Closed Bug 1410013 Opened 7 years ago Closed 5 years ago

Unescaped non-ASCII cookies are corrupted in sessionstore

Categories

(Firefox :: Session Restore, defect, P2)

Product:
Firefox
Component:
Session Restore
Version:
57 Branch
Type:
defect

Tracking

()

Status:
VERIFIED FIXED
Milestone:
Firefox 69
Tracking Flags:
Tracking Status
firefox69 --- verified

People

(Reporter: mail, Assigned: emk)

References

(Blocks 2 open bugs)

Details

Attachments

(1 file)

Bug 1410013 - Change `aValue` parameter of `nsICookieManager.add` to `AUTF8String` to align with `nsICookie` change. r?ehsan
47 bytes, text/x-phabricator-request
Details | Review 
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0
Build ID: 20171016185129

Steps to reproduce:

1. Configure Firefox to restore tabs on restart
2. Visit https://pal.jan-melcher.de/firefox/cookie-bug/
3. Open Page Info > Cookies and verify pwcount is set to ”+ 1
4. Restart Firefox
5. Select tab again *without* hitting Refresh and open cookie list again


Actual results:

pwcount cookie is + 1


Expected results:

pwcount is ”+ 1

---

The website consists of this simple php file:

<?php
header("Set-Cookie: pwcount=\xe2\x80\x9d\x2b\x20\x31");
echo 'Cookie set.';

This mimicks a (arguably not well-behaved) website that sets a cookie but does not escape special characters. This works in all parts of Firefox except the sessionstore handling. In the file previous.jsonlz4, the special character is not escaped either. Upon reading this file, the special character gets corrupted.
It looks like bugzilla did not like the "actual result" I typed in. Instead of ”, it appears as a unicode box "001D", so I guess it's "\u001D" aka Group Separator.
Summary: Badly encoded session cookies are corrupted in sessionstore → Non-ASCII cookies are corrupted in sessionstore
Summary: Non-ASCII cookies are corrupted in sessionstore → Unescaped non-ASCII cookies are corrupted in sessionstore
Component: Untriaged → Session Restore
Blocks: ss-reliability
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P2
Blocks: 1558836, 1557254

Comments in bug 1558836 pinpoint the cause of this issue, fwiw.

nsICookie changed the value property type to AUTF8String. So nsICookieManager.add should also change for consistency.
https://searchfox.org/mozilla-central/diff/280752aa618928f8fd1aad71e6c1e31f64834ed2/netwerk/cookie/nsICookie.idl#29
(Oh, and this is my change in bug 826159. Sorry for overlooking this.)

Pushed by VYV03354@nifty.ne.jp:
https://hg.mozilla.org/integration/autoland/rev/d8ccc114a50f
Change `aValue` parameter of `nsICookieManager.add` to `AUTF8String` to align with `nsICookie` change. r=Ehsan

https://hg.mozilla.org/mozilla-central/rev/d8ccc114a50f

Status: NEW → RESOLVED
Closed: 5 years ago
status-firefox69: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → Firefox 69
Assignee: nobody → VYV03354
Flags: qe-verify+

Confirmed issue with 58.0a1 (2017-10-16).
Fix verified with 69.0b7 on Windows 10, macOS 10.13, Ubuntu 18.04.

Status: RESOLVED → VERIFIED
status-firefox69: fixedverified
Flags: qe-verify+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: