From 50958288e4493920f18ef9f9b062e01bd4782239 Mon Sep 17 00:00:00 2001 From: Peter Hartmann Date: Mon, 31 May 2010 13:08:33 +0200 Subject: QNetworkCookie: do not accept cookies with non-alNum domain do not accept a cookie whose domain attribute cannot be converted to an ACE domain. Reviewed-by: Thiago Macieira Task-number: QTBUG-11029 --- src/network/access/qnetworkcookie.cpp | 2 ++ tests/auto/qnetworkcookie/tst_qnetworkcookie.cpp | 6 ++++++ 2 files changed, 8 insertions(+) diff --git a/src/network/access/qnetworkcookie.cpp b/src/network/access/qnetworkcookie.cpp index 865d338..d1bdd57 100644 --- a/src/network/access/qnetworkcookie.cpp +++ b/src/network/access/qnetworkcookie.cpp @@ -991,6 +991,8 @@ QList QNetworkCookiePrivate::parseSetCookieHeaderLine(const QByt } QString normalizedDomain = QUrl::fromAce(QUrl::toAce(QString::fromUtf8(rawDomain))); + if (normalizedDomain.isEmpty() && !rawDomain.isEmpty()) + return result; cookie.setDomain(maybeLeadingDot + normalizedDomain); } else if (field.first == "max-age") { bool ok = false; diff --git a/tests/auto/qnetworkcookie/tst_qnetworkcookie.cpp b/tests/auto/qnetworkcookie/tst_qnetworkcookie.cpp index 5854ae1..72d8eda 100644 --- a/tests/auto/qnetworkcookie/tst_qnetworkcookie.cpp +++ b/tests/auto/qnetworkcookie/tst_qnetworkcookie.cpp @@ -693,6 +693,12 @@ void tst_QNetworkCookie::parseMultipleCookies_data() cookieA.setPath("/foo"); list = QList() << cookieA << cookieB; QTest::newRow("real-3") << "a=b; expires=Mar 10 07:00:00 2009 GMT, Tue; path=/foo\nc=d; expires=Fri Mar 20 07:00:00 2009 GMT" << list; + + // do not accept cookies with non-alphanumeric characters in domain field (QTBUG-11029) + cookie = QNetworkCookie("NonAlphNumDomName", "NonAlphNumDomValue"); + cookie.setDomain("!@#$%^&*();:."); // the ';' is actually problematic, because it is a separator + list = QList(); + QTest::newRow("domain-non-alpha-numeric") << "NonAlphNumDomName=NonAlphNumDomValue; domain=!@#$%^&*()" << list; } void tst_QNetworkCookie::parseMultipleCookies() -- cgit v0.12