public/browser
1
0
Fork 0
mirror of https://github.com/lightpanda-io/browser.git synced 2026-03-22 12:44:43 +00:00
Code Issues Actions 5 Packages Projects Releases Wiki Activity

protect against long invalid samesite cookie values

Browse Source
This commit is contained in:
Karl Seguin
2026-02-17 19:09:29 +08:00
parent 687c17bbe2
commit 7e097482bc
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/browser/webapi/storage/Cookie.zig
View File

@@ -83,7 +83,7 @@ pub fn parse(allocator: Allocator, url: [:0]const u8, str: []const u8) !Cookie {
const sep = std.mem.indexOfScalarPos(u8, attribute, 0, '=') orelse attribute.len; const sep = std.mem.indexOfScalarPos(u8, attribute, 0, '=') orelse attribute.len;
const key_string = trim(attribute[0..sep]); const key_string = trim(attribute[0..sep]);
if (key_string.len > 8) { if (key_string.len > scrap.len) {
// not valid, ignore // not valid, ignore
continue; continue;
} }
@@ -107,6 +107,9 @@ pub fn parse(allocator: Allocator, url: [:0]const u8, str: []const u8) !Cookie {
.expires => expires = value, .expires => expires = value,
.httponly => http_only = true, .httponly => http_only = true,
.samesite => { .samesite => {
if (value.len > scrap.len) {
continue;
}
same_site = std.meta.stringToEnum(Cookie.SameSite, std.ascii.lowerString(&scrap, value)) orelse continue; same_site = std.meta.stringToEnum(Cookie.SameSite, std.ascii.lowerString(&scrap, value)) orelse continue;
}, },
} }