10dce996c741dbbcc0bc046 Mon Sep 17 00:00:00 2001 From: Darshit Shah Date: Sun, 24 Feb 2013 19:35:25 +0530 Subject: [PATCH] Fix behaviour to match RFC 6265 on encountering domain mismatch. --- src/ChangeLog | 5 +++++ src/cookies.c | 12 +++++------- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index bbc67352..c37fb85a 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,8 @@ +2013-02-15 Darshit Shah + + * cookies.c (cookie_handle_set_cookie): Set cookie-descard_requested + to true on domain mismatch. + 2012-12-20 Tim Ruehsen * gnutls.c (ssl_connect_wget): added +VERS-SSL3.0 to fix diff --git a/src/cookies.c b/src/cookies.c index a10971ca..87cc554b 100644 --- a/src/cookies.c +++ b/src/cookies.c @@ -673,9 +673,6 @@ cookie_handle_set_cookie (struct cookie_jar *jar, if (!cookie->domain) { - copy_domain: - /* If the domain was not provided, we use the one we're talking - to, and set exact match. */ cookie->domain = xstrdup (host); cookie->domain_exact = 1; /* Set the port, but only if it's non-default. */ @@ -687,11 +684,12 @@ cookie_handle_set_cookie (struct cookie_jar *jar, if (!check_domain_match (cookie->domain, host)) { logprintf (LOG_NOTQUIET, - _("Cookie coming from %s attempted to set domain to %s\n"), - quotearg_style (escape_quoting_style, host), + _("Cookie coming from %s attempted to set domain to "), + quotearg_style (escape_quoting_style, host)); + logprintf (LOG_NOTQUIET, + _("%s\n"), quotearg_style (escape_quoting_style, cookie->domain)); - xfree (cookie->domain); - goto copy_domain; + cookie->discard_requested = true; } } -- 2.39.2