[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor-browser] 03/09: Bug 1779993 - Reject cookies with no name and a Secure- or Host- prefix r=necko-reviewers, kershaw a=RyanVM

To: tor-commits@xxxxxxxxxxxxxxxxxxxx, tbb-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [tor-browser] 03/09: Bug 1779993 - Reject cookies with no name and a __Secure- or __Host- prefix r=necko-reviewers, kershaw a=RyanVM
From: gitolite role via tor-commits <tor-commits@xxxxxxxxxxxxxxxxxxxx>
Date: Thu, 22 Sep 2022 19:17:09 +0000
Auto-submitted: auto-generated
Cc: gitolite role <git@xxxxxxxxxxxxxxxxxxxxx>
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 22 Sep 2022 15:17:35 -0400
In-reply-to: <166387422628.25908.2745623586967122692@cupani.torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
References: <166387422628.25908.2745623586967122692@cupani.torproject.org>
Reply-to: Valentin Gosu <valentin.gosu@xxxxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>
Thread-index: AQAAEjRWy/beJmr6REmtXSVVEkyWcA==

This is an automated email from the git hooks/post-receive script.

richard pushed a commit to branch tor-browser-91.13.0esr-11.5-1
in repository tor-browser.

commit 6b11a0a00ce64add6ca5dc8da581d563515afa5c
Author: Valentin Gosu <valentin.gosu@xxxxxxxxx>
AuthorDate: Wed Sep 7 19:04:22 2022 +0000

    Bug 1779993 - Reject cookies with no name and a __Secure- or __Host- prefix r=necko-reviewers,kershaw a=RyanVM
    
    Differential Revision: https://phabricator.services.mozilla.com/D156554
---
 netwerk/cookie/CookieService.cpp  | 33 ++++++++++++++++++++++++++++++++-
 netwerk/cookie/CookieService.h    |  1 +
 netwerk/test/gtest/TestCookie.cpp | 26 ++++++++++++++++++++++++++
 3 files changed, 59 insertions(+), 1 deletion(-)

diff --git a/netwerk/cookie/CookieService.cpp b/netwerk/cookie/CookieService.cpp
index 956090aabca6..4c55fbe8307a 100644
--- a/netwerk/cookie/CookieService.cpp
+++ b/netwerk/cookie/CookieService.cpp
@@ -1139,6 +1139,18 @@ bool CookieService::CanSetCookie(
     return newCookie;
   }
 
+  if (!CheckHiddenPrefix(aCookieData)) {
+    COOKIE_LOGFAILURE(SET_COOKIE, aHostURI, savedCookieHeader,
+                      "failed the CheckHiddenPrefix tests");
+    CookieLogging::LogMessageToConsole(
+        aCRC, aHostURI, nsIScriptError::warningFlag, CONSOLE_REJECTION_CATEGORY,
+        "CookieRejectedInvalidPrefix"_ns,
+        AutoTArray<nsString, 1>{
+            NS_ConvertUTF8toUTF16(aCookieData.name()),
+        });
+    return newCookie;
+  }
+
   // magic prefix checks. MUST be run after CheckDomain() and CheckPath()
   if (!CheckPrefixes(aCookieData, potentiallyTurstworthy)) {
     COOKIE_LOGFAILURE(SET_COOKIE, aHostURI, savedCookieHeader,
@@ -1773,6 +1785,25 @@ bool CookieService::CheckDomain(CookieStruct& aCookieData, nsIURI* aHostURI,
   return true;
 }
 
