aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--CHANGES4
-rw-r--r--RELEASE-NOTES5
-rw-r--r--lib/cookie.c4
-rw-r--r--tests/data/test84
4 files changed, 13 insertions, 4 deletions
diff --git a/CHANGES b/CHANGES
index 574d513b5..a50f785a5 100644
--- a/CHANGES
+++ b/CHANGES
@@ -7,6 +7,10 @@
Changelog
Daniel (8 July 2006)
+- Ates Goral pointed out that libcurl's cookie parser did case insensitive
+ string comparisons on the path which is incorrect and provided a patch that
+ fixes this. I edited test case 8 to include details that test for this.
+
- Ingmar Runge provided a source snippet that caused a crash. The reason for
the crash was that libcurl internally was a bit confused about who owned the
DNS cache at all times so if you created an easy handle that uses a shared
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index d8c66cdd2..303ea8bbd 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -18,6 +18,7 @@ This release includes the following changes:
This release includes the following bugfixes:
+ o cookie parser now compares paths case sensitive
o an easy handle with shared DNS cache added to a multi handle caused a crash
o couldn't override the Proxy-Connection: header for non-CONNECT requests
o curl_multi_fdset() could wrongly return -1 as max_fd value
@@ -25,7 +26,7 @@ This release includes the following bugfixes:
Other curl-related news:
o yassl 1.3.7 can now be used with libcurl as an optional TLS library for
- HTTPS/FTPS support
+ HTTPS/FTPS support: http://www.yassl.com/
o cURLpp 0.6.0 was released: http://rrette.com/curlpp.html
o pycurl-7.15.4 was released: http://pycurl.sf.net
@@ -37,6 +38,6 @@ This release would not have looked like this without help, code, reports and
advice from friends like these:
Dan Fandrich, Peter Silva, Arve Knudsen, Michael Wallner, Toshiyuki Maezawa,
- Ingmar Runge
+ Ingmar Runge, Ates Goral
Thanks! (and sorry if I forgot to mention someone)
diff --git a/lib/cookie.c b/lib/cookie.c
index d934868ca..00f7b0fa7 100644
--- a/lib/cookie.c
+++ b/lib/cookie.c
@@ -760,7 +760,9 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c,
/* now check the left part of the path with the cookies path
requirement */
if(!co->path ||
- checkprefix(co->path, path) ) {
+ /* not using checkprefix() because matching should be
+ case-sensitive */
+ !strncmp(co->path, path, strlen(co->path)) ) {
/* and now, we know this is a match and we should create an
entry for the return-linked-list */
diff --git a/tests/data/test8 b/tests/data/test8
index 683899ae1..50c5d4f2b 100644
--- a/tests/data/test8
+++ b/tests/data/test8
@@ -37,6 +37,8 @@ Funny-head: yesyes
Set-Cookie: foobar=name; domain=127.0.0.1; path=/;
Set-Cookie: mismatch=this; domain=127.0.0.1; path="/silly/";
Set-Cookie: partmatch=present; domain=.0.0.1; path=/;
+Set-Cookie: cookie=yes; path=/we;
+Set-Cookie: nocookie=yes; path=/WE;
</file>
</client>
@@ -50,7 +52,7 @@ Set-Cookie: partmatch=present; domain=.0.0.1; path=/;
GET /we/want/8 HTTP/1.1
Host: 127.0.0.1:%HTTPPORT
Accept: */*
-Cookie: partmatch=present; foobar=name
+Cookie: cookie=yes; partmatch=present; foobar=name
</protocol>
</verify>
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-24 15:34:30 +0000