From 9707553a712f117a802074e9b80ff3fe81b7a95e Mon Sep 17 00:00:00 2001 From: Martin Slota Date: Tue, 9 Apr 2019 17:48:55 +0200 Subject: [PATCH] Handle empty cookie components gracefully --- cohttp/src/cookie.ml | 2 +- cohttp/test/test_header.ml | 10 ++++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/cohttp/src/cookie.ml b/cohttp/src/cookie.ml index 42ba313762..e42fc71937 100644 --- a/cohttp/src/cookie.ml +++ b/cohttp/src/cookie.ml @@ -146,7 +146,7 @@ module Cookie_hdr = struct let comps = Stringext.split_trim_left ~on:";" ~trim:" \t" header in (* We don't handle $Path, $Domain, $Port, $Version (or $anything $else) *) - let cookies = List.filter (fun s -> s.[0] != '$') comps in + let cookies = List.filter (fun s -> String.length s > 0 && s.[0] != '$') comps in let split_pair nvp = match Stringext.split ~on:'=' nvp ~max:2 with | [] -> ("","") diff --git a/cohttp/test/test_header.ml b/cohttp/test/test_header.ml index 5235435af4..15b274ea90 100644 --- a/cohttp/test/test_header.ml +++ b/cohttp/test/test_header.ml @@ -66,6 +66,15 @@ let cookie_with_eq_val () = let cookies = Cohttp.Cookie.Cookie_hdr.extract h in Alcotest.check t_cookies "cookie_with_eq_val" cookies ["test", "me="] +let ignores_empty_cookie () = + let cookies = ["foo", "bar"] in + let (k, v) = Cohttp.Cookie.Cookie_hdr.serialize cookies in + (* prepend an invalid empty component *) + let v = "; " ^ v in + let h = Cohttp.Header.of_list [ k, v ] in + let cookies = Cohttp.Cookie.Cookie_hdr.extract h in + Alcotest.check t_cookies "cookie" cookies ["foo", "bar"] + let valid_cookie () = let cookies = [ "foo", "bar"; "a", "b" ] in let k, v = Cohttp.Cookie.Cookie_hdr.serialize cookies in @@ -462,6 +471,7 @@ Alcotest.run "test_header" [ "Valid Set-Cookie", `Quick, valid_set_cookie; "Valid Cookie", `Quick, valid_cookie; "Cookie with =", `Quick, cookie_with_eq_val; + "Ignores empty cookie", `Quick, ignores_empty_cookie; ]; "Content Range", [ "none", `Quick, Content_range.none;