From 7e1c444c02dc46f6e39b1dc62efca04a275dc613 Mon Sep 17 00:00:00 2001 From: Taloth Saldono Date: Thu, 24 Dec 2015 19:30:16 +0100 Subject: [PATCH] Fixed: Curl Fallback should ignore invalid cookies. --- .../Http/HttpClientFixture.cs | 27 +++++++++++++++++++ .../Http/Dispatchers/CurlHttpDispatcher.cs | 9 ++++++- 2 files changed, 35 insertions(+), 1 deletion(-) diff --git a/src/NzbDrone.Common.Test/Http/HttpClientFixture.cs b/src/NzbDrone.Common.Test/Http/HttpClientFixture.cs index 510f69d8a..2f4e3abf3 100644 --- a/src/NzbDrone.Common.Test/Http/HttpClientFixture.cs +++ b/src/NzbDrone.Common.Test/Http/HttpClientFixture.cs @@ -349,6 +349,33 @@ namespace NzbDrone.Common.Test.Http Thread.CurrentThread.CurrentUICulture = origCulture; } } + + [TestCase("lang_code=en; expires=Fri, 23-Dec-2016 18:09:14 GMT; Max-Age=31536000; path=/; domain=.abc.com")] + public void should_reject_malformed_domain_cookie(string malformedCookie) + { + try + { + // the date is bad in the below - should be 13-Jul-2016 + string url = "http://eu.httpbin.org/response-headers?Set-Cookie=" + Uri.EscapeUriString(malformedCookie); + + var requestSet = new HttpRequest(url); + requestSet.AllowAutoRedirect = false; + requestSet.StoreResponseCookie = true; + + var responseSet = Subject.Get(requestSet); + + var request = new HttpRequest("http://eu.httpbin.org/get"); + + var response = Subject.Get(request); + + response.Resource.Headers.Should().NotContainKey("Cookie"); + + ExceptionVerification.IgnoreErrors(); + } + finally + { + } + } } public class HttpBinResource diff --git a/src/NzbDrone.Common/Http/Dispatchers/CurlHttpDispatcher.cs b/src/NzbDrone.Common/Http/Dispatchers/CurlHttpDispatcher.cs index cdcea3aae..419f6fb2c 100644 --- a/src/NzbDrone.Common/Http/Dispatchers/CurlHttpDispatcher.cs +++ b/src/NzbDrone.Common/Http/Dispatchers/CurlHttpDispatcher.cs @@ -165,7 +165,14 @@ namespace NzbDrone.Common.Http.Dispatchers var setCookie = webHeaderCollection.Get("Set-Cookie"); if (setCookie != null && setCookie.Length > 0 && cookies != null) { - cookies.SetCookies(request.Url, FixSetCookieHeader(setCookie)); + try + { + cookies.SetCookies(request.Url, FixSetCookieHeader(setCookie)); + } + catch (CookieException ex) + { + _logger.Debug("Rejected cookie {0}: {1}", ex.InnerException.Message, setCookie); + } } return webHeaderCollection;