Ates Goral pointed out that libcurl's cookie parser did case insensitive

string comparisons on the path which is incorrect and provided a patch that
fixes this. I edited test case 8 to include details that test for this.

4 files changed, 13 insertions, 4 deletions

diff --git a/CHANGES b/CHANGES
index 574d513b5..a50f785a5 100644
--- a/CHANGES
+++ b/CHANGES
@@ -7,6 +7,10 @@
                                   Changelog
 
 Daniel (8 July 2006)
+- Ates Goral pointed out that libcurl's cookie parser did case insensitive
+  string comparisons on the path which is incorrect and provided a patch that
+  fixes this. I edited test case 8 to include details that test for this.
+
 - Ingmar Runge provided a source snippet that caused a crash. The reason for
   the crash was that libcurl internally was a bit confused about who owned the
   DNS cache at all times so if you created an easy handle that uses a shared
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index d8c66cdd2..303ea8bbd 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -18,6 +18,7 @@ This release includes the following changes:
 
 This release includes the following bugfixes:
 
+ o cookie parser now compares paths case sensitive
  o an easy handle with shared DNS cache added to a multi handle caused a crash
  o couldn't override the Proxy-Connection: header for non-CONNECT requests
  o curl_multi_fdset() could wrongly return -1 as max_fd value
@@ -25,7 +26,7 @@ This release includes the following bugfixes:
 Other curl-related news:
 
  o yassl 1.3.7 can now be used with libcurl as an optional TLS library for
-   HTTPS/FTPS support
+   HTTPS/FTPS support: http://www.yassl.com/
  o cURLpp 0.6.0 was released: http://rrette.com/curlpp.html
  o pycurl-7.15.4 was released: http://pycurl.sf.net
 
@@ -37,6 +38,6 @@ This release would not have looked like this without help, code, reports and
 advice from friends like these:
 
  Dan Fandrich, Peter Silva, Arve Knudsen, Michael Wallner, Toshiyuki Maezawa,
- Ingmar Runge
+ Ingmar Runge, Ates Goral
 
         Thanks! (and sorry if I forgot to mention someone)
diff --git a/lib/cookie.c b/lib/cookie.c
index d934868ca..00f7b0fa7 100644
--- a/lib/cookie.c
+++ b/lib/cookie.c
@@ -760,7 +760,9 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c,
         /* now check the left part of the path with the cookies path
            requirement */
         if(!co->path ||
-           checkprefix(co->path, path) ) {
+           /* not using checkprefix() because matching should be
+              case-sensitive */
+           !strncmp(co->path, path, strlen(co->path)) ) {
 
           /* and now, we know this is a match and we should create an
              entry for the return-linked-list */
diff --git a/tests/data/test8 b/tests/data/test8
index 683899ae1..50c5d4f2b 100644
--- a/tests/data/test8
+++ b/tests/data/test8
@@ -37,6 +37,8 @@ Funny-head: yesyes
 Set-Cookie: foobar=name; domain=127.0.0.1; path=/;
 Set-Cookie: mismatch=this; domain=127.0.0.1; path="/silly/";
 Set-Cookie: partmatch=present; domain=.0.0.1; path=/;
+Set-Cookie: cookie=yes; path=/we;
+Set-Cookie: nocookie=yes; path=/WE;
 
 </file>
 </client>
@@ -50,7 +52,7 @@ Set-Cookie: partmatch=present; domain=.0.0.1; path=/;
 GET /we/want/8 HTTP/1.1

 Host: 127.0.0.1:%HTTPPORT

 Accept: */*

-Cookie: partmatch=present; foobar=name

+Cookie: cookie=yes; partmatch=present; foobar=name

 

 </protocol>
 </verify>