diff options
-rw-r--r-- | configure.ac | 23 | ||||
-rw-r--r-- | lib/cookie.c | 21 | ||||
-rw-r--r-- | lib/version.c | 9 | ||||
-rw-r--r-- | src/tool_help.c | 3 | ||||
-rw-r--r-- | tests/data/Makefile.inc | 1 | ||||
-rw-r--r-- | tests/data/test1136 | 60 | ||||
-rwxr-xr-x | tests/runtests.pl | 18 |
7 files changed, 134 insertions, 1 deletions
diff --git a/configure.ac b/configure.ac index 0ee4943f5..549cd96ff 100644 --- a/configure.ac +++ b/configure.ac @@ -167,6 +167,7 @@ curl_verbose_msg="enabled (--disable-verbose)" curl_rtsp_msg="no (--enable-rtsp)" curl_rtmp_msg="no (--with-librtmp)" curl_mtlnk_msg="no (--with-libmetalink)" + curl_psl_msg="no (--with-libpsl)" init_ssl_msg=${curl_ssl_msg} @@ -2315,6 +2316,27 @@ dnl ********************************************************************** CURL_CHECK_CA_BUNDLE dnl ********************************************************************** +dnl Check for libpsl +dnl ********************************************************************** + +AC_ARG_WITH(libpsl, + AS_HELP_STRING([--without-libpsl], + [disable support for libpsl cookie checking]), + with_libpsl=$withval, + with_libpsl=yes) +if test $with_libpsl != "no"; then + AC_SEARCH_LIBS(psl_builtin, psl, + [curl_psl_msg="yes"; + AC_DEFINE([USE_LIBPSL], [1], [PSL support enabled]) + ], + [curl_psl_msg="no (libpsl not found)"; + AC_MSG_WARN([libpsl was not found]) + ] + ) +fi +AM_CONDITIONAL([USE_LIBPSL], [test "$curl_psl_msg" = "yes"]) + +dnl ********************************************************************** dnl Check for libmetalink dnl ********************************************************************** @@ -3742,6 +3764,7 @@ AC_MSG_NOTICE([Configured to build curl/libcurl: RTSP support: ${curl_rtsp_msg} RTMP support: ${curl_rtmp_msg} metalink support: ${curl_mtlnk_msg} + PSL support: ${curl_psl_msg} HTTP2 support: ${curl_h2_msg} Protocols: ${SUPPORT_PROTOCOLS} ]) diff --git a/lib/cookie.c b/lib/cookie.c index 22730cff4..57a0441f6 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -84,6 +84,10 @@ Example set of cookies: #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES) +#ifdef USE_LIBPSL +# include <libpsl.h> +#endif + #include "curl_printf.h" #include "urldata.h" #include "cookie.h" @@ -379,6 +383,10 @@ Curl_cookie_add(struct SessionHandle *data, bool replace_old = FALSE; bool badcookie = FALSE; /* cookies are good by default. mmmmm yummy */ +#ifdef USE_LIBPSL + const psl_ctx_t *psl; +#endif + #ifdef CURL_DISABLE_VERBOSE_STRINGS (void)data; #endif @@ -777,6 +785,19 @@ Curl_cookie_add(struct SessionHandle *data, /* at first, remove expired cookies */ remove_expired(c); +#ifdef USE_LIBPSL + /* Check if the domain is a Public Suffix and if yes, ignore the cookie. + This needs a libpsl compiled with builtin data. */ + if(co->domain && !isip(co->domain) && (psl = psl_builtin()) != NULL) { + if(psl_is_public_suffix(psl, co->domain)) { + infof(data, "cookie '%s' dropped, domain '%s' is a public suffix\n", + co->name, co->domain); + freecookie(co); + return NULL; + } + } +#endif + clist = c->cookies; replace_old = FALSE; while(clist) { diff --git a/lib/version.c b/lib/version.c index 1727c5a7d..8784c2b01 100644 --- a/lib/version.c +++ b/lib/version.c @@ -40,6 +40,10 @@ #include <stringprep.h> #endif +#ifdef USE_LIBPSL +#include <libpsl.h> +#endif + #if defined(HAVE_ICONV) && defined(CURL_DOES_CONVERSIONS) #include <iconv.h> #endif @@ -100,6 +104,11 @@ char *curl_version(void) ptr += len; } #endif +#ifdef USE_LIBPSL + len = snprintf(ptr, left, " libpsl/%s", psl_get_version()); + left -= len; + ptr += len; +#endif #ifdef USE_WIN32_IDN len = snprintf(ptr, left, " WinIDN"); left -= len; diff --git a/src/tool_help.c b/src/tool_help.c index 355fe7d7b..4f569cde6 