[vlc-devel] [PATCH 4/5] access/http: Send Secure cookies only on https connections
Antti Ajanki
antti.ajanki at iki.fi
Tue Jul 22 12:09:05 CEST 2014
---
modules/access/http.c | 42 +++++++++++++++++++++++++++++++++++++-----
1 file changed, 37 insertions(+), 5 deletions(-)
diff --git a/modules/access/http.c b/modules/access/http.c
index 75d871b..bdfb95a 100644
--- a/modules/access/http.c
+++ b/modules/access/http.c
@@ -195,6 +195,7 @@ typedef struct http_cookie_t
char *psz_domain;
char *psz_path;
bool b_host_only;
+ bool b_secure;
} http_cookie_t;
/* */
@@ -218,8 +219,10 @@ static void cookie_destroy( http_cookie_t * cookie );
static char * cookie_get_content( const char * cookie );
static char * cookie_get_domain( const char * cookie );
static char * cookie_get_attribute_value( const char * cookie, const char *attr );
+static bool cookie_has_attribute( const char * cookie, const char *attr );
static void cookie_append( vlc_array_t * cookies, http_cookie_t * cookie );
static bool cookie_is_valid( const http_cookie_t * cookie, const char *host );
+static bool cookie_should_be_sent( const http_cookie_t * cookie, const vlc_url_t * url );
static bool cookie_domain_matches( const http_cookie_t * cookie, const char *host );
static bool cookie_path_matches( const http_cookie_t * cookie, const char *path );
static bool cookie_domain_is_public_suffix( const char *domain );
@@ -1208,11 +1211,7 @@ static int Request( access_t *p_access, uint64_t i_tell )
for( i = 0; i < vlc_array_count( p_sys->cookies ); i++ )
{
const http_cookie_t * cookie = vlc_array_item_at_index( p_sys->cookies, i );
-
- bool is_in_right_domain = cookie_domain_matches( cookie, p_sys->url.psz_host );
- bool is_in_right_path = cookie_path_matches( cookie, p_sys->url.psz_path );
-
- if( is_in_right_domain && is_in_right_path )
+ if( cookie_should_be_sent( cookie, &p_sys->url) )
{
msg_Dbg( p_access, "Sending Cookie %s=%s", cookie->psz_name, cookie->psz_value );
if( net_Printf( p_access, p_sys->fd, pvs, "Cookie: %s=%s\r\n", cookie->psz_name, cookie->psz_value ) < 0 )
@@ -1637,6 +1636,8 @@ static http_cookie_t * cookie_parse( const char * cookie_header, const vlc_url_t
cookie->psz_path = cookie_default_path( url->psz_path );
}
+ cookie->b_secure = cookie_has_attribute( cookie_header, "secure" );
+
if ( !cookie->psz_name || !cookie->psz_value ||
!cookie->psz_domain || !cookie->psz_path )
{
@@ -1718,6 +1719,29 @@ static char * cookie_get_attribute_value( const char * cookie, const char *attr
return NULL;
}
+static bool cookie_has_attribute( const char * cookie, const char *attr )
+{
+ if( !cookie )
+ return false;
+
+ size_t attrlen = strlen(attr);
+ const char * str = strchr(cookie, ';');
+ while( str )
+ {
+ /* skip ; */
+ str++;
+
+ /* skip blank */
+ while( *str && *str == ' ' ) str++;
+
+ if( !strncasecmp( str, attr, attrlen ) )
+ return true;
+
+ str = strchr(str, ';');
+ }
+ return false;
+}
+
/* Add a cookie in cookies */
static void cookie_append( vlc_array_t * cookies, http_cookie_t * cookie )
{
@@ -1757,6 +1781,14 @@ static bool cookie_is_valid( const http_cookie_t * cookie, const char *host )
cookie_domain_matches(cookie, host);
}
+static bool cookie_should_be_sent( const http_cookie_t * cookie, const vlc_url_t * url )
+{
+ bool protocol_ok = !cookie->b_secure || ( url->psz_protocol && strcasecmp(url->psz_protocol, "https") == 0 );
+ bool domain_ok = cookie_domain_matches( cookie, url->psz_host );
+ bool path_ok = cookie_path_matches( cookie, url->psz_path );
+ return protocol_ok && domain_ok && path_ok;
+}
+
static bool cookie_domain_matches( const http_cookie_t * cookie, const char *host )
{
assert( !cookie || cookie->psz_domain );
--
1.7.10.4
More information about the vlc-devel
mailing list