diff options
author | Daniel Stenberg <daniel@haxx.se> | 2019-09-27 09:41:43 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2019-09-28 18:10:43 +0200 |
commit | d0a7ee3f613b0c3f2370c6cc81e5aafef67120f0 (patch) | |
tree | 84313021ed566a898a897112ddc7982e2e89a00d /lib | |
parent | ed735091574122fd5b2f5bac1edc56d5f03aa969 (diff) |
cookies: using a share with cookies shouldn't enable the cookie engine
The 'share object' only sets the storage area for cookies. The "cookie
engine" still needs to be enabled or activated using the normal cookie
options.
This caused the curl command line tool to accidentally use cookies
without having been told to, since curl switched to using shared cookies
in 7.66.0.
Test 1166 verifies
Updated test 506
Fixes #4429
Closes #4434
Diffstat (limited to 'lib')
-rw-r--r-- | lib/cookie.c | 4 | ||||
-rw-r--r-- | lib/http.c | 4 | ||||
-rw-r--r-- | lib/urldata.h | 1 |
3 files changed, 7 insertions, 2 deletions
diff --git a/lib/cookie.c b/lib/cookie.c index 0e71129de..f6b52df2f 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -1090,6 +1090,8 @@ Curl_cookie_add(struct Curl_easy *data, * * If 'newsession' is TRUE, discard all "session cookies" on read from file. * + * Note that 'data' might be called as NULL pointer. + * * Returns NULL on out of memory. Invalid cookies are ignored. ****************************************************************************/ struct CookieInfo *Curl_cookie_init(struct Curl_easy *data, @@ -1160,6 +1162,8 @@ struct CookieInfo *Curl_cookie_init(struct Curl_easy *data, } c->running = TRUE; /* now, we're running */ + if(data) + data->state.cookie_engine = TRUE; return c; diff --git a/lib/http.c b/lib/http.c index 9719b28ef..4631a7f36 100644 --- a/lib/http.c +++ b/lib/http.c @@ -2676,7 +2676,7 @@ CURLcode Curl_http(struct connectdata *conn, bool *done) struct Cookie *co = NULL; /* no cookies from start */ int count = 0; - if(data->cookies) { + if(data->cookies && data->state.cookie_engine) { Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE); co = Curl_cookie_getlist(data->cookies, conn->allocptr.cookiehost? @@ -4013,7 +4013,7 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, data->state.resume_from = 0; /* get everything */ } #if !defined(CURL_DISABLE_COOKIES) - else if(data->cookies && + else if(data->cookies && data->state.cookie_engine && checkprefix("Set-Cookie:", k->p)) { Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE); diff --git a/lib/urldata.h b/lib/urldata.h index 2700bc2a6..f9365b2e6 100644 --- a/lib/urldata.h +++ b/lib/urldata.h @@ -1397,6 +1397,7 @@ struct UrlState { invoked twice when the multi interface is used. */ BIT(stream_depends_e); /* set or don't set the Exclusive bit */ BIT(previouslypending); /* this transfer WAS in the multi->pending queue */ + BIT(cookie_engine); }; |