New issue
Advanced search Search tips

Issue 907610 link

Starred by 1 user

Issue metadata

Status: Untriaged
Owner: ----
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug



Sign in to add a comment

Cookie parsing incorrectly handles two-digit year 69

Project Member Reported by elawrence@chromium.org, Nov 21

Issue description

Chrome Version: 72.3617

https://cs.chromium.org/chromium/src/net/cookies/cookie_util.cc?l=255&rcl=6adbc9ea5bd75e6b72fe1bb15a96511b4a7743ee

Chrome has:

  // Normalize the year to expand abbreviated years to the full year.
  if (exploded.year >= 69 && exploded.year <= 99)
    exploded.year += 1900;
  if (exploded.year >= 0 && exploded.year <= 68)
    exploded.year += 2000;

https://tools.ietf.org/html/rfc6265#section-5.2.1 says:

   If the year-value is greater than or equal to 70 and less than or
       equal to 99, increment the year-value by 1900.

   If the year-value is greater than or equal to 0 and less than or
       equal to 69, increment the year-value by 2000.

Firefox seems to match the spec.
https://dxr.mozilla.org/mozilla-central/source/nsprpub/pr/src/misc/prtime.c?q=%2Bfunction%3A%22PR_ParseTimeStringToExplodedTime%28const+char+%2A%2C+PRBool%2C+PRExplodedTime+%2A%29%22&redirect_type=single#964
 
I assume the 69 is because we don't trust servers not to return times before 1970 due to time zone conversions.  We might want to gather stats before changing this, though FireFox not running into issues here is a good sign.

Sign in to add a comment