[vlc-devel] [PATCH 4/5] access/http: Send Secure cookies only on https connections

Antti Ajanki antti.ajanki at iki.fi
Tue Jul 22 12:09:05 CEST 2014


---
 modules/access/http.c |   42 +++++++++++++++++++++++++++++++++++++-----
 1 file changed, 37 insertions(+), 5 deletions(-)

diff --git a/modules/access/http.c b/modules/access/http.c
index 75d871b..bdfb95a 100644
--- a/modules/access/http.c
+++ b/modules/access/http.c
@@ -195,6 +195,7 @@ typedef struct http_cookie_t
     char *psz_domain;
     char *psz_path;
     bool b_host_only;
+    bool b_secure;
 } http_cookie_t;
 
 /* */
@@ -218,8 +219,10 @@ static void cookie_destroy( http_cookie_t * cookie );
 static char * cookie_get_content( const char * cookie );
 static char * cookie_get_domain( const char * cookie );
 static char * cookie_get_attribute_value( const char * cookie, const char *attr );
+static bool cookie_has_attribute( const char * cookie, const char *attr );
 static void cookie_append( vlc_array_t * cookies, http_cookie_t * cookie );
 static bool cookie_is_valid( const http_cookie_t * cookie, const char *host );
+static bool cookie_should_be_sent( const http_cookie_t * cookie, const vlc_url_t * url );
 static bool cookie_domain_matches( const http_cookie_t * cookie, const char *host );
 static bool cookie_path_matches( const http_cookie_t * cookie, const char *path );
 static bool cookie_domain_is_public_suffix( const char *domain );
@@ -1208,11 +1211,7 @@ static int Request( access_t *p_access, uint64_t i_tell )
         for( i = 0; i < vlc_array_count( p_sys->cookies ); i++ )
         {
             const http_cookie_t * cookie = vlc_array_item_at_index( p_sys->cookies, i );
-
-            bool is_in_right_domain = cookie_domain_matches( cookie, p_sys->url.psz_host );
-            bool is_in_right_path = cookie_path_matches( cookie, p_sys->url.psz_path );
-
-            if( is_in_right_domain && is_in_right_path )
+            if( cookie_should_be_sent( cookie, &p_sys->url) )
             {
                 msg_Dbg( p_access, "Sending Cookie %s=%s", cookie->psz_name, cookie->psz_value );
                 if( net_Printf( p_access, p_sys->fd, pvs, "Cookie: %s=%s\r\n", cookie->psz_name, cookie->psz_value ) < 0 )
@@ -1637,6 +1636,8 @@ static http_cookie_t * cookie_parse( const char * cookie_header, const vlc_url_t
         cookie->psz_path = cookie_default_path( url->psz_path );
     }
 
+    cookie->b_secure = cookie_has_attribute( cookie_header, "secure" );
+
     if ( !cookie->psz_name || !cookie->psz_value ||
          !cookie->psz_domain || !cookie->psz_path )
     {
@@ -1718,6 +1719,29 @@ static char * cookie_get_attribute_value( const char * cookie, const char *attr
     return NULL;
 }
 
+static bool cookie_has_attribute( const char * cookie, const char *attr )
+{
+    if( !cookie )
+        return false;
+
+    size_t attrlen = strlen(attr);
+    const char * str = strchr(cookie, ';');
+    while( str )
+    {
+        /* skip ; */
+        str++;
+
+        /* skip blank */
+        while( *str && *str == ' ' ) str++;
+
+        if( !strncasecmp( str, attr, attrlen ) )
+            return true;
+
+        str = strchr(str, ';');
+    }
+    return false;
+}
+
 /* Add a cookie in cookies */
 static void cookie_append( vlc_array_t * cookies, http_cookie_t * cookie )
 {
@@ -1757,6 +1781,14 @@ static bool cookie_is_valid( const http_cookie_t * cookie, const char *host )
         cookie_domain_matches(cookie, host);
 }
 
+static bool cookie_should_be_sent( const http_cookie_t * cookie, const vlc_url_t * url )
+{
+    bool protocol_ok = !cookie->b_secure || ( url->psz_protocol && strcasecmp(url->psz_protocol, "https") == 0 );
+    bool domain_ok = cookie_domain_matches( cookie, url->psz_host );
+    bool path_ok = cookie_path_matches( cookie, url->psz_path );
+    return protocol_ok && domain_ok && path_ok;
+}
+
 static bool cookie_domain_matches( const http_cookie_t * cookie, const char *host )
 {
     assert( !cookie || cookie->psz_domain );
-- 
1.7.10.4




More information about the vlc-devel mailing list