[vlc-commits] http cookies: take explicit secure flag, host and path

Rémi Denis-Courmont git at videolan.org
Sat Dec 19 15:59:10 CET 2015 

vlc | branch: master | Rémi Denis-Courmont <remi at remlab.net> | Sat Dec 19 16:36:37 2015 +0200| [6c76c9baaa2af52420c1bddea4eda9bae4f4d5e7] | committer: Rémi Denis-Courmont

http cookies: take explicit secure flag, host and path

There is no need for a full URL structure here, and it is sometimes
inconvenient to require one.

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=6c76c9baaa2af52420c1bddea4eda9bae4f4d5e7
---

 include/vlc_http.h     |   10 ++++--
 src/libvlccore.sym     |    2 ++
 src/misc/httpcookies.c |   87 ++++++++++++++++++++++++++++++++++++------------
 3 files changed, 75 insertions(+), 24 deletions(-)

diff --git a/include/vlc_http.h b/include/vlc_http.h
index 14d2fe5..b5ee726 100644
--- a/include/vlc_http.h
+++ b/include/vlc_http.h
@@ -78,10 +78,13 @@ VLC_API void vlc_http_cookies_destroy( vlc_http_cookie_jar_t * p_jar );
  * Parse a value of an incoming Set-Cookie header and append the
  * cookie to the cookie jar if appropriate.
  *
- * @param p_jar cookie jar object
- * @param psz_cookie_header value of Set-Cookie
+ * @param jar cookie jar object
+ * @param cookie header field value of Set-Cookie
  * @return true, if the cookie was added, false otherwise
  */
+VLC_API bool vlc_http_cookies_store( vlc_http_cookie_jar_t *jar,
+    const char *cookie, bool secure, const char *host, const char *path );
+
 VLC_API bool vlc_http_cookies_append( vlc_http_cookie_jar_t * p_jar, const char * psz_cookie_header, const vlc_url_t * p_url );
 
 /**
@@ -91,6 +94,9 @@ VLC_API bool vlc_http_cookies_append( vlc_http_cookie_jar_t * p_jar, const char
  * @param p_url the URL for which the cookies are returned
  * @return A string consisting of semicolon-separated cookie NAME=VALUE pairs.
  */
+VLC_API char *vlc_http_cookies_fetch( vlc_http_cookie_jar_t *jar, bool secure,
+                                      const char *host, const char *path );
+
 VLC_API char *vlc_http_cookies_for_url( vlc_http_cookie_jar_t * p_jar, const vlc_url_t * p_url );
 
 #endif /* VLC_HTTP_H */
diff --git a/src/libvlccore.sym b/src/libvlccore.sym
index a97ace1..c05acef 100644
--- a/src/libvlccore.sym
+++ b/src/libvlccore.sym
@@ -139,6 +139,8 @@ http_auth_ParseAuthenticationInfoHeader
 http_auth_FormatAuthorizationHeader
 vlc_http_cookies_new
 vlc_http_cookies_destroy
+vlc_http_cookies_store
+vlc_http_cookies_fetch
 vlc_http_cookies_append
 vlc_http_cookies_for_url
 httpd_ClientIP
diff --git a/src/misc/httpcookies.c b/src/misc/httpcookies.c
index 7bd9850..1d90f24 100644
--- a/src/misc/httpcookies.c
+++ b/src/misc/httpcookies.c
@@ -51,14 +51,14 @@ struct vlc_http_cookie_jar_t
     vlc_mutex_t lock;
 };
 
-static http_cookie_t * cookie_parse( const char * cookie_header, const vlc_url_t * url );
+static http_cookie_t * cookie_parse( const char *, const char *, const char * );
 static void cookie_destroy( http_cookie_t * p_cookie );
 static char * cookie_get_content( const char * cookie );
 static char * cookie_get_domain( const char * cookie );
 static char * cookie_get_attribute_value( const char * cookie, const char *attr );
 static bool cookie_has_attribute( const char * cookie, const char *attr );
-static bool cookie_should_be_sent( const http_cookie_t * cookie, const vlc_url_t * url );
-static bool cookie_is_valid( const http_cookie_t * cookie, const char *host );
+static bool cookie_should_be_sent(const http_cookie_t *, bool, const char *, const char *);
+static bool cookie_is_valid(const http_cookie_t *, bool, const char *, const char *);
 static bool cookie_domain_matches( const http_cookie_t * cookie, const char *host );
 static bool cookie_path_matches( const http_cookie_t * cookie, const char *path );
 static bool cookie_domain_is_public_suffix( const char *domain );
@@ -91,14 +91,20 @@ void vlc_http_cookies_destroy( vlc_http_cookie_jar_t * p_jar )
     free( p_jar );
 }
 
-bool vlc_http_cookies_append( vlc_http_cookie_jar_t * p_jar, const char * psz_cookie_header, const vlc_url_t *p_url )
+bool vlc_http_cookies_store(vlc_http_cookie_jar_t *p_jar, const char *cookies,
+                            bool secure, const char *host, const char *path)
 {
+    assert(host != NULL);
+    assert(path != NULL);
+
     int i;
 
-    http_cookie_t *cookie = cookie_parse( psz_cookie_header, p_url );
-    if( !cookie || !cookie_is_valid( cookie, p_url->psz_host ) )
+    http_cookie_t *cookie = cookie_parse(cookies, host, path);
+    if (cookie == NULL)
+        return false;
+    if (!cookie_is_valid(cookie, secure, host, path))
     {
-        cookie_destroy( cookie );
+        cookie_destroy(cookie);
         return false;
     }
 
