From 39c25357c621bf11c700ed268e5ef27e0eaf2160 Mon Sep 17 00:00:00 2001 From: MK Date: Wed, 17 Oct 2018 12:48:23 -0400 Subject: [PATCH] Skip extensions in SetCookie parser #1049 (#1050) --- .../SetCookieHeaderValue.cs | 14 ++++++++++---- .../SetCookieHeaderValueTest.cs | 12 ++++++++++++ 2 files changed, 22 insertions(+), 4 deletions(-) diff --git a/src/Microsoft.Net.Http.Headers/SetCookieHeaderValue.cs b/src/Microsoft.Net.Http.Headers/SetCookieHeaderValue.cs index f3477648de..74b5c6c48c 100644 --- a/src/Microsoft.Net.Http.Headers/SetCookieHeaderValue.cs +++ b/src/Microsoft.Net.Http.Headers/SetCookieHeaderValue.cs @@ -452,9 +452,15 @@ namespace Microsoft.Net.Http.Headers result.HttpOnly = true; } // extension-av = - else - { - // TODO: skip it? Store it in a list? + else + { + // TODO: skiping it for now to avoid parsing failure? Store it in a list? + // = (no spaces) + if (!ReadEqualsSign(input, ref offset)) + { + return 0; + } + ReadToSemicolonOrEnd(input, ref offset); } } @@ -520,4 +526,4 @@ namespace Microsoft.Net.Http.Headers ^ HttpOnly.GetHashCode(); } } -} \ No newline at end of file +} diff --git a/test/Microsoft.Net.Http.Headers.Tests/SetCookieHeaderValueTest.cs b/test/Microsoft.Net.Http.Headers.Tests/SetCookieHeaderValueTest.cs index 9a920f40d0..058f8d4bd9 100644 --- a/test/Microsoft.Net.Http.Headers.Tests/SetCookieHeaderValueTest.cs +++ b/test/Microsoft.Net.Http.Headers.Tests/SetCookieHeaderValueTest.cs @@ -365,6 +365,18 @@ namespace Microsoft.Net.Http.Headers Assert.Equal(cookies, results); } + [Fact] + public void SetCookieHeaderValue_TryParse_SkipExtensionValues() + { + string cookieHeaderValue = "cookiename=value; extensionname=value;"; + + SetCookieHeaderValue setCookieHeaderValue; + + SetCookieHeaderValue.TryParse(cookieHeaderValue, out setCookieHeaderValue); + + Assert.Equal("value", setCookieHeaderValue.Value); + } + [Theory] [MemberData(nameof(ListOfSetCookieHeaderDataSet))] public void SetCookieHeaderValue_ParseStrictList_AcceptsValidValues(IList cookies, string[] input)