QNetworkCookie - use RFC6265 rules for max-age

If unparsable, ignore the max-age attribute but process the rest of
the cookie normally.
If max age <= 0, set expiration time to "earliest representable time"
To keep this a safe value for conversions, time_t of 0 is used.

This fixes cases 0019 and comma0005 in the test suite.
Due to this change, cookies may be sent after they should have expired
in case the max-age was malformed. Previously they would have been
discarded immediately, which is more likely to break web services.

Task-number: QTBUG-15794
Change-Id: I7882af8eb37db156785e4e358ca639e90c94f8d0
Reviewed-by: Richard J. Moore <rich@kde.org>

1 files changed, 9 insertions, 3 deletions

diff --git a/src/network/access/qnetworkcookie.cpp b/src/network/access/qnetworkcookie.cpp
index be4ea2ff36..89e6f8a5ae 100644
--- a/src/network/access/qnetworkcookie.cpp
+++ b/src/network/access/qnetworkcookie.cpp
@@ -1015,9 +1015,15 @@ QList<QNetworkCookie> QNetworkCookiePrivate::parseSetCookieHeaderLine(const QByt
                 } else if (field.first == "max-age") {
                     bool ok = false;
                     int secs = field.second.toInt(&ok);
-                    if (!ok)
-                        return result;
-                    cookie.setExpirationDate(now.addSecs(secs));
+                    if (ok) {
+                        if (secs <= 0) {
+                            //earliest representable time (RFC6265 section 5.2.2)
+                            cookie.setExpirationDate(QDateTime::fromTime_t(0));
+                        } else {
+                            cookie.setExpirationDate(now.addSecs(secs));
+                        }
+                    }
+                    //if unparsed, ignore the attribute but not the whole cookie (RFC6265 section 5.2.2)
                 } else if (field.first == "path") {
                     QString path = QUrl::fromPercentEncoding(field.second);
                     cookie.setPath(path);