Prevent invalid ParsedCookie modifications.
After https://chromium-review.googlesource.com/c/chromium/src/+/1982549,
we treat cookies with neither names nor values as invalid. This patch
adjusts `ParsedCookie::SetName()` and `ParsedCookie::SetValue()` to
ensure that a `ParsedCookie` can't be modified into an invalid cookie.
It also applies the rule to `CanonicalCookie::CreateSanitizedCookie`
to ensure that code path has the same restrictions.
Bug: 1040296
Change-Id: I1e57c3ee8a4f6dc222c35d6e9844928c1ba7fb06
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1993962
Commit-Queue: Mike West <[email protected]>
Reviewed-by: Lily Chen <[email protected]>
Cr-Commit-Position: refs/heads/master@{#733943}
diff --git a/net/cookies/parsed_cookie_unittest.cc b/net/cookies/parsed_cookie_unittest.cc
index 72dbc994..27ce53d 100644
--- a/net/cookies/parsed_cookie_unittest.cc
+++ b/net/cookies/parsed_cookie_unittest.cc
@@ -29,6 +29,28 @@
}
}
+TEST(ParsedCookieTest, TestSetEmptyNameValue) {
+ ParsedCookie empty("");
+ EXPECT_FALSE(empty.IsValid());
+ EXPECT_FALSE(empty.SetName(""));
+ EXPECT_FALSE(empty.SetValue(""));
+ EXPECT_FALSE(empty.IsValid());
+
+ ParsedCookie empty_value("name=");
+ EXPECT_TRUE(empty_value.IsValid());
+ EXPECT_EQ("name", empty_value.Name());
+ EXPECT_FALSE(empty_value.SetName(""));
+ EXPECT_EQ("name", empty_value.Name());
+ EXPECT_TRUE(empty_value.IsValid());
+
+ ParsedCookie empty_name("value");
+ EXPECT_TRUE(empty_name.IsValid());
+ EXPECT_EQ("value", empty_name.Value());
+ EXPECT_FALSE(empty_name.SetValue(""));
+ EXPECT_EQ("value", empty_name.Value());
+ EXPECT_TRUE(empty_value.IsValid());
+}
+
TEST(ParsedCookieTest, TestQuoted) {
// These are some quoting cases which the major browsers all
// handle differently. I've tested Internet Explorer 6, Opera 9.6,
