Bug 95381 - [BlackBerry] Modifying how IP domains are handled in Cookies
Summary: [BlackBerry] Modifying how IP domains are handled in Cookies
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit BlackBerry (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-08-29 14:37 PDT by otcheung
Modified: 2012-08-30 09:11 PDT (History)
3 users (show)

See Also:

Attachments
Patch (14.42 KB, patch)
2012-08-29 14:43 PDT, otcheung 		no flags Details | Formatted Diff | Diff
Patch (14.90 KB, patch)
2012-08-30 08:24 PDT, otcheung 		no flags Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description otcheung 2012-08-29 14:37:36 PDT 
Previous implementation was dealing with IP addresses like a regular domain. This led to possible cross domain attacks. This patch fixes this problem.
Comment 1 otcheung 2012-08-29 14:43:28 PDT 
Created attachment 161320 [details]
Patch
Comment 2 Rob Buis 2012-08-30 07:30:33 PDT 
Comment on attachment 161320 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=161320&action=review

Looks good, still cleanup to do.

> Source/WebCore/platform/blackberry/CookieManager.h:117
> +    CookieMap* findOrCreateCookieMap(CookieMap* protocolMap, const String& domain, bool isDomainIPAddress, bool findOnly);

This would be better to just use candidateCookie. And I think passing by const & is preferred then to *.

> Source/WebCore/platform/blackberry/ParsedCookie.h:66
> +    void setDomain(const String& domain, bool domainIsIPAddress = false) { m_domain = domain.lower(); m_domainIsIPAddress= domainIsIPAddress; }

Please add a space character before =.
Comment 3 otcheung 2012-08-30 08:24:27 PDT 
Created attachment 161476 [details]
Patch
Comment 4 Rob Buis 2012-08-30 08:29:17 PDT 
Comment on attachment 161476 [details]
Patch

Looks good.
Comment 5 WebKit Review Bot 2012-08-30 09:11:51 PDT 
Comment on attachment 161476 [details]
Patch

Clearing flags on attachment: 161476

Committed r127150: <http://trac.webkit.org/changeset/127150>
Comment 6 WebKit Review Bot 2012-08-30 09:11:54 PDT 
All reviewed patches have been landed.  Closing bug.