[drakma-devel] error while parsing set cookie containing httponly & secure

Simon Koch simkoc at postfach.it
Sun Dec 9 18:00:07 UTC 2012


I did: https://github.com/edicl/drakma/issues/24

I also got a crude fix for the problem by adding those two functions:

(defun clean-string (string of)
  "cleans a given string of of by exploding them and concatenating the
resulting list using consing"
  (labels ((clean (sequence)
	     (if sequence
		 (if (char= (car sequence) of)
		     (clean (cdr sequence))
		     (cons (car sequence)
			   (clean (cdr sequence))))
		 nil)))
    (coerce (clean (coerce string 'list)) 'string)))

(defun fix-parameters (parameters)
  "goes through the given parameterlist an checks whether seperated
parameters are in one parameterpair cons
   for then seperating them and cleaning them of #\; and #\SPACE"
  (if parameters
       (if (find #\; (caar parameters))
	   (cons
	    (cons (subseq (caar parameters) 0 (position #\; (caar parameters))) nil)
	    (cons
	     (cons (clean-string (clean-string (subseq (caar parameters)
(position #\; (caar parameters))) #\;) #\ ) nil)
	     (fix-parameters (cdr parameters))))
	   (cons (car parameters)
		 (fix-parameters (cdr parameters))))
       nil))


and modifying parse-set-cookie:


(defun parse-set-cookie (string)
  "Parses the `Set-Cookie' header line STRING and returns a list
of three-element lists where each one contains the name of the
cookie, the value of the cookie, and an attribute/value list for
the optional cookie parameters."
  (let ((*current-error-message* (format nil "While parsing cookie header
~S:" string))
        result)
    (dolist (substring (split-set-cookie-string string))
      (with-sequence-from-string (stream substring)
        (let* ((name/value (read-name-value-pair stream :cookie-syntax t))
               (parameters (read-name-value-pairs stream :value-required-p
nil :cookie-syntax t)))
          (push (list (car name/value) (cdr name/value) (fix-parameters
parameters)) result))))
    (nreverse result)))


But as the problem seems to be the chunga function, I'd rather isolate and
fix the bug there instead of adding some compensating code in drakma.

Am So, 9.12.2012, 18:44, schrieb Hans Hübner:
> Simon,
>
> thank you for your report.  It is not a known problem.  I'd be
> grateful if you could open a github issue
> (https://github.com/edicl/drakma/issues).  From glancing at your
> description, it seems to me that this is indeed a bug that should be
> fixed.
>
> Thanks,
> Hans
>
> On Sun, Dec 9, 2012 at 6:15 PM, Simon Koch <simkoc at postfach.it> wrote:
>> When parsing this Set-Cookie line:
>>
>> Set-Cookie: shssl=4058628; path=/; secure; HttpOnly
>>
>> The resulting Cookie is:
>>
>> #<COOKIE shssl=4058628; path=/; domain=www.base.de>
>>
>> Which misses both features: 'HttpOnly' and 'secure'.
>>
>> I traced the bug down to 'parse-set-cooie' which returns
>> (("Set-Cookie: shssl" "4058628" (("path" . "/") ("secure; HttpOnly"))))
>>
>> instead of (("Set-Cookie: shssl" "4058628" (("path" . "/") ("secure")
>> ("HttpOnly"))))
>>
>> As far as I understood the code the problem is caused by
>> 'read-name-value-pairs' of chunga.
>>
>> I am using chunga 1.1.1 and drakma 1.2.9
>>
>> Is this a already known bug/problem?
>>
>>
>> _______________________________________________
>> drakma-devel mailing list
>> drakma-devel at common-lisp.net
>> http://lists.common-lisp.net/cgi-bin/mailman/listinfo/drakma-devel
>
> _______________________________________________
> drakma-devel mailing list
> drakma-devel at common-lisp.net
> http://lists.common-lisp.net/cgi-bin/mailman/listinfo/drakma-devel
>
>






More information about the Drakma-devel mailing list