diff options
author | Patrick Monnerat <patrick@monnerat.net> | 2018-05-13 01:23:10 +0200 |
---|---|---|
committer | Patrick Monnerat <patrick@monnerat.net> | 2018-05-13 01:23:10 +0200 |
commit | 1b55d270ad3d4473b2fd46481478275e47c60eaf (patch) | |
tree | b3698c5dec22655c49fe6fbacaf8440e511f98d8 | |
parent | 9cacc24630e55ea54803458f37fadfe9d4beb52c (diff) |
cookies: do not take cookie name as a parameter
RFC 6265 section 4.2.1 does not set restrictions on cookie names.
This is a follow-up to commit 7f7fcd0.
Also explicitly check proper syntax of cookie name/value pair.
New test 1155 checks that cookie names are not reserved words.
Reported-By: anshnd at github
Fixes #2564
Closes #2566
-rw-r--r-- | lib/cookie.c | 8 | ||||
-rw-r--r-- | tests/data/Makefile.inc | 2 | ||||
-rw-r--r-- | tests/data/test1155 | 54 |
3 files changed, 62 insertions, 2 deletions
diff --git a/lib/cookie.c b/lib/cookie.c index 5eb3c1209..29f627fd4 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -528,10 +528,16 @@ Curl_cookie_add(struct Curl_easy *data, while(*whatptr && ISBLANK(*whatptr)) whatptr++; - if(!co->name && sep) { + if(!co->name) { /* The very first name/value pair is the actual cookie name */ + if(!sep) { + /* Bad name/value pair. */ + badcookie = TRUE; + break; + } co->name = strdup(name); co->value = strdup(whatptr); + done = TRUE; if(!co->name || !co->value) { badcookie = TRUE; break; diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc index fbda6008f..12373ba61 100644 --- a/tests/data/Makefile.inc +++ b/tests/data/Makefile.inc @@ -127,7 +127,7 @@ test1120 test1121 test1122 test1123 test1124 test1125 test1126 test1127 \ test1128 test1129 test1130 test1131 test1132 test1133 test1134 test1135 \ test1136 test1137 test1138 test1139 test1140 test1141 test1142 test1143 \ test1144 test1145 test1146 test1147 test1148 test1149 test1150 test1151 \ -test1152 test1153 test1154 \ +test1152 test1153 test1154 test1155 \ \ test1160 test1161 test1162 test1163 test1164 \ test1170 test1171 \ diff --git a/tests/data/test1155 b/tests/data/test1155 new file mode 100644 index 000000000..0eae2a9d4 --- /dev/null +++ b/tests/data/test1155 @@ -0,0 +1,54 @@ +<testcase> +<info> +<keywords> +HTTP +HTTP GET +cookies +</keywords> +</info> + +# Server-side +<reply> + +<data> +HTTP/1.1 200 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Content-Length: 0
+Set-Cookie: domain=value;secure;path=/ +
+</data> +</reply> + +# Client-side +<client> +<server> +http +</server> + <name> +HTTP cookie with parameter word as name + </name> + <command> +http://%HOSTIP:%HTTPPORT/1155 -c log/cookies1155.txt +</command> +</client> + +# Verify data after the test has been "shot" +<verify> +<strip> +^User-Agent:.* +</strip> +<protocol> +GET /1155 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+
+</protocol> +<file name="log/cookies1155.txt"> +# Netscape HTTP Cookie File +# https://curl.haxx.se/docs/http-cookies.html +# This file was generated by libcurl! Edit at your own risk. + +127.0.0.1 FALSE / TRUE 0 domain value +</file> +</verify> +</testcase> |