From aa547a161085f35d7c9f2627a648ce705ee24fe3 Mon Sep 17 00:00:00 2001
From: zzz <zzz@mail.i2p>
Date: Tue, 23 Apr 2013 18:23:38 +0000
Subject: [PATCH]  * i2ptunnel: Block b32.i2p supercookies

---
 .../net/i2p/i2ptunnel/HTTPResponseOutputStream.java   | 11 +++++++++++
 history.txt                                           |  4 ++++
 router/java/src/net/i2p/router/RouterVersion.java     |  2 +-
 3 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/HTTPResponseOutputStream.java b/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/HTTPResponseOutputStream.java
index 73dba50daf..f1b73c1146 100644
--- a/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/HTTPResponseOutputStream.java
+++ b/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/HTTPResponseOutputStream.java
@@ -193,6 +193,17 @@ class HTTPResponseOutputStream extends FilterOutputStream {
                                 } else if ("content-type".equals(lcKey)) {
                                     // save for compress decision on server side
                                     _contentType = val;
+                                } else if ("set-cookie".equals(lcKey)) {
+                                    String lcVal = val.toLowerCase(Locale.US);
+                                    if (lcVal.contains("domain=b32.i2p") ||
+                                        lcVal.contains("domain=.b32.i2p")) {
+                                        // Strip privacy-damaging "supercookie" for b32.i2p
+                                        // Let's presume the user agent ignores a cookie for "i2p"
+                                        // See RFC 6265 and http://publicsuffix.org/
+                                        if (_log.shouldLog(Log.INFO))
+                                            _log.info("Stripping \"" + key + ": " + val + "\" from response ");
+                                        break;
+                                    }
                                 }
                                 out.write((key.trim() + ": " + val.trim() + "\r\n").getBytes());
                             }
diff --git a/history.txt b/history.txt
index 0f78c62ff4..6fde6cb7e2 100644
--- a/history.txt
+++ b/history.txt
@@ -1,3 +1,7 @@
+2013-04-23 zzz
+ * Console: Fix Jetty digest auth bug causing repeated password requests
+ * i2ptunnel: Block b32.i2p supercookies
+
 2013-04-21 zzz
  * AppManager: Add HTML debug output
  * Installer: Fix installations to a different drive on Windows
diff --git a/router/java/src/net/i2p/router/RouterVersion.java b/router/java/src/net/i2p/router/RouterVersion.java
index e36cd3b143..7f4edb9752 100644
--- a/router/java/src/net/i2p/router/RouterVersion.java
+++ b/router/java/src/net/i2p/router/RouterVersion.java
@@ -18,7 +18,7 @@ public class RouterVersion {
     /** deprecated */
     public final static String ID = "Monotone";
     public final static String VERSION = CoreVersion.VERSION;
-    public final static long BUILD = 12;
+    public final static long BUILD = 13;
 
     /** for example "-test" */
     public final static String EXTRA = "";