curl/tests/data/test31, branch master cURL mirror with patches applied tests: allow tests to pass by 2037-02-12 2019-01-08T09:36:49+00:00 Bernhard M. Wiedemann bwiedemann@suse.de 2019-01-07T15:23:04+00:00 114a02c75b702e98abf6328271bc76863c67b931 similar to commit f508d29f3902104018 Closes #3443 
similar to commit f508d29f3902104018

Closes #3443
cookies: leave secure cookies alone 2018-12-13T08:57:58+00:00 Daniel Gustafsson daniel@yesql.se 2018-12-13T08:57:58+00:00 7a09b52c98ac8d840a8a9907b1a1d9a9e684bcf5 Only allow secure origins to be able to write cookies with the 'secure' flag set. This reduces the risk of non-secure origins to influence the state of secure origins. This implements IETF Internet-Draft draft-ietf-httpbis-cookie-alone-01 which updates RFC6265. Closes #2956 Reviewed-by: Daniel Stenberg <daniel@haxx.se> 
Only allow secure origins to be able to write cookies with the
'secure' flag set. This reduces the risk of non-secure origins
to influence the state of secure origins. This implements IETF
Internet-Draft draft-ietf-httpbis-cookie-alone-01 which updates
RFC6265.

Closes #2956
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
cookies: support creation-time attribute for cookies 2018-08-31T12:11:37+00:00 Daniel Gustafsson daniel@yesql.se 2018-08-28T09:28:50+00:00 e2ef8d6fa11b2345e10b89db525920f2a0d5fd79 According to RFC6265 section 5.4, cookies with equal path lengths SHOULD be sorted by creation-time (earlier first). This adds a creation-time record to the cookie struct in order to make cookie sorting more deterministic. The creation-time is defined as the order of the cookies in the jar, the first cookie read fro the jar being the oldest. The creation-time is thus not serialized into the jar. Also remove the strcmp() matching in the sorting as there is no lexicographic ordering in RFC6265. Existing tests are updated to match. Closes #2524 
According to RFC6265 section 5.4, cookies with equal path lengths
SHOULD be sorted by creation-time (earlier first). This adds a
creation-time record to the cookie struct in order to make cookie
sorting more deterministic. The creation-time is defined as the
order of the cookies in the jar, the first cookie read fro the
jar being the oldest. The creation-time is thus not serialized
into the jar. Also remove the strcmp() matching in the sorting as
there is no lexicographic ordering in RFC6265. Existing tests are
updated to match.

Closes #2524
tests: made a couple of prechecks consistent with others 2017-05-13T17:12:22+00:00 Dan Fandrich dan@coneharvesters.com 2017-05-13T17:04:10+00:00 fa0ac3f4d9ca095c33bca62ba2f64c95e3c3456a Also removed a TODO suggesting caching the precheck results. Tests showed this would save about 0.1 sec on the total test run time on a relatively modern system, an unnoticeable gain at the cost of longer and more complicated code. There would also be a danger that a cached test result would be inappropriately returned, such as when other test dependencies (like environment variables) are different or when the precheck causes side effects (like filesystem changes). 
Also removed a TODO suggesting caching the precheck results. Tests
showed this would save about 0.1 sec on the total test run time on a
relatively modern system, an unnoticeable gain at the cost of longer and
more complicated code. There would also be a danger that a cached test
result would be inappropriately returned, such as when other test
dependencies (like environment variables) are different or when the
precheck causes side effects (like filesystem changes).
URLs: change all http:// URLs to https:// 2016-02-02T23:19:02+00:00 Daniel Stenberg daniel@haxx.se 2016-02-02T23:19:02+00:00 4af40b3646d3b09f68e419f7ca866ff395d1f897 






cookie: handle spaces after the name in Set-Cookie
2015-04-01T21:25:29+00:00

Daniel Stenberg
daniel@haxx.se

2015-04-01T21:25:29+00:00

2685041a5c285968696de639699fb39a0fdf8c69

"name =value" is fine and the space should just be skipped.

Updated test 31 to also test for this.

Bug: https://github.com/bagder/curl/issues/195
Reported-by: cromestant
Help-by: Frank Gevaerts





"name =value" is fine and the space should just be skipped.

Updated test 31 to also test for this.

Bug: https://github.com/bagder/curl/issues/195
Reported-by: cromestant
Help-by: Frank Gevaerts







cookies: only use full host matches for hosts used as IP address
2014-09-10T05:32:36+00:00

Tim Ruehsen
tim.ruehsen@gmx.de

2014-08-19T19:01:28+00:00

8a75dbeb2305297640453029b7905ef51b87e8dd

By not detecting and rejecting domain names for partial literal IP
addresses properly when parsing received HTTP cookies, libcurl can be
fooled to both send cookies to wrong sites and to allow arbitrary sites
to set cookies for others.

CVE-2014-3613

Bug: http://curl.haxx.se/docs/adv_20140910A.html





By not detecting and rejecting domain names for partial literal IP
addresses properly when parsing received HTTP cookies, libcurl can be
fooled to both send cookies to wrong sites and to allow arbitrary sites
to set cookies for others.

CVE-2014-3613

Bug: http://curl.haxx.se/docs/adv_20140910A.html







cookies: follow-up fix for path checking
2013-06-12T09:19:56+00:00

YAMADA Yasuharu
yasuharu.yamada@access-company.com

2013-06-12T09:19:56+00:00

f24dc09d209a2f91ca38d854f0c15ad93f3d7e2d

The initial fix to only compare full path names were done in commit
04f52e9b4db0 but found out to be incomplete. This takes should make the
change more complete and there's now two additional tests to verify
(test 31 and 62).





The initial fix to only compare full path names were done in commit
04f52e9b4db0 but found out to be incomplete. This takes should make the
change more complete and there's now two additional tests to verify
(test 31 and 62).







Add a HOSTIP precheck for tests 31 and 1105
2012-11-19T09:58:14+00:00

Fabian Keil
fk@fabiankeil.de

2012-11-18T13:55:29+00:00

276452ca1096c40c886eee3ea461d462b7bcdadc

They currently only work for 127.0.0.1 which
is hardcoded and can't be easily changed.





They currently only work for 127.0.0.1 which
is hardcoded and can't be easily changed.







Use carriage returns in all headers in test 31
2012-11-19T09:58:14+00:00

Fabian Keil
fk@fabiankeil.de

2012-11-16T12:54:59+00:00

10296ac66565edcfac680e7c2177557893230500

Trailing spaces were left unmodifed, assuming they were intentional.





Trailing spaces were left unmodifed, assuming they were intentional.