marek/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

* i2ptunnel: Block b32.i2p supercookies

Browse Source
This commit is contained in:
zzz
2013-04-23 18:23:38 +00:00
parent 22025b0c3a
commit aa547a1610
3 changed files with 16 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
apps/i2ptunnel/java/src/net/i2p/i2ptunnel/HTTPResponseOutputStream.java
View File

@ -193,6 +193,17 @@ class HTTPResponseOutputStream extends FilterOutputStream {
} else if ("content-type".equals(lcKey)) {
// save for compress decision on server side
_contentType = val;
} else if ("set-cookie".equals(lcKey)) {
String lcVal = val.toLowerCase(Locale.US);
if (lcVal.contains("domain=b32.i2p") ||
lcVal.contains("domain=.b32.i2p")) {
// Strip privacy-damaging "supercookie" for b32.i2p
// Let's presume the user agent ignores a cookie for "i2p"
// See RFC 6265 and http://publicsuffix.org/
if (_log.shouldLog(Log.INFO))
_log.info("Stripping \"" + key + ": " + val + "\" from response ");
break;
}
}
out.write((key.trim() + ": " + val.trim() + "\r\n").getBytes());
}

4
history.txt
View File

@ -1,3 +1,7 @@
2013-04-23 zzz
* Console: Fix Jetty digest auth bug causing repeated password requests
* i2ptunnel: Block b32.i2p supercookies
2013-04-21 zzz
* AppManager: Add HTML debug output
* Installer: Fix installations to a different drive on Windows

2
router/java/src/net/i2p/router/RouterVersion.java
View File

@ -18,7 +18,7 @@ public class RouterVersion {
/** deprecated */
public final static String ID = "Monotone";
public final static String VERSION = CoreVersion.VERSION;
public final static long BUILD = 12;
public final static long BUILD = 13;
/** for example "-test" */
public final static String EXTRA = "";