HttpDate: fix parsing of 2-digit year dates.

Fixes #13043. Added the affected cookies to the testsuite to avoid future regressions.
2016-10-31 08:59:23 +01:00 · 2016-10-31 08:59:23 +01:00 · f004acb098
commit f004acb098
parent a5b5f89612
2 changed files with 35 additions and 5 deletions
--- a/src/kits/network/libnetapi/HttpTime.cpp
+++ b/src/kits/network/libnetapi/HttpTime.cpp
@ -14,12 +14,36 @@
 #include <cstdio>


+// The formats used should be, in order of preference (according to RFC2616,
+// section 3.3):
+// RFC1123 / RFC822: "Sun, 06 Nov 1994 08:49:37 GMT"
+// RFC1036 / RFC850: "Sunday, 06-Nov-94 08:49:37 GMT"
+// asctime         : "Sun Nov  6 08:49:37 1994"
+//
+// RFC1123 is the preferred one because it has 4 digit years.
+//
+// But of course in real life, all possible mixes of the formats are used.
+// Believe it or not, it's even possible to find some website that gets this
+// right and use one of the 3 formats above.
+// Often seen variants are:
+// - RFC1036 but with 4 digit year,
+// - Missing or different timezone indicator
+// - Invalid weekday
 static const char* kDateFormats[] = {
-	"%a, %d %b %Y %H:%M:%S",
-	"%a, %d-%b-%Y %H:%M:%S",
-	"%a, %d-%b-%Y %H:%M:%S GMT",
-	"%a, %d-%b-%Y %H:%M:%S UTC",
-	"%A, %d-%b-%y %H:%M:%S",
+	// RFC1123
+	"%a, %d %b %Y %H:%M:%S",     // without timezone
+	"%a, %d %b %Y %H:%M:%S GMT", // canonical
+
+	// RFC1036
+	"%A, %d-%b-%y %H:%M:%S",     // without timezone
+	"%A, %d-%b-%y %H:%M:%S GMT", // canonical
+
+	// RFC1036 with 4 digit year
+	"%a, %d-%b-%Y %H:%M:%S",     // without timezone
+	"%a, %d-%b-%Y %H:%M:%S GMT", // with 4-digit year
+	"%a, %d-%b-%Y %H:%M:%S UTC", // "UTC" timezone
+
+	// asctime
 	"%a %d %b %H:%M:%S %Y"
 };

--- a/src/tests/kits/net/service/CookieTest.cpp
+++ b/src/tests/kits/net/service/CookieTest.cpp
@ -494,6 +494,12 @@ CookieTest::ExpireParsingTest()
 			// NOTE: This can't really happen when we get cookies from HTTP
 			// headers. It could happen when the cookie is set from meta html
 			// tags or from JS.
+		{ "301-32=1; expires=Mon, 31-Oct-2035 08:08:40 GMT;",
+			true, false, false }, // Wrong weekday
+		{ "301-33=1; expires=Tue, 19-Oct-66 07:08:40;",
+			true, false, false }, // RFC1036 format with 2 digit year
+		{ "301-34=1; expires=Sat, 21-Oct-56 07:08:40 GMT;",
+			true, false, false }, // RFC1036 format with 2 digit year
 	};

 	for (unsigned int i = 0; i < sizeof(tests) / sizeof(Test); i++)