From: Alexander Köplinger Date: Thu, 28 Sep 2017 23:19:09 +0000 (+0200) Subject: [System] HttpListenerRequest: ignore bad cookies and keep request alive (#5657) X-Git-Url: http://wien.tomnetworks.com/gitweb/?p=mono.git;a=commitdiff_plain;h=e3685c4c9aad38851097cff877dc0fb7ed47ab10 [System] HttpListenerRequest: ignore bad cookies and keep request alive (#5657) HttpRequestListener throws on incorrect cookie name. It throws CookieException ("Name contains invalid characters"). There are many cookies out there that unfortunately do not conform to the guidelines and HttpRequestListener will kill the request in such a case. The .Net framework under windows lets the request through however. Included is a patch HttpListenerRequest as well as a test with a bad cookie name. I have tested this under linux(master branch) and .net (4.0), they now both have the same behavior. --- diff --git a/mcs/class/System/System.Net/HttpListenerRequest.cs b/mcs/class/System/System.Net/HttpListenerRequest.cs index 2a690b0e3b2..e351807aa3b 100644 --- a/mcs/class/System/System.Net/HttpListenerRequest.cs +++ b/mcs/class/System/System.Net/HttpListenerRequest.cs @@ -330,16 +330,20 @@ namespace System.Net { if (current != null) { cookies.Add (current); } - current = new Cookie (); - int idx = str.IndexOf ('='); - if (idx > 0) { - current.Name = str.Substring (0, idx).Trim (); - current.Value = str.Substring (idx + 1).Trim (); - } else { - current.Name = str.Trim (); - current.Value = String.Empty; + try { + current = new Cookie (); + int idx = str.IndexOf ('='); + if (idx > 0) { + current.Name = str.Substring (0, idx).Trim (); + current.Value = str.Substring (idx + 1).Trim (); + } else { + current.Name = str.Trim (); + current.Value = String.Empty; + } + current.Version = version; + } catch (CookieException) { + current = null; } - current.Version = version; } } if (current != null) { diff --git a/mcs/class/System/Test/System.Net/HttpListenerRequestTest.cs b/mcs/class/System/Test/System.Net/HttpListenerRequestTest.cs index 2f24f73ec0d..2066cc6a6db 100644 --- a/mcs/class/System/Test/System.Net/HttpListenerRequestTest.cs +++ b/mcs/class/System/Test/System.Net/HttpListenerRequestTest.cs @@ -285,7 +285,19 @@ namespace MonoTests.System.Net var request = (HttpWebRequest)WebRequest.Create (prefix); var rsp = request.GetResponseAsync (); Assert.IsFalse (rsp.Wait (1000), "Don't send on empty write"); + } + [Test] + public void HttpRequestIgnoreBadCookies () + { + var port = NetworkHelpers.FindFreePort (); + HttpListener listener = HttpListener2Test.CreateAndStartListener ( + "http://127.0.0.1:" + port + "/HttpRequestIgnoreBadCookiesTest/"); + NetworkStream ns = HttpListener2Test.CreateNS (port); + HttpListener2Test.Send (ns, "GET /HttpRequestIgnoreBadCookiesTest/?a=b HTTP/1.1\r\nHost: 127.0.0.1\r\nCookie: ELOQUA=GUID=5ca2346347357f4-f877-4eff-96aa-70fe0b677650; ELQSTATUS=OK; WRUID=609099666.123259461695; CommunityServer-UserCookie2101=lv=Thu, 26 Jul 2012 15:25:11 GMT&mra=Mon, 01 Oct 2012 17:40:05 GMT; PHPSESSID=1234dg3opfjb4qafp0oo645; __utma=9761706.1153317537.1357240270.1357240270.1357317902.2; __utmb=9761706.6.10.1357317902; __utmc=9761706; __utmz=9761706.1357240270.1.1.utmcsr=test.testdomain.com|utmccn=(referral)|utmcmd=referral|utmcct=/test/1234\r\n\r\n"); + HttpListenerContext ctx = listener.GetContext (); + HttpListenerRequest request = ctx.Request; + Assert.AreEqual ("/HttpRequestIgnoreBadCookiesTest/?a=b", request.Url.PathAndQuery); listener.Close (); } }