Commit 720811b0 authored by Stewart Brodie's avatar Stewart Brodie
Browse files

Single character cookie names weren't being accepted as valid. They now are. ...

Single character cookie names weren't being accepted as valid.  They now are.  This means that my.yahoo.com will now work properly (at least as far as cookie support is concerned, anyway ;-)

Also fixed a bug that was yet to appear but that would have hit eventually
whereby you couldn't load more than 100 cookies from a previously saved
cookie file.

Security errors are thrown if one of the secure SWIs is called and the SSL
services are not available any more.

Several comments added to explain deviances from standards and why we need
them.

More fixes to portlist handling to allow parameter-less Port attributes to
work on cookies.
parent 4b58ee3c
......@@ -111,6 +111,7 @@ typedef struct _CookieDomain {
static CookieDomain *cookie_domain_root;
Cookie *cookie_queue_root;
static int total_cookies = 0, unread_cookies = 0;
static int loading_cookie_file = 0;
typedef enum {
......@@ -255,17 +256,23 @@ static void destroy_cookie (Cookie *cookie)
/* Function to add a cookie to the pending queue */
static void add_cookie_to_queue(Cookie *cookie)
{
int count = 0;
Cookie *list;
/* Enforce an upper limit on the number of cookies that may be held in
* the pending queue
*/
if (cookie_queue_root != NULL) {
Cookie *list;
int count = 0;
for (list=cookie_queue_root; list->next; list=list->next) ++count;
if (count > MAX_COOKIES_IN_QUEUE) {
cookie_unlink_cookie(&list, list->next);
destroy_cookie(list->next);
if (loading_cookie_file) {
/* Periodic flush of the queue when loading our cookie file! */
move_cookies_from_queue_to_list(0);
}
else {
cookie_unlink_cookie(&list, list->next);
destroy_cookie(list->next);
}
}
}
......@@ -555,8 +562,8 @@ static void write_cookies_format_2(FILE *fp)
/* Finally write the expiry and last access times */
fprintf(fp,"\t%x\t%x\n",(int)cookie->expires,(int)cookie->last_access);
#ifdef TRACE
cookie_debug("Expiry date being written to file (hex): %i\n",cookie->expires);
cookie_debug("Expiry date being written to file: %s\n",ctime(&cookie->expires));
cookie_debug("Expiry date being written to file: (hex) %08x (string) %s\n",
cookie->expires, ctime(&cookie->expires));
#endif
}
}
......@@ -626,10 +633,14 @@ static char *cookie_look_for_cookies(char *domain, char *path, Session *ses)
const time_t current_time = time(NULL);
char *buffer = NULL;
/* StB: This function is now far more efficient. It avoids allocating huge buffers of RMA unless
/* SNB: This function is now far more efficient. It avoids allocating huge buffers of RMA unless
* it actually finds that it needs one at all. It does this by setting the buffer pointer to NULL
* initially and then relying on the buffer extender to allocate memory as required. The extender
* now uses realloc, so it can take advantage of the property "realloc(NULL,size) == malloc(size)".
*
* Note that this function always returns NULL and has done ever since the proper header management
* code was added to the module. Cookie headers are added directly to the header list when they
* are located.
*/
for (cookie_domain = cookie_domain_root; cookie_domain; cookie_domain = cookie_domain->next) {
......@@ -780,6 +791,10 @@ char *send_cookies_to_domain (Session *s)
cookie_debug("Entering send_cookies_to_domain...domain %s path `%s'\n", domain, path);
#endif
/* Return value is ignored nowadays - used to be a buffer that needed to be returned to
* caller containing cookies for this session. Now we pretend that there weren't any
* ever because they have already been added in directly.
*/
(void) cookie_look_for_cookies(domain, path, s);
#ifdef TRACE
......@@ -1416,11 +1431,15 @@ static int cookie_get_next_arg(char **pcp, char **val, char **pep, char*term)
*val = 0;
*pep = 0;
if (!*pcp) return 0;