+// static
+bool CookieService::CheckHiddenPrefix(CookieStruct& aCookieData) {
+  // If a cookie is nameless, then its value must not start with
+  // `__Host-` or `__Secure-`
+  if (!aCookieData.name().IsEmpty()) {
+    return true;
+  }
+
+  if (StringBeginsWith(aCookieData.value(), "__Host-"_ns)) {
+    return false;
+  }
+
+  if (StringBeginsWith(aCookieData.value(), "__Secure-"_ns)) {
+    return false;
+  }
+
+  return true;
+}
+
 namespace {
 nsAutoCString GetPathFromURI(nsIURI* aHostURI) {
   // strip down everything after the last slash to get the path,
@@ -1849,7 +1880,7 @@ bool CookieService::CheckPath(CookieStruct& aCookieData,
 // CheckPrefixes
 //
 // Reject cookies whose name starts with the magic prefixes from
-// https://tools.ietf.org/html/draft-ietf-httpbis-cookie-prefixes-00
+// https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis
 // if they do not meet the criteria required by the prefix.
 //
 // Must not be called until after CheckDomain() and CheckPath() have
diff --git a/netwerk/cookie/CookieService.h b/netwerk/cookie/CookieService.h
index fbb5ff04bf28..06323ee53e93 100644
--- a/netwerk/cookie/CookieService.h
+++ b/netwerk/cookie/CookieService.h
@@ -122,6 +122,7 @@ class CookieService final : public nsICookieService,
   static bool CheckDomain(CookieStruct& aCookieData, nsIURI* aHostURI,
                           const nsACString& aBaseDomain,
                           bool aRequireHostMatch);
+  static bool CheckHiddenPrefix(CookieStruct& aCookieData);
   static bool CheckPath(CookieStruct& aCookieData,
                         nsIConsoleReportCollector* aCRC, nsIURI* aHostURI);
   static bool CheckPrefixes(CookieStruct& aCookieData, bool aSecureRequest);
diff --git a/netwerk/test/gtest/TestCookie.cpp b/netwerk/test/gtest/TestCookie.cpp
index 368915f99d57..7fc9f01632c1 100644
--- a/netwerk/test/gtest/TestCookie.cpp
+++ b/netwerk/test/gtest/TestCookie.cpp
@@ -1061,3 +1061,29 @@ TEST(TestCookie, OnionSite)
   GetACookieNoHttp(cookieService, "http://123456789abcdef.onion/";, cookie);
   EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=onion-security4"));
 }
+
+TEST(TestCookie, HiddenPrefix)
+{
+  nsresult rv;
+  nsCString cookie;
+
+  nsCOMPtr<nsICookieService> cookieService =
+      do_GetService(kCookieServiceCID, &rv);
+  ASSERT_TRUE(NS_SUCCEEDED(rv));
+
+  SetACookie(cookieService, "http://hiddenprefix.test/";, "=__Host-test=a");
+  GetACookie(cookieService, "http://hiddenprefix.test/";, cookie);
+  EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL));
+
+  SetACookie(cookieService, "http://hiddenprefix.test/";, "=__Secure-test=a");
+  GetACookie(cookieService, "http://hiddenprefix.test/";, cookie);
+  EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL));
+
+  SetACookie(cookieService, "http://hiddenprefix.test/";, "=__Host-check");
+  GetACookie(cookieService, "http://hiddenprefix.test/";, cookie);
+  EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL));
+
+  SetACookie(cookieService, "http://hiddenprefix.test/";, "=__Secure-check");
+  GetACookie(cookieService, "http://hiddenprefix.test/";, cookie);
+  EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL));
+}

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

References:
- [tor-commits] [tor-browser] branch tor-browser-91.13.0esr-11.5-1 updated (d5af74fa1bd2 -> e2491522e54d)
  - From: gitolite role via tor-commits

Prev by Author: [tor-commits] [tor-browser] 21/65: Omnibox: Add DDG, Startpage, Disconnect, Youtube, Twitter; remove Amazon, eBay, bing
Next by Author: [tor-commits] [tor-browser] 01/65: Bug 1784588 - Fix SplitDriverVersion when the string has less than 4 numbers. r=aosmond
Previous by thread: [tor-commits] [tor-browser] 02/09: Bug 1787633 - Make nsTextToSubURI::UnEscapeNonAsciiURI static. r=m_kato, a=RyanVM
Next by thread: [tor-commits] [tor-browser] 04/09: Bug 1770094 r=freddyb, emilio a=RyanVM
Index(es):
- Author
- Thread

[tor-commits] [tor-browser] 03/09: Bug 1779993 - Reject cookies with no name and a __Secure- or __Host- prefix r=necko-reviewers, kershaw a=RyanVM

[tor-commits] [tor-browser] 03/09: Bug 1779993 - Reject cookies with no name and a Secure- or Host- prefix r=necko-reviewers, kershaw a=RyanVM