diff options
author | Alexander Köplinger <alex.koeplinger@outlook.com> | 2017-09-29 02:19:09 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-09-29 02:19:09 +0300 |
commit | e3685c4c9aad38851097cff877dc0fb7ed47ab10 (patch) | |
tree | 77e4b3fce25c6270e4332dee1a3f198ee0d21676 /mcs/class/System | |
parent | a17ae9ec7447555f1331b4831573ce66ffb01259 (diff) |
[System] HttpListenerRequest: ignore bad cookies and keep request alive (#5657)
HttpRequestListener throws on incorrect cookie name. It throws CookieException ("Name contains invalid characters"). There are many cookies out there that unfortunately do not conform to the guidelines and HttpRequestListener will kill the request in such a case. The .Net framework under windows lets the request through however.
Included is a patch HttpListenerRequest as well as a test with a bad cookie name.
I have tested this under linux(master branch) and .net (4.0), they now both have the same behavior.
Diffstat (limited to 'mcs/class/System')
-rw-r--r-- | mcs/class/System/System.Net/HttpListenerRequest.cs | 22 | ||||
-rw-r--r-- | mcs/class/System/Test/System.Net/HttpListenerRequestTest.cs | 12 |
2 files changed, 25 insertions, 9 deletions
diff --git a/mcs/class/System/System.Net/HttpListenerRequest.cs b/mcs/class/System/System.Net/HttpListenerRequest.cs index 2a690b0e3b2..e351807aa3b 100644 --- a/mcs/class/System/System.Net/HttpListenerRequest.cs +++ b/mcs/class/System/System.Net/HttpListenerRequest.cs @@ -330,16 +330,20 @@ namespace System.Net { if (current != null) { cookies.Add (current); } - current = new Cookie (); - int idx = str.IndexOf ('='); - if (idx > 0) { - current.Name = str.Substring (0, idx).Trim (); - current.Value = str.Substring (idx + 1).Trim (); - } else { - current.Name = str.Trim (); - current.Value = String.Empty; + try { + current = new Cookie (); + int idx = str.IndexOf ('='); + if (idx > 0) { + current.Name = str.Substring (0, idx).Trim (); + current.Value = str.Substring (idx + 1).Trim (); + } else { + current.Name = str.Trim (); + current.Value = String.Empty; + } + current.Version = version; + } catch (CookieException) { + current = null; } - current.Version = version; } } if (current != null) { diff --git a/mcs/class/System/Test/System.Net/HttpListenerRequestTest.cs b/mcs/class/System/Test/System.Net/HttpListenerRequestTest.cs index 2f24f73ec0d..2066cc6a6db 100644 --- a/mcs/class/System/Test/System.Net/HttpListenerRequestTest.cs +++ b/mcs/class/System/Test/System.Net/HttpListenerRequestTest.cs @@ -285,7 +285,19 @@ namespace MonoTests.System.Net var request = (HttpWebRequest)WebRequest.Create (prefix); var rsp = request.GetResponseAsync (); Assert.IsFalse (rsp.Wait (1000), "Don't send on empty write"); + } + [Test] + public void HttpRequestIgnoreBadCookies () + { + var port = NetworkHelpers.FindFreePort (); + HttpListener listener = HttpListener2Test.CreateAndStartListener ( + "http://127.0.0.1:" + port + "/HttpRequestIgnoreBadCookiesTest/"); + NetworkStream ns = HttpListener2Test.CreateNS (port); + HttpListener2Test.Send (ns, "GET /HttpRequestIgnoreBadCookiesTest/?a=b HTTP/1.1\r\nHost: 127.0.0.1\r\nCookie: ELOQUA=GUID=5ca2346347357f4-f877-4eff-96aa-70fe0b677650; ELQSTATUS=OK; WRUID=609099666.123259461695; CommunityServer-UserCookie2101=lv=Thu, 26 Jul 2012 15:25:11 GMT&mra=Mon, 01 Oct 2012 17:40:05 GMT; PHPSESSID=1234dg3opfjb4qafp0oo645; __utma=9761706.1153317537.1357240270.1357240270.1357317902.2; __utmb=9761706.6.10.1357317902; __utmc=9761706; __utmz=9761706.1357240270.1.1.utmcsr=test.testdomain.com|utmccn=(referral)|utmcmd=referral|utmcct=/test/1234\r\n\r\n"); + HttpListenerContext ctx = listener.GetContext (); + HttpListenerRequest request = ctx.Request; + Assert.AreEqual ("/HttpRequestIgnoreBadCookiesTest/?a=b", request.Url.PathAndQuery); listener.Close (); } } |