diff options
| author | Moonchild <moonchild@palemoon.org> | 2023-10-25 04:31:47 +0200 |
|---|---|---|
| committer | Moonchild <moonchild@palemoon.org> | 2023-10-25 04:31:47 +0200 |
| commit | 028aa731edbec7f60e72011b8bdc93222d5e5279 (patch) | |
| tree | 22873d4f03c63a0183ce89e17eb332b2946be9c3 | |
| parent | 688ed9a1140c944c6b5a50bf75025b066bd002d7 (diff) | |
| download | uxp-028aa731edbec7f60e72011b8bdc93222d5e5279.tar.gz | |
[network] Block more invalid cookie name characters.
This blocks the following characters from use in the cookie name:
0x3B (semi-colon), 0x3D (equals) and 0x7F (del)
| -rw-r--r-- | netwerk/cookie/nsCookieService.cpp | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/netwerk/cookie/nsCookieService.cpp b/netwerk/cookie/nsCookieService.cpp index 2c8a5612f3..2549ffaccb 100644 --- a/netwerk/cookie/nsCookieService.cpp +++ b/netwerk/cookie/nsCookieService.cpp @@ -3329,7 +3329,8 @@ nsCookieService::SetCookieInternal(nsIURI *aHostURI, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, - 0x1F, /* 0x20, */ 0x00 }; + 0x1F, /* 0x20, */ 0x3B, 0x3D, 0x7F, + 0x00 }; if (cookieAttributes.name.FindCharInSet(illegalNameCharacters, 0) != -1) { COOKIE_LOGFAILURE(SET_COOKIE, aHostURI, savedCookieHeader, "invalid name character"); return newCookie; |