[libsoup/hsts: 22/25] Ignore STS header fields with duplicate directives

[Claudio Saavedra <csaavedra src gnome org>]

commit 0d37b3511e24e3bfc08ccf4c39a7aa5ec269698c
Author: Claudio Saavedra <csaavedra igalia com>
Date:   Mon Sep 24 18:03:17 2018 +0300

    Ignore STS header fields with duplicate directives
    
    Use the recently added strict parameter parsing method to check
    for duplicate directives and ignore them, as per the specification.
    Uncomment the duplicate directives test.

 libsoup/soup-hsts-policy.c | 5 ++++-
 tests/hsts-test.c          | 4 +---
 2 files changed, 5 insertions(+), 4 deletions(-)
---
diff --git a/libsoup/soup-hsts-policy.c b/libsoup/soup-hsts-policy.c
index 0e410870..20388fb5 100644
--- a/libsoup/soup-hsts-policy.c
+++ b/libsoup/soup-hsts-policy.c
@@ -272,7 +272,10 @@ soup_hsts_policy_new_from_response (SoupMessage *msg)
 
                uri = soup_message_get_uri (msg);
 
-               params = soup_header_parse_semi_param_list (value);
+               params = soup_header_parse_semi_param_list_strict (value);
+
+               if (!params)
+                       return NULL;
 
                max_age_str = g_hash_table_lookup (params, "max-age");
 
diff --git a/tests/hsts-test.c b/tests/hsts-test.c
index ae40495f..aba7859c 100644
--- a/tests/hsts-test.c
+++ b/tests/hsts-test.c
@@ -466,9 +466,7 @@ main (int argc, char **argv)
        g_test_add_func ("/hsts/missing-values", do_hsts_missing_values_test);
        g_test_add_func ("/hsts/invalid-values", do_hsts_invalid_values_test);
        g_test_add_func ("/hsts/extra-values", do_hsts_extra_values_test);
-       /* This test is skipped because soup_header_parse_semi_param_list() does not
-          take into account duplicated directives/parameters. */
-       /* g_test_add_func ("/hsts/duplicated-directives", do_hsts_duplicated_directives_test); */
+       g_test_add_func ("/hsts/duplicated-directives", do_hsts_duplicated_directives_test);
        g_test_add_func ("/hsts/case-insensitive-header", do_hsts_case_insensitive_header_test);
        g_test_add_func ("/hsts/case-insensitive-directives", do_hsts_case_insensitive_directives_test);
        g_test_add_func ("/hsts/optional-quotations", do_hsts_optional_quotations_test);