100644 --- a/src/tool_help.c +++ b/src/tool_help.c @@ -317,6 +317,9 @@ void tool_version_info(void) #ifdef USE_METALINK printf("Metalink "); #endif +#ifdef USE_LIBPSL + printf("PSL "); +#endif puts(""); /* newline */ } } diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc index d84b4e2a7..b053534e8 100644 --- a/tests/data/Makefile.inc +++ b/tests/data/Makefile.inc @@ -118,6 +118,7 @@ test1104 test1105 test1106 test1107 test1108 test1109 test1110 test1111 \ test1112 test1113 test1114 test1115 test1116 test1117 test1118 test1119 \ test1120 test1121 test1122 test1123 test1124 test1125 test1126 test1127 \ test1128 test1129 test1130 test1131 test1132 test1133 test1134 test1135 \ +test1136 \ \ test1200 test1201 test1202 test1203 test1204 test1205 test1206 test1207 \ test1208 test1209 test1210 test1211 test1212 test1213 test1214 test1215 \ diff --git a/tests/data/test1136 b/tests/data/test1136 new file mode 100644 index 000000000..16c48b2a3 --- /dev/null +++ b/tests/data/test1136 @@ -0,0 +1,60 @@ +<testcase> +<info> +<keywords> +HTTP +HTTP GET +HTTP proxy +cookies +cookiejar +PSL +</keywords> +</info> + +# Server-side +<reply> +<data> +HTTP/1.1 200 OK +Date: Thu, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Content-Length: 4 +Content-Type: text/html +Funny-head: yesyes +Set-Cookie: test1=forbidden1; domain=example.ck; path=/; +Set-Cookie: test2=allowed2; domain=www.example.ck; path=/; +Set-Cookie: test3=forbidden3; domain=ck; path=/; +Set-Cookie: test4=allowed4; domain=www.ck; path=/; +Set-Cookie: test5=forbidden5; domain=z-1.compute-1.amazonaws.com; path=/; + +boo +</data> +</reply> + +# Client-side +<client> +<server> +http +</server> +<name> +Check cookies against PSL +</name> +<setenv> +TZ=GMT +</setenv> +<command> +http://www.example.ck/1136 http://www.ck/1136 http://z-1.compute-1.amazonaws.com/1136 -b none -c log/jar1136.txt -x %HOSTIP:%HTTPPORT +</command> + +</client> + +# Verify data after the test has been "shot" +<verify> +<file name="log/jar1136.txt" mode="text"> +# Netscape HTTP Cookie File +# http://curl.haxx.se/docs/http-cookies.html +# This file was generated by libcurl! Edit at your own risk. + +.www.example.ck TRUE / FALSE 0 test2 allowed2 +.www.ck TRUE / FALSE 0 test4 allowed4 +</file> +</verify> +</testcase> diff --git a/tests/runtests.pl b/tests/runtests.pl index 77ec672d9..dc4b71cdf 100755 --- a/tests/runtests.pl +++ b/tests/runtests.pl @@ -224,6 +224,7 @@ my $has_http2; # set if libcurl is built with HTTP2 support my $has_crypto; # set if libcurl is built with cryptographic support my $has_cares; # set if built with c-ares my $has_threadedres;# set if built with threaded resolver +my $has_psl; # set if libcurl is built with PSL support # this version is decided by the particular nghttp2 library that is being used my $h2cver = "h2c"; @@ -2474,6 +2475,10 @@ sub checksystem { # Metalink enabled $has_metalink=1; } + if($feat =~ /PSL/i) { + # PSL enabled + $has_psl=1; + } if($feat =~ /AsynchDNS/i) { if(!$has_cares) { # this means threaded resolver @@ -2599,8 +2604,9 @@ sub checksystem { logmsg sprintf("* HTTP Unix %s\n", $http_unix?"ON ":"OFF"); logmsg sprintf("* FTP IPv6 %8s", $ftp_ipv6?"ON ":"OFF"); logmsg sprintf(" Libtool lib: %s\n", $libtool?"ON ":"OFF"); - logmsg sprintf("* Shared build: %-3s", $has_shared); + logmsg sprintf("* PSL: %8s", $has_psl?"ON ":"OFF"); logmsg sprintf(" Resolver: %s\n", $resolver); + if($ssl_version) { logmsg sprintf("* SSL library: %13s\n", $ssllib); } @@ -2981,6 +2987,11 @@ sub singletest { next; } } + elsif($1 eq "PSL") { + if($has_psl) { + next; + } + } elsif($1 eq "socks") { next; } @@ -3117,6 +3128,11 @@ sub singletest { next; } } + elsif($1 eq "PSL") { + if(!$has_psl) { + next; + } + } else { next; } |