Closed Bug 1906914 Opened 1 year ago Closed 1 year ago

Fix the max-age attribute parsing

Categories

(Core :: Networking: Cookies, defect, P2)

Product:
Core
Component:
Networking: Cookies
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
130 Branch
Tracking Flags:
Tracking Status
firefox130 --- fixed

People

(Reporter: baku, Assigned: baku)

Details

(Whiteboard: [necko-triaged])

Attachments

(1 file)

Bug 1906914 - Fix the max-age cookie attribute parser, r?edgul
48 bytes, text/x-phabricator-request
Details | Review

The current max-age attribute handling is broken in several ways:

  • It does not ignore the attribute if the value contains invalid chars
  • the computed expiration is let overflow with big max-age values
  • there are no warning messages when the values are invalid
  • it does not mark the cookie as session-only with invalid values
Assignee: nobody → amarchesini
Status: NEW → ASSIGNED
Whiteboard: [necko-triaged]
Severity: -- → S3
Priority: -- → P2
Pushed by amarchesini@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/1cc10daba8f6 Fix the max-age cookie attribute parser, r=edgul,devtools-reviewers,nchevobbe

https://hg.mozilla.org/mozilla-central/rev/1cc10daba8f6

Status: ASSIGNED → RESOLVED
Closed: 1 year ago
status-firefox130: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 130 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: