Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

parse http.Cookie failure for base64 encoded string #23220

Open
sredrv opened this issue Dec 20, 2024 · 1 comment
Open

parse http.Cookie failure for base64 encoded string #23220

sredrv opened this issue Dec 20, 2024 · 1 comment
Labels
Bug This tag is applied to issues which reports bugs. Unit: vlib Bugs/feature requests, that are related to the vlib.

Comments

@sredrv
Copy link

sredrv commented Dec 20, 2024

Describe the bug

The following cookie header received as part of http.Response, failed to be parsed, resulting in 'malformed cookie' error.
fn (r Response) cookies() []Cookie => call did not return 'enctoken' as a cookie, since deep inside parsing failed for base64 encoded string.

Set-Cookie: enctoken=Ln0kBnAaAyYFQ8lH7d5J8Y5w1/iyDRpj6d0nBLTbBUMbtEyPD32rPvpApsvxhLJWlkHuHT3KYL0g/xNBxC9od5tMFAgurLxKdRd5lZ6Pd7W+SllkbsXmUA==; path=/; secure; SameSite=None

Reproduction Steps

base64 encoded strings may end with '=='. While parsing, for key=value pair, the extra '==' at the end, needs to be taken care of.

Expected Behavior

'enctoken' to be parsed and its value to be returned.

Current Behavior

While parsing, we get 'malformed cookie' error.

Possible Solution

$ git diff vlib/net/http/cookie.v
diff --git a/vlib/net/http/cookie.v b/vlib/net/http/cookie.v
index c6ef7af7a..d95733376 100644
--- a/vlib/net/http/cookie.v
+++ b/vlib/net/http/cookie.v
@@ -313,11 +313,11 @@ fn parse_cookie(line string) !Cookie {
}
parts[0] = parts[0].trim_space()
keyval := parts[0].split('=')

  •   if keyval.len != 2 {
    
  •   if keyval.len < 2 {
              return error('malformed cookie')
      }
      name := keyval[0]
    
  •   raw_value := keyval[1]
    
  •   raw_value := keyval[1..].join('=')
      if !is_cookie_name_valid(name) {
              return error('malformed cookie')
      }
    

Additional Information/Context

No response

V version

0.4.8 903e349

Environment details (OS name and version, etc.)

OS: Linux, Kernel: 6.6.59
Gcc: 12.3.0

Note

You can use the 👍 reaction to increase the issue's priority for developers.

Please note that only the 👍 reaction to the issue itself counts as a vote.
Other reactions and those to comments will not be taken into account.

@sredrv sredrv added the Bug This tag is applied to issues which reports bugs. label Dec 20, 2024
@felipensp
Copy link
Member

If you have a patch for it, please create a pull request.

@felipensp felipensp added the Unit: vlib Bugs/feature requests, that are related to the vlib. label Dec 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Bug This tag is applied to issues which reports bugs. Unit: vlib Bugs/feature requests, that are related to the vlib.
Projects
None yet
Development

No branches or pull requests

2 participants