while (isspace(*cp) && *cp) ++cp;
while (isspace(*cp) && *cp) ++cp; /* strip leading spaces */
if (!*cp) return 0; /* no more args */
cm = strchr(cp, ','); /* look for cookie separator */
sc = strchr(cp, ';');
sc = strchr(cp, ';'); /* Look for attribute separateor */
if (cm) {
/* Unfortunately, some servers send dates containing commas and don't bother
* to quote them. So we look at the text before the comma to see if it looks
* like a day name. Thanks server vendors.
*/
if (sc && cm>sc) cm = 0;
else if (cookie_looks_like_day_name(cp, cm)) {
/* Comma appears before ; - need to quickly check unquoted dates */
......@@ -1448,8 +1467,11 @@ static int cookie_get_next_arg(char **pcp, char **val, char **pep, char*term)
*sc = 0; /* delimit it */
tp = sc - 1;
while (isspace(*tp) && *tp && tp > cp) --tp;
if (tp == cp) return 0; /* nothing? confused :-( */
if (*tp == '\"' && *cp == '\"') {
/* Following line used to (pre-0.80) incorrectly discarding single-letter cookie names
* which is, to say the least, unfortunate for my.yahoo.com users :-/
*/
if (isspace(*tp)) return 0; /* nothing? confused :-( */
if (*tp == '\"' && *cp == '\"' && tp != cp) {
++cp;
tp[-1] = 0;
}
......@@ -1517,7 +1539,8 @@ static void act_on_cookie(char *string, Session *s, char *host, char *path)
}
#ifdef TRACE
cookie_debug("act_on_cookie: Now entering function...\n>> %s\n", string);
cookie_debug("act_on_cookie: Now entering function...\n");
cookie_debug("%s\n", string);
cookie_debug("act_on_cookie: Checking host `%s' and path `%s'\n", host, path);
#endif
current_cookie = NULL;
......@@ -1673,7 +1696,9 @@ void move_cookies_from_queue_to_list(int check_variable)
insert_cookie_into_list(cookie);
}
write_cookies_to_file();
if (!loading_cookie_file) {
write_cookies_to_file();
}
}
/* StB added this function to centralise the data file reading activities. This one works.
......@@ -1859,6 +1884,7 @@ void read_cookie_file(void)
cookie_queue_root = NULL;
total_cookies = 0;
unread_cookies = 0;
loading_cookie_file = 1;
act_on_cookie(0, 0, 0, 0); /* Trapped specially to init static data */
/* Open the file to be read, and get the format type of file */
......@@ -1870,6 +1896,7 @@ void read_cookie_file(void)
#ifdef TRACE
cookie_debug("Unable to open cookies from " COOKIE_FILE_NAME "\n");
#endif
loading_cookie_file = 0;
return;
}
}
......@@ -1882,6 +1909,7 @@ void read_cookie_file(void)
fclose(fp);
move_cookies_from_queue_to_list (0);
loading_cookie_file = 0;
#ifdef TRACE
cookie_debug("Leaving read_cookie_file.\n");
#endif
......
......@@ -354,16 +354,36 @@ static _kernel_oserror *swi_handler_2(int swi_offset, _kernel_swi_regs *r, void
/* Generic security protocol module SWIs */
case HTTP_SecureGetData - HTTP_00:
return(https_start(r));
if (security_ssl_available()) {
return(https_start(r));
}
else {
return(make_error(HTTP_NO_SECURITY, 0));
}
case HTTP_SecureStatus - HTTP_00:
return(https_status(r));
if (security_ssl_available()) {
return(https_status(r));
}
else {
return(make_error(HTTP_NO_SECURITY, 0));
}
case HTTP_SecureReadData - HTTP_00:
return(https_readdata(r));
if (security_ssl_available()) {
return(https_readdata(r));
}
else {
return(make_error(HTTP_NO_SECURITY, 0));
}
case HTTP_SecureStop - HTTP_00:
return(https_stop(r));
if (security_ssl_available()) {
return(https_stop(r));
}
else {
return(make_error(HTTP_NO_SECURITY, 0));
}
/* HTTP specific SWIs (at the upper end of the SWI range */
#ifdef COOKIE
......
......@@ -21,7 +21,7 @@
title-string: AcornHTTP
; Version information
help-string: Acorn_HTTP 0.79
help-string: Acorn_HTTP 0.80
; Initialisation routine.
initialisation-code: module_init
......@@ -55,4 +55,4 @@ service-call-handler: service_handler &83E00 &83E02
vector-handlers: callevery_entry/callevery_handler,
callback_entry/callback_handler
date-string: 09 Apr 1998
date-string: 21 Apr 1998
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment