From 67884f6747fef572a5984a6c690abf96d898530d Mon Sep 17 00:00:00 2001 From: Timothy Flynn Date: Thu, 15 Apr 2021 08:44:59 -0400 Subject: [PATCH] LibWeb: Impose a sane max cookie size Drop cookies larger than 4KiB. This value is the RFC's recommendation: https://tools.ietf.org/html/rfc6265#section-6.1 --- Base/res/html/misc/cookie.html | 7 +++++++ Userland/Libraries/LibWeb/Cookie/ParsedCookie.cpp | 6 ++++++ 2 files changed, 13 insertions(+) diff --git a/Base/res/html/misc/cookie.html b/Base/res/html/misc/cookie.html index c0531b11cb..23359e32ac 100644 --- a/Base/res/html/misc/cookie.html +++ b/Base/res/html/misc/cookie.html @@ -14,6 +14,8 @@
+
+

Unretrievable cookies (the browser should accept these but not display them):

@@ -31,6 +33,11 @@ document.getElementById('cookies').innerHTML = document.cookie; } + function setTooLargeCookie() { + const cookie = 'name=' + 'x'.repeat(4 << 10); + setCookie(cookie); + } + document.getElementById('cookies').innerHTML = document.cookie; diff --git a/Userland/Libraries/LibWeb/Cookie/ParsedCookie.cpp b/Userland/Libraries/LibWeb/Cookie/ParsedCookie.cpp index a2274a25c8..8f4b7e058e 100644 --- a/Userland/Libraries/LibWeb/Cookie/ParsedCookie.cpp +++ b/Userland/Libraries/LibWeb/Cookie/ParsedCookie.cpp @@ -30,6 +30,8 @@ namespace Web::Cookie { +static constexpr size_t s_max_cookie_size = 4096; + static void parse_attributes(ParsedCookie& parsed_cookie, StringView unparsed_attributes); static void process_attribute(ParsedCookie& parsed_cookie, StringView attribute_name, StringView attribute_value); static void on_expires_attribute(ParsedCookie& parsed_cookie, StringView attribute_value); @@ -43,6 +45,10 @@ static Optional parse_date_time(StringView date_string); Optional parse_cookie(const String& cookie_string) { // https://tools.ietf.org/html/rfc6265#section-5.2 + + if (cookie_string.length() > s_max_cookie_size) + return {}; + StringView name_value_pair; StringView unparsed_attributes;