From 2685041a5c285968696de639699fb39a0fdf8c69 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 1 Apr 2015 23:25:29 +0200 Subject: cookie: handle spaces after the name in Set-Cookie "name =value" is fine and the space should just be skipped. Updated test 31 to also test for this. Bug: https://github.com/bagder/curl/issues/195 Reported-by: cromestant Help-by: Frank Gevaerts --- lib/cookie.c | 2 +- tests/data/test31 | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/lib/cookie.c b/lib/cookie.c index f1450e905..0864f6bcf 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -407,7 +407,7 @@ Curl_cookie_add(struct SessionHandle *data, do { /* we have a = pair or a stand-alone word here */ name[0]=what[0]=0; /* init the buffers */ - if(1 <= sscanf(ptr, "%" MAX_NAME_TXT "[^;\r\n =]=%" + if(1 <= sscanf(ptr, "%" MAX_NAME_TXT "[^;\r\n =] =%" MAX_COOKIE_LINE_TXT "[^;\r\n]", name, what)) { /* Use strstore() below to properly deal with received cookie diff --git a/tests/data/test31 b/tests/data/test31 index dfcac0458..7cf556c0c 100644 --- a/tests/data/test31 +++ b/tests/data/test31 @@ -53,6 +53,10 @@ Set-Cookie: test2=yes; domain=se; expires=Sat Feb 2 11:56:27 GMT 2030 Set-Cookie: magic=yessir; path=/silly/; HttpOnly Set-Cookie: blexp=yesyes; domain=127.0.0.1; domain=127.0.0.1; expiry=totally bad; Set-Cookie: partialip=nono; domain=.0.0.1; +Set-Cookie: withspaces= yes within and around ; +Set-Cookie: withspaces2 =before equals; +Set-Cookie: prespace= yes before; +Set-Cookie: securewithspace=after ; secure = boo @@ -124,6 +128,10 @@ Accept: */* 127.0.0.1 FALSE /we/want/ FALSE 2054030187 nodomain value #HttpOnly_127.0.0.1 FALSE /silly/ FALSE 0 magic yessir 127.0.0.1 FALSE /we/want/ FALSE 0 blexp yesyes +127.0.0.1 FALSE /we/want/ FALSE 0 withspaces yes within and around +127.0.0.1 FALSE /we/want/ FALSE 0 withspaces2 before equals +127.0.0.1 FALSE /we/want/ FALSE 0 prespace yes before +127.0.0.1 FALSE /we/want/ TRUE 0 securewithspace after -- cgit v1.2.3