Fix crash when setting an invalid cookie (fixes issue #2657)

libcef/browser/net/cookie_manager_old_impl.cc

@@ -400,18 +400,26 @@ void CefCookieManagerOldImpl::SetCookieInternal(
   if (cookie.has_expires)
     cef_time_to_basetime(cookie.expires, expiration_time);
 
+  auto canonical_cookie = net::CanonicalCookie::CreateSanitizedCookie(
+      url, name, value, domain, path,
+      base::Time(),  // Creation time.
+      expiration_time,
+      base::Time(),  // Last access time.
+      cookie.secure ? true : false, cookie.httponly ? true : false,
+      net::CookieSameSite::DEFAULT_MODE, net::COOKIE_PRIORITY_DEFAULT);
+
   net::CookieOptions options;
   if (cookie.httponly)
     options.set_include_httponly();
 
-  cookie_store->SetCanonicalCookieAsync(
+  if (!canonical_cookie) {
-      net::CanonicalCookie::CreateSanitizedCookie(
+    SetCookieCallbackImpl(
-          url, name, value, domain, path,
+        callback,
-          base::Time(),  // Creation time.
+        net::CanonicalCookie::CookieInclusionStatus::EXCLUDE_UNKNOWN_ERROR);
-          expiration_time,
+    return;
-          base::Time(),  // Last access time.
+  }
-          cookie.secure ? true : false, cookie.httponly ? true : false,
+
-          net::CookieSameSite::DEFAULT_MODE, net::COOKIE_PRIORITY_DEFAULT),
+  cookie_store->SetCanonicalCookieAsync(std::move(canonical_cookie),
       url.scheme(), options, base::Bind(SetCookieCallbackImpl, callback));
 }
 

libcef/browser/net_service/cookie_manager_impl.cc

@@ -209,6 +209,11 @@ bool CefCookieManagerImpl::SetCookie(const CefString& url,
       cookie.secure ? true : false, cookie.httponly ? true : false,
       net::CookieSameSite::DEFAULT_MODE, net::COOKIE_PRIORITY_DEFAULT);
 
+  if (!canonical_cookie) {
+    SetCookieCallbackImpl(callback, false);
+    return true;
+  }
+
   net::CookieOptions options;
   if (cookie.httponly)
     options.set_include_httponly();

tests/ceftests/cookie_unittest.cc

@@ -300,6 +300,22 @@ void TestHostCookie(CefRefPtr<CefCookieManager> manager,
   VerifyNoCookies(manager, event, true);
 }
 
+void TestInvalidCookie(CefRefPtr<CefCookieManager> manager,
+                       CefRefPtr<CefWaitableEvent> event) {
+  CookieVector cookies;
+
+  CefCookie cookie;
+  const char* kUrl = "http://www.xyz.com";
+  CefString(&cookie.name).FromASCII("invalid1");
+  CefString(&cookie.value).FromASCII("invalid1");
+  CefString(&cookie.domain).FromASCII(".zyx.com");  // domain mismatch
+
+  cookies.push_back(cookie);
+
+  // No cookies will be set due to non canonical cookie
+  SetCookies(manager, kUrl, cookies, false, event);
+}
+
 void TestMultipleCookies(CefRefPtr<CefCookieManager> manager,
                          CefRefPtr<CefWaitableEvent> event) {
   std::stringstream ss;
@@ -474,6 +490,19 @@ void TestAllCookies(CefRefPtr<CefCookieManager> manager,
 
 }  // namespace
 
+// Test creation of a invalid cookie.
+TEST(CookieTest, BasicInvalidCookie) {
+  CefRefPtr<CefWaitableEvent> event =
+      CefWaitableEvent::CreateWaitableEvent(true, false);
+
+  CefRefPtr<CefCookieManager> manager =
+      CefCookieManager::GetGlobalManager(new TestCompletionCallback(event));
+  event->Wait();
+  EXPECT_TRUE(manager.get());
+
+  TestInvalidCookie(manager, event);
+}
+
 // Test creation of a domain cookie.
 TEST(CookieTest, BasicDomainCookie) {
   CefRefPtr<CefWaitableEvent> event =