fd = -1;
for(i=0; i<50; i++){
- if((fd = create(jar->lockfile, OWRITE, DMEXCL|0666)) < 0){
+ if((fd = create(jar->lockfile, OWRITE, DMEXCL|0600)) < 0){
sleep(100);
continue;
}
purgejar(jar);
if(dowrite){
- b = Bopen(jar->file, OTRUNC|OWRITE);
- if(b == nil){
+ i = create(jar->file, OWRITE, 0600);
+ if(i < 0 || (b = Bfdopen(i, OWRITE)) == nil){
if(debug)
fprint(2, "Bopen write %s: %r", jar->file);
+ if(i >= 0)
+ close(i);
close(fd);
return -1;
}
return 0;
}
+void
+closejar(Jar *jar)
+{
+ int i;
+
+ if(jar == nil)
+ return;
+ expirejar(jar, 0);
+ if(jar->dirty)
+ if(syncjar(jar) < 0)
+ fprint(2, "warning: cannot rewrite cookie jar: %r\n");
+
+ for(i=0; i<jar->nc; i++)
+ freecookie(&jar->c[i]);
+
+ free(jar->lockfile);
+ free(jar->file);
+ free(jar->c);
+ free(jar);
+}
+
Jar*
readjar(char *file)
{
Jar *jar;
jar = newjar();
+ file = estrdup9p(file);
lock = emalloc9p(strlen(file)+10);
strcpy(lock, file);
if((p = strrchr(lock, '/')) != nil)
jar->dirty = 0;
if(syncjar(jar) < 0){
- free(jar->file);
- free(jar->lockfile);
- free(jar);
+ closejar(jar);
return nil;
}
return jar;
}
-void
-closejar(Jar *jar)
-{
- int i;
-
- if(jar == nil)
- return;
- expirejar(jar, 0);
- if(syncjar(jar) < 0)
- fprint(2, "warning: cannot rewrite cookie jar: %r\n");
-
- for(i=0; i<jar->nc; i++)
- freecookie(&jar->c[i]);
-
- free(jar->file);
- free(jar->c);
- free(jar);
-}
/*
* Domain name matching is per RFC2109, section 2:
{
int lname, lpattern;
- if(cistrcmp(name, pattern)==0)
+ if(cistrcmp(name, pattern + (pattern[0]=='.'))==0)
return 1;
if(strcmp(ipattr(name), "dom")==0 && pattern[0]=='.'){
if(c->explicitdom && c->dom[0] != '.')
return "cookie domain doesn't start with dot";
- if(memchr(c->dom+1, '.', strlen(c->dom)-1-1) == nil)
+ if(strlen(c->dom)<=2 || memchr(c->dom+1, '.', strlen(c->dom)-2) == nil)
return "cookie domain doesn't have embedded dots";
if(!isdomainmatch(dom, c->dom))
return "request host does not match cookie domain";
- if(strcmp(ipattr(dom), "dom")==0
+ if(strcmp(ipattr(dom), "dom")==0 && strlen(dom)>strlen(c->dom)
&& memchr(dom, '.', strlen(dom)-strlen(c->dom)) != nil)
return "request host contains dots before cookie domain";
return -1;
}
- tm.hour = atoi(s);
- tm.min = atoi(s+3);
- tm.sec = atoi(s+6);
+ tm.hour = strtol(s, 0, 10);
+ tm.min = strtol(s+3, 0, 10);
+ tm.sec = strtol(s+6, 0, 10);
if(tm.hour >= 24 || tm.min >= 60 || tm.sec >= 60){
if(debug)
fprint(2, "invalid time (%s)\n", os);
if(c->dom){
/* add leading dot for explicit domain */
if(c->dom[0] != '.' && strcmp(ipattr(c->dom), "dom") == 0){
- static char *ddom = nil;
+ static char ddom[1024];
- ddom = realloc(ddom, strlen(c->dom)+2);
- if(ddom != nil){
- ddom[0] = '.';
- strcpy(ddom+1, c->dom);
- c->dom = ddom;
- }
+ ddom[0] = '.';
+ ddom[sizeof(ddom)-1] = '\0';
+ strncpy(ddom+1, c->dom, sizeof(ddom)-2);
+ c->dom = ddom;
}
c->explicitdom = 1;
}else
c->dom = dom;
if(c->path)
c->explicitpath = 1;
- else{
- c->path = path;
- if((t = strchr(c->path, '#')) != 0)
- *t = '\0';
- if((t = strchr(c->path, '?')) != 0)
- *t = '\0';
- if((t = strrchr(c->path, '/')) != 0)
- *t = '\0';
+ else {
+ static char dpath[1024];
+
+ /* implicit path is "directory" of request-uri's path component */
+ dpath[sizeof(dpath)-1] = '\0';
+ strncpy(dpath, path, sizeof(dpath)-1);
+ if((t = strrchr(dpath, '/')) != nil)
+ t[1] = '\0';
+ c->path = dpath;
}
c->netscapestyle = isns;
p = strchr(buf+hlen, '/');
if(p == nil)
a->path = estrdup9p("/");
- else{
+ else {
a->path = estrdup9p(p);
*p = '\0';
+
+ if((p = strchr(a->path, '#')) != nil)
+ *p = '\0';
+ if((p = strchr(a->path, '?')) != nil)
+ *p = '\0';
}
a->dom = estrdup9p(buf+hlen);
a->state = HaveUrl;
}
}
snprint(a->outhttp, AuxBuf, "%J", j);
- if(j)
- closejar(j);
+ closejar(j);
}else{
if(strlen(a->inhttp)+r->ifcall.count >= AuxBuf){
respond(r, "http headers too large");
delcookie(jar, &jar->c[i]);
break;
}
- syncjar(jar);
+ if(jar->dirty)
+ syncjar(jar);
free(a->dom);
free(a->path);
free(a->inhttp);
main(int argc, char **argv)
{
char *file, *mtpt, *home, *srv;
- int fd;
file = nil;
srv = nil;
strcpy(file, home);
strcat(file, "/lib/webcookies");
}
- if(access(file, AEXIST) < 0){
- if((fd = create(file, OWRITE, 0600)) < 0)
- sysfatal("create %s: %r", file);
- close(fd);
- }
-
+
jar = readjar(file);
if(jar == nil)
sysfatal("readjar: %r");