RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-27 01:37:36 +00:00
Code Issues Activity Actions

LibWeb: Impose a sane max cookie size

Browse source 
Drop cookies larger than 4KiB. This value is the RFC's recommendation:
https://tools.ietf.org/html/rfc6265#section-6.1
This commit is contained in:
Timothy Flynn 2021-04-15 08:44:59 -04:00 committed by Andreas Kling
parent da92c0e1ca
commit 67884f6747
2 changed files with 13 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
Userland/Libraries/LibWeb/Cookie/ParsedCookie.cpp
View file

@ -30,6 +30,8 @@
namespace Web::Cookie {
static constexpr size_t s_max_cookie_size = 4096;
static void parse_attributes(ParsedCookie& parsed_cookie, StringView unparsed_attributes);
static void process_attribute(ParsedCookie& parsed_cookie, StringView attribute_name, StringView attribute_value);
static void on_expires_attribute(ParsedCookie& parsed_cookie, StringView attribute_value);
@ -43,6 +45,10 @@ static Optional<Core::DateTime> parse_date_time(StringView date_string);
Optional<ParsedCookie> parse_cookie(const String& cookie_string)
{
// https://tools.ietf.org/html/rfc6265#section-5.2
if (cookie_string.length() > s_max_cookie_size)
return {};
StringView name_value_pair;
StringView unparsed_attributes;