cookies: Add support for Mozilla's Publix Suffix List

Use libpsl to check the domain value of Set-Cookie headers (and cookie jar entries) for not being a Publix Suffix. The configure script checks for "libpsl" by default. Disable the check with --without-libpsl. Ref: https://publicsuffix.org/ Ref: https://github.com/publicsuffix/list Ref: https://github.com/rockdaboot/libpsl
2015-09-29 11:33:01 +02:00
parent 684816cd9b
commit e77b5b7453
7 changed files with 134 additions and 1 deletions
--- a/lib/cookie.c
+++ b/lib/cookie.c
@@ -84,6 +84,10 @@ Example set of cookies:

 #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES)

+#ifdef USE_LIBPSL
+# include <libpsl.h>
+#endif
+
 #include "curl_printf.h"
 #include "urldata.h"
 #include "cookie.h"
@@ -379,6 +383,10 @@ Curl_cookie_add(struct SessionHandle *data,
  bool replace_old = FALSE;
  bool badcookie = FALSE; /* cookies are good by default. mmmmm yummy */

+#ifdef USE_LIBPSL
+  const psl_ctx_t *psl;
+#endif
+
 #ifdef CURL_DISABLE_VERBOSE_STRINGS
  (void)data;
 #endif
@@ -777,6 +785,19 @@ Curl_cookie_add(struct SessionHandle *data,
  /* at first, remove expired cookies */
  remove_expired(c);

+#ifdef USE_LIBPSL
+  /* Check if the domain is a Public Suffix and if yes, ignore the cookie.
+     This needs a libpsl compiled with builtin data. */
+  if(co->domain && !isip(co->domain) && (psl = psl_builtin()) != NULL) {
+    if(psl_is_public_suffix(psl, co->domain)) {
+      infof(data, "cookie '%s' dropped, domain '%s' is a public suffix\n",
+            co->name, co->domain);
+      freecookie(co);
+      return NULL;
+    }
+  }
+#endif
+
  clist = c->cookies;
  replace_old = FALSE;
  while(clist) {