aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2009-10-25 18:15:14 +0000
committerDaniel Stenberg <daniel@haxx.se>2009-10-25 18:15:14 +0000
commit448d2b5f491067f110e96c4a60342d0c34dd7010 (patch)
treeb54da8c69276d819718665cec680bcc1ee6ef5f4
parent7867d442514ca2da5f33bc928fa37c442085ade3 (diff)
- Dima Barsky made the curl cookie parser accept cookies even with blank or
unparsable expiry dates and then treat them as session cookies - previously libcurl would reject cookies with a date format it couldn't parse. Research shows that the major browser treat such cookies as session cookies. I modified test 8 and 31 to verify this.
-rw-r--r--CHANGES7
-rw-r--r--RELEASE-NOTES3
-rw-r--r--lib/cookie.c7
-rw-r--r--tests/data/test312
-rw-r--r--tests/data/test83
5 files changed, 17 insertions, 5 deletions
diff --git a/CHANGES b/CHANGES
index 310512092..ed5e8892f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,13 @@
Changelog
+Daniel Stenberg (25 Oct 2009)
+- Dima Barsky made the curl cookie parser accept cookies even with blank or
+ unparsable expiry dates and then treat them as session cookies - previously
+ libcurl would reject cookies with a date format it couldn't parse. Research
+ shows that the major browser treat such cookies as session cookies. I
+ modified test 8 and 31 to verify this.
+
Daniel Stenberg (21 Oct 2009)
- Attempt to use pkg-config for finding out libssh2 installation details
during configure.
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 775b5fa61..a6049f003 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -41,6 +41,7 @@ This release includes the following bugfixes:
o GSS negotiate infinite loop on bad credentials
o memory leak in SCP/SFTP connections
o use pkg-config to find out libssh2 installation details in configure
+ o unparsable cookie expire dates make cookies get treated as session coookies
This release includes the following known bugs:
@@ -53,6 +54,6 @@ advice from friends like these:
Michal Marek, Eric Wong, Guenter Knauf, Peter Sylvester, Daniel Johnson,
Claes Jakobsson, Sven Anders, Chris Mumford, John P. McCaskey,
Constantine Sapuntzakis, Michael Stillwell, Tom Mueller, Dan Fandrich,
- Kevin Baughman, John Dennis, Ray Dassen, Johan van Selst
+ Kevin Baughman, John Dennis, Ray Dassen, Johan van Selst, Dima Barsky
Thanks! (and sorry if I forgot to mention someone)
diff --git a/lib/cookie.c b/lib/cookie.c
index d121c0b29..89f90f1d3 100644
--- a/lib/cookie.c
+++ b/lib/cookie.c
@@ -363,9 +363,8 @@ Curl_cookie_add(struct SessionHandle *data,
badcookie = TRUE;
break;
}
- /* Note that we store -1 in 'expires' here if the date couldn't
- get parsed for whatever reason. This will have the effect that
- the cookie won't match. */
+ /* Note that if the date couldn't get parsed for whatever reason,
+ the cookie will be treated as a session cookie */
co->expires = curl_getdate(what, &now);
/* Session cookies have expires set to 0 so if we get that back
@@ -373,6 +372,8 @@ Curl_cookie_add(struct SessionHandle *data,
non-session cookie */
if (co->expires == 0)
co->expires = 1;
+ else if( co->expires < 0 )
+ co->expires = 0;
}
else if(!co->name) {
co->name = strdup(name);
diff --git a/tests/data/test31 b/tests/data/test31
index 0432f56f9..d06bc1180 100644
--- a/tests/data/test31
+++ b/tests/data/test31
@@ -27,6 +27,7 @@ Set-Cookie: novalue; domain=reallysilly
Set-Cookie: test=yes; domain=foo.com; expires=Sat Feb 2 11:56:27 GMT 2030
Set-Cookie: test2=yes; domain=se; expires=Sat Feb 2 11:56:27 GMT 2030
Set-Cookie: magic=yessir; path=/silly/; HttpOnly
+Set-Cookie: blexp=yesyes; domain=.0.0.1; domain=.0.0.1; expiry=totally bad;
boo
</data>
@@ -71,6 +72,7 @@ Accept: */*
.127.0.0.1 TRUE / FALSE 0 partmatch present
127.0.0.1 FALSE /we/want/ FALSE 2054030187 nodomain value
#HttpOnly_127.0.0.1 FALSE /silly/ FALSE 0 magic yessir
+.0.0.1 TRUE /we/want/ FALSE 0 blexp yesyes
</file>
</verify>
</testcase>
diff --git a/tests/data/test8 b/tests/data/test8
index 959b8807e..6131894fd 100644
--- a/tests/data/test8
+++ b/tests/data/test8
@@ -41,6 +41,7 @@ Set-Cookie: partmatch=present; domain=.0.0.1; path=/;
Set-Cookie: duplicate=test; domain=.0.0.1; domain=.0.0.1; path=/donkey;
Set-Cookie: cookie=yes; path=/we;
Set-Cookie: nocookie=yes; path=/WE;
+Set-Cookie: blexp=yesyes; domain=.0.0.1; domain=.0.0.1; expiry=totally bad;
</file>
</client>
@@ -54,7 +55,7 @@ Set-Cookie: nocookie=yes; path=/WE;
GET /we/want/8 HTTP/1.1
Host: %HOSTIP:%HTTPPORT
Accept: */*
-Cookie: cookie=yes; partmatch=present; foobar=name
+Cookie: blexp=yesyes; cookie=yes; partmatch=present; foobar=name
</protocol>
</verify>