RESOLVED FIXED 95381
[BlackBerry] Modifying how IP domains are handled in Cookies 
https://bugs.webkit.org/show_bug.cgi?id=95381
Summary [BlackBerry] Modifying how IP domains are handled in Cookies
otcheung
Reported 2012-08-29 14:37:36 PDT
Previous implementation was dealing with IP addresses like a regular domain. This led to possible cross domain attacks. This patch fixes this problem.
Attachments
Patch (14.42 KB, patch)
2012-08-29 14:43 PDT, otcheung 		no flags
DetailsFormatted DiffDiff
Patch (14.90 KB, patch)
2012-08-30 08:24 PDT, otcheung 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
otcheung
Comment 1 2012-08-29 14:43:28 PDT
Created attachment 161320 [details] Patch
Rob Buis
Comment 2 2012-08-30 07:30:33 PDT
Comment on attachment 161320 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=161320&action=review Looks good, still cleanup to do. > Source/WebCore/platform/blackberry/CookieManager.h:117 > + CookieMap* findOrCreateCookieMap(CookieMap* protocolMap, const String& domain, bool isDomainIPAddress, bool findOnly); This would be better to just use candidateCookie. And I think passing by const & is preferred then to *. > Source/WebCore/platform/blackberry/ParsedCookie.h:66 > + void setDomain(const String& domain, bool domainIsIPAddress = false) { m_domain = domain.lower(); m_domainIsIPAddress= domainIsIPAddress; } Please add a space character before =.
otcheung
Comment 3 2012-08-30 08:24:27 PDT
Created attachment 161476 [details] Patch
Rob Buis
Comment 4 2012-08-30 08:29:17 PDT
Comment on attachment 161476 [details] Patch Looks good.
WebKit Review Bot
Comment 5 2012-08-30 09:11:51 PDT
Comment on attachment 161476 [details] Patch Clearing flags on attachment: 161476 Committed r127150: <http://trac.webkit.org/changeset/127150>
WebKit Review Bot
Comment 6 2012-08-30 09:11:54 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.