From e3685c4c9aad38851097cff877dc0fb7ed47ab10 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Alexander=20K=C3=B6plinger?= Date: Fri, 29 Sep 2017 01:19:09 +0200 Subject: [PATCH] [System] HttpListenerRequest: ignore bad cookies and keep request alive (#5657) HttpRequestListener throws on incorrect cookie name. It throws CookieException ("Name contains invalid characters"). There are many cookies out there that unfortunately do not conform to the guidelines and HttpRequestListener will kill the request in such a case. The .Net framework under windows lets the request through however. Included is a patch HttpListenerRequest as well as a test with a bad cookie name. I have tested this under linux(master branch) and .net (4.0), they now both have the same behavior. --- .../System/System.Net/HttpListenerRequest.cs | 22 +++++++++++-------- .../System.Net/HttpListenerRequestTest.cs | 12 ++++++++++ 2 files changed, 25 insertions(+), 9 deletions(-) diff --git a/mcs/class/System/System.Net/HttpListenerRequest.cs b/mcs/class/System/System.Net/HttpListenerRequest.cs index 2a690b0e3b2..e351807aa3b 100644 --- a/mcs/class/System/System.Net/HttpListenerRequest.cs +++ b/mcs/class/System/System.Net/HttpListenerRequest.cs @@ -330,16 +330,20 @@ namespace System.Net { if (current != null) { cookies.Add (current); } - current = new Cookie (); - int idx = str.IndexOf ('='); - if (idx > 0) { - current.Name = str.Substring (0, idx).Trim (); - current.Value = str.Substring (idx + 1).Trim (); - } else { - current.Name = str.Trim (); - current.Value = String.Empty; + try { + current = new Cookie (); + int idx = str.IndexOf ('='); + if (idx > 0) { + current.Name = str.Substring (0, idx).Trim (); + current.Value = str.Substring (idx + 1).Trim (); + } else { + current.Name = str.Trim (); + current.Value = String.Empty; + } + current.Version = version; + } catch (CookieException) { + current = null; } - current.Version = version; } } if (current != null) { diff --git a/mcs/class/System/Test/System.Net/HttpListenerRequestTest.cs b/mcs/class/System/Test/System.Net/HttpListenerRequestTest.cs index 2f24f73ec0d..2066cc6a6db 100644 --- a/mcs/class/System/Test/System.Net/HttpListenerRequestTest.cs +++ b/mcs/class/System/Test/System.Net/HttpListenerRequestTest.cs @@ -285,7 +285,19 @@ namespace MonoTests.System.Net var request = (HttpWebRequest)WebRequest.Create (prefix); var rsp = request.GetResponseAsync (); Assert.IsFalse (rsp.Wait (1000), "Don't send on empty write"); + } + [Test] + public void HttpRequestIgnoreBadCookies () + { + var port = NetworkHelpers.FindFreePort (); + HttpListener listener = HttpListener2Test.CreateAndStartListener ( + "http://127.0.0.1:" + port + "/HttpRequestIgnoreBadCookiesTest/"); + NetworkStream ns = HttpListener2Test.CreateNS (port); + HttpListener2Test.Send (ns, "GET /HttpRequestIgnoreBadCookiesTest/?a=b HTTP/1.1\r\nHost: 127.0.0.1\r\nCookie: ELOQUA=GUID=5ca2346347357f4-f877-4eff-96aa-70fe0b677650; ELQSTATUS=OK; WRUID=609099666.123259461695; CommunityServer-UserCookie2101=lv=Thu, 26 Jul 2012 15:25:11 GMT&mra=Mon, 01 Oct 2012 17:40:05 GMT; PHPSESSID=1234dg3opfjb4qafp0oo645; __utma=9761706.1153317537.1357240270.1357240270.1357317902.2; __utmb=9761706.6.10.1357317902; __utmc=9761706; __utmz=9761706.1357240270.1.1.utmcsr=test.testdomain.com|utmccn=(referral)|utmcmd=referral|utmcct=/test/1234\r\n\r\n"); + HttpListenerContext ctx = listener.GetContext (); + HttpListenerRequest request = ctx.Request; + Assert.AreEqual ("/HttpRequestIgnoreBadCookiesTest/?a=b", request.Url.PathAndQuery); listener.Close (); } } -- 2.25.1