From 79b9d25eb78cb217b0a8fe90d33f14061db2a767 Mon Sep 17 00:00:00 2001
From: Krzysztof Piotr Oledzki <ole#ans.pl>
Date: Tue, 15 Dec 2009 23:40:47 +0100
Subject: BUG] config: fix erroneous check on cookie domain names, again
The previous check was correct: the RFC states that it is required to have a domain-name which contained a dot AND began with a dot. However, currently some (all?) browsers do not obey this specification, so such configuration might work.
This patch reverts 3d8fbb6658d4414dac20892bbd9e79e14e99e67f but changes the check from FATAL to WARNING and extends the message.
--- src/cfgparse.c | 8 ++++---- 1 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/cfgparse.c b/src/cfgparse.c index 61e6bfc..841f374 100644 --- a/src/cfgparse.c +++ b/src/cfgparse.c @@ -1458,13 +1458,13 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm) goto out;Received on 2009/12/15 23:42
}
- if (*args[cur_arg + 1] != '.' && !strchr(args[cur_arg + 1] + 1, '.')) { + if (*args[cur_arg + 1] != '.' || !strchr(args[cur_arg + 1] + 1, '.')) { /* rfc2109, 4.3.2 Rejecting Cookies */ Alert("parsing [%s:%d]: domain '%s' contains no embedded" - " dots and does not start with a dot.\n", + " dots nor does not start with a dot." + " RFC forbids it, this configuration may not work properly.\n", file, linenum, args[cur_arg + 1]); - err_code |= ERR_ALERT | ERR_FATAL; - goto out; + err_code |= ERR_ALERT;
}
err = invalid_domainchar(args[cur_arg + 1]); -- 1.6.4.2
This archive was generated by hypermail 2.2.0 : 2009/12/15 23:45 CET