ios/net/cookies/cookie_store_ios.mm - Issue 2861063003: Remove dangerous CanonicalCookie::Create method.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: ios/net/cookies/cookie_store_ios.mm

Issue 2861063003: Remove dangerous CanonicalCookie::Create method. (Closed)

Patch Set: Use creation_time for last_access_time as per Elly's suggestion. Created 3 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: ios/net/cookies/cookie_store_ios.mm

diff --git a/ios/net/cookies/cookie_store_ios.mm b/ios/net/cookies/cookie_store_ios.mm

index 8e9e9ea2c4ce0d4b66dd3589f138341006f6a679..1856af7b8d303b7ec02a600ca0d74a6ef2546cc8 100644

--- a/ios/net/cookies/cookie_store_ios.mm

+++ b/ios/net/cookies/cookie_store_ios.mm

@@ -374,12 +374,43 @@ void CookieStoreIOS::SetCookieWithDetailsAsync(

if (creation_time.is_null())

creation_time = base::Time::Now();

+ // Validate consistency of passed arguments.

+ if (ParsedCookie::ParseTokenString(name) != name ||

+ ParsedCookie::ParseValueString(value) != value ||

+ ParsedCookie::ParseValueString(domain) != domain ||

+ ParsedCookie::ParseValueString(path) != path) {

+ if (!callback.is_null())

+ callback.Run(false);

+ return;

+ }

+ // Validate passed arguments against URL.

+ std::string cookie_domain;

+ std::string cookie_path = CanonicalCookie::CanonPathWithString(url, path);

+ if ((secure && !url.SchemeIsCryptographic()) ||

+ !cookie_util::GetCookieDomainWithString(url, domain, &cookie_domain) ||

+ (!path.empty() && cookie_path != path)) {

+ if (!callback.is_null())

+ callback.Run(false);

+ return;

+ }

+ // Canonicalize path again to make sure it escapes characters as needed.

+ url::Component path_component(0, cookie_path.length());

+ url::RawCanonOutputT<char> canon_path;

+ url::Component canon_path_component;

+ url::CanonicalizePath(cookie_path.data(), path_component, &canon_path,

+ &canon_path_component);

+ cookie_path = std::string(canon_path.data() + canon_path_component.begin,

+ canon_path_component.len);

// First create a CanonicalCookie, to normalize the arguments,

// particularly domain and path, and perform validation.

std::unique_ptr<net::CanonicalCookie> canonical_cookie =

- net::CanonicalCookie::Create(

- url, name, value, domain, path, creation_time, expiration_time,

- secure, http_only, same_site, priority);

+ net::CanonicalCookie::Create(name, value, cookie_domain, cookie_path,

+ creation_time, expiration_time,

+ creation_time, secure, http_only, same_site,

+ priority);

if (canonical_cookie) {

NSHTTPCookie* cookie = SystemCookieFromCanonicalCookie(*canonical_cookie);

« no previous file with comments | « ios/net/cookies/cookie_cache_unittest.cc ('k') | ios/net/cookies/cookie_store_ios_test_util.mm » ('j') | no next file with comments »