[libsoup/hsts: 21/24] Ignore STS header fields with duplicate directives

[Claudio Saavedra <csaavedra src gnome org>]

commit 7b79b91c46ed7c761d7e3c784cfa24aacc35aeef
Author: Claudio Saavedra <csaavedra igalia com>
Date:   Mon Sep 24 18:03:17 2018 +0300

    Ignore STS header fields with duplicate directives
    
    Use the recently added strict parameter parsing method to check
    for duplicate directives and ignore them, as per the specification.
    Uncomment the duplicate directives test.

 libsoup/soup-hsts-policy.c | 5 ++++-
 tests/hsts-test.c          | 4 +---
 2 files changed, 5 insertions(+), 4 deletions(-)
---
diff --git a/libsoup/soup-hsts-policy.c b/libsoup/soup-hsts-policy.c
index 4a9dfa1a..794b4d8d 100644
--- a/libsoup/soup-hsts-policy.c
+++ b/libsoup/soup-hsts-policy.c
@@ -272,7 +272,10 @@ soup_hsts_policy_new_from_response (SoupMessage *msg)
 
                uri = soup_message_get_uri (msg);
 
-               params = soup_header_parse_semi_param_list (value);
+               params = soup_header_parse_semi_param_list_strict (value);
+
+               if (!params)
+                       return NULL;
 
                max_age_str = g_hash_table_lookup (params, "max-age");
 
diff --git a/tests/hsts-test.c b/tests/hsts-test.c
index ae40495f..aba7859c 100644
--- a/tests/hsts-test.c
+++ b/tests/hsts-test.c
@@ -466,9 +466,7 @@ main (int argc, char **argv)
        g_test_add_func ("/hsts/missing-values", do_hsts_missing_values_test);
        g_test_add_func ("/hsts/invalid-values", do_hsts_invalid_values_test);
        g_test_add_func ("/hsts/extra-values", do_hsts_extra_values_test);
-       /* This test is skipped because soup_header_parse_semi_param_list() does not
-          take into account duplicated directives/parameters. */
-       /* g_test_add_func ("/hsts/duplicated-directives", do_hsts_duplicated_directives_test); */
+       g_test_add_func ("/hsts/duplicated-directives", do_hsts_duplicated_directives_test);
        g_test_add_func ("/hsts/case-insensitive-header", do_hsts_case_insensitive_header_test);
        g_test_add_func ("/hsts/case-insensitive-directives", do_hsts_case_insensitive_directives_test);
        g_test_add_func ("/hsts/optional-quotations", do_hsts_optional_quotations_test);