@@ -131,7 +137,25 @@ bool vlc_http_cookies_append( vlc_http_cookie_jar_t * p_jar, const char * psz_co
     return true;
 }
 
-char *vlc_http_cookies_for_url( vlc_http_cookie_jar_t * p_jar, const vlc_url_t * p_url )
+bool vlc_http_cookies_append(vlc_http_cookie_jar_t *jar,
+                             const char *cookies, const vlc_url_t *url)
+{
+    bool secure;
+
+    if (url->psz_protocol == NULL || url->psz_host == NULL
+     || url->psz_path == NULL)
+        return false;
+    else if (!vlc_ascii_strcasecmp(url->psz_protocol, "https"))
+        secure = true;
+    else
+        secure = false;
+
+    return vlc_http_cookies_store(jar, cookies, secure, url->psz_host,
+                                  url->psz_path);
+}
+
+char *vlc_http_cookies_fetch(vlc_http_cookie_jar_t *p_jar, bool secure,
+                             const char *host, const char *path)
 {
     int i;
     char *psz_cookiebuf = NULL;
@@ -141,7 +165,7 @@ char *vlc_http_cookies_for_url( vlc_http_cookie_jar_t * p_jar, const vlc_url_t *
     for( i = 0; i < vlc_array_count( &p_jar->cookies ); i++ )
     {
         const http_cookie_t * cookie = vlc_array_item_at_index( &p_jar->cookies, i );
-        if ( cookie_should_be_sent( cookie, p_url ) )
+        if (cookie_should_be_sent(cookie, secure, host, path))
         {
             char *psz_updated_buf = NULL;
             if ( asprintf(&psz_updated_buf, "%s%s%s=%s",
@@ -165,13 +189,31 @@ char *vlc_http_cookies_for_url( vlc_http_cookie_jar_t * p_jar, const vlc_url_t *
     return psz_cookiebuf;
 }
 
-static http_cookie_t * cookie_parse( const char * cookie_header, const vlc_url_t * url )
+char *vlc_http_cookies_for_url(vlc_http_cookie_jar_t *jar,
+                               const vlc_url_t *url)
+{
+    bool secure;
+
+    if (url->psz_protocol == NULL || url->psz_host == NULL
+     || url->psz_path == NULL)
+        return NULL;
+    else if (!vlc_ascii_strcasecmp(url->psz_protocol, "https"))
+        secure = true;
+    else
+        secure = false;
+
+    return vlc_http_cookies_fetch(jar, secure, url->psz_host, url->psz_path);
+}
+
+
+static http_cookie_t *cookie_parse(const char *value,
+                                   const char *host, const char *path)
 {
     http_cookie_t *cookie = calloc( 1, sizeof( http_cookie_t ) );
     if ( unlikely( !cookie ) )
         return NULL;
 
-    char *content = cookie_get_content( cookie_header );
+    char *content = cookie_get_content(value);
     if ( !content )
     {
         cookie_destroy( cookie );
@@ -190,24 +232,24 @@ static http_cookie_t * cookie_parse( const char * cookie_header, const vlc_url_t
         cookie->psz_value = NULL;
     }
 
-    cookie->psz_domain = cookie_get_domain( cookie_header );
+    cookie->psz_domain = cookie_get_domain(value);
     if ( !cookie->psz_domain || strlen(cookie->psz_domain) == 0 )
     {
         free(cookie->psz_domain);
-        cookie->psz_domain = strdup( url->psz_host );
+        cookie->psz_domain = strdup(host);
         cookie->b_host_only = true;
     }
     else
         cookie->b_host_only = false;
 
-    cookie->psz_path = cookie_get_attribute_value( cookie_header, "path" );
+    cookie->psz_path = cookie_get_attribute_value(value, "path" );
     if ( !cookie->psz_path || strlen(cookie->psz_path) == 0 )
     {
         free(cookie->psz_path);
-        cookie->psz_path = cookie_default_path( url->psz_path );
+        cookie->psz_path = cookie_default_path(path);
     }
 
-    cookie->b_secure = cookie_has_attribute( cookie_header, "secure" );
+    cookie->b_secure = cookie_has_attribute(value, "secure" );
 
     FREENULL( content );
 
@@ -299,17 +341,18 @@ static bool cookie_has_attribute( const char * cookie, const char *attr )
     return false;
 }
 
-static bool cookie_should_be_sent( const http_cookie_t * cookie, const vlc_url_t * url )
+static bool cookie_should_be_sent(const http_cookie_t *cookie, bool secure,
+                                  const char *host, const char *path)
 {
-    bool protocol_ok = !cookie->b_secure ||
-        ( url->psz_protocol && strcasecmp(url->psz_protocol, "https") == 0 );
-    bool domain_ok = cookie_domain_matches( cookie, url->psz_host );
-    bool path_ok = cookie_path_matches( cookie, url->psz_path );
+    bool protocol_ok = secure || !cookie->b_secure;
+    bool domain_ok = cookie_domain_matches(cookie, host);
+    bool path_ok = cookie_path_matches(cookie, path);
     return protocol_ok && domain_ok && path_ok;
 }
 
 /* Check if a cookie from host should be added to the cookie jar */
-static bool cookie_is_valid( const http_cookie_t * cookie, const char *host )
+static bool cookie_is_valid(const http_cookie_t * cookie, bool secure,
+                            const char *host, const char *path)
 {
     return cookie && cookie->psz_name && strlen(cookie->psz_name) > 0 &&
         cookie->psz_domain &&

More information about the vlc-commits mailing list