From 04f52e9b4db01bcbf672c9c69303a4e4ad0d0fb9 Mon Sep 17 00:00:00 2001
From: YAMADA Yasuharu <yasuharu.yamada@access-company.com>
Date: Sat, 18 May 2013 22:51:31 +0200
Subject: cookies: only consider full path matches

I found a bug which cURL sends cookies to the path not to aim at.
For example:
- cURL sends a request to http://example.fake/hoge/
- server returns cookie which with path=/hoge;
  the point is there is NOT the '/' end of path string.
- cURL sends a request to http://example.fake/hogege/ with the cookie.

The reason for this old "feature" is because that behavior is what is
described in the original netscape cookie spec:
http://curl.haxx.se/rfc/cookie_spec.html

The current cookie spec (RFC6265) clarifies the situation:
http://tools.ietf.org/html/rfc6265#section-5.2.4
---
 lib/cookie.c | 33 +++++++++++++++++++++++++++++----
 1 file changed, 29 insertions(+), 4 deletions(-)

(limited to 'lib')

diff --git a/lib/cookie.c b/lib/cookie.c
index a67204e6e..51c55de0a 100644
--- a/lib/cookie.c
+++ b/lib/cookie.c
@@ -143,6 +143,34 @@ static bool tailmatch(const char *cooke_domain, const char *hostname)
   return FALSE;
 }
 
+static bool pathmatch(const char* cookie_path, const char* url_path)
+{
+  size_t cookie_path_len = strlen(cookie_path);
+  size_t url_path_len = strlen(url_path);
+
+  if(url_path_len < cookie_path_len)
+    return FALSE;
+
+  /* not using checkprefix() because matching should be case-sensitive */
+  if(strncmp(cookie_path, url_path, cookie_path_len))
+    return FALSE;
+
+  /* it is true if cookie_path and url_path are the same */
+  if(cookie_path_len == url_path_len)
+    return TRUE;
+
+  /* here, cookie_path_len < url_path_len */
+
+  /* it is false if cookie path is /example and url path is /examples */
+  if(cookie_path[cookie_path_len - 1] != '/') {
+    if(url_path[cookie_path_len] != '/') {
+      return FALSE;
+    }
+  }
+  /* matching! */
+  return TRUE;
+}
+
 /*
  * Load cookies from all given cookie files (CURLOPT_COOKIEFILE).
  */
@@ -858,10 +886,7 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c,
 
         /* now check the left part of the path with the cookies path
            requirement */
-        if(!co->path ||
-           /* not using checkprefix() because matching should be
-              case-sensitive */
