Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-08-06 22:15:33 +01:00
Code Issues Projects Releases Packages Wiki Activity

net: Add expiry limit to cookies and prevent panics from max-age (#38376)

Browse source 
Based on RFC6256 expiration must be limited to 400 days. This also
solves a bug I found where large max-age values could cause an overflow
panic when adding.

Testing: New unit test added. There doesn't appear to be a WPT test that
relies on this under cookies/ but cookiestore/ does.

Signed-off-by: Sebastian C <sebsebmc@gmail.com>
This commit is contained in:
Sebastian C 2025-07-30 21:52:50 -05:00 committed by GitHub
parent 8194aa7c1e
commit 8008d5aa85
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 22 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

10
components/net/tests/cookie.rs
View file

@ -2,6 +2,8 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/. */
use std::time::{Duration, SystemTime};
use net::cookie::ServoCookie;
use net::cookie_storage::CookieStorage;
use net_traits::CookieSource;
@ -101,6 +103,14 @@ fn fn_cookie_constructor() {
let u = &ServoUrl::parse("http://example.com/foobar").unwrap();
let cookie = cookie::Cookie::parse("foobar=value;path=/").unwrap();
assert!(ServoCookie::new_wrapped(cookie, u, CookieSource::HTTP).is_some());
let cookie = cookie::Cookie::parse("foo=bar; max-age=99999999999999999999999999999").unwrap();
let cookie = ServoCookie::new_wrapped(cookie, u, CookieSource::HTTP).unwrap();
assert!(
cookie
.expiry_time
.is_some_and(|exp| exp < SystemTime::now() + Duration::from_secs(401 * 24 * 60 * 60))
);
}
#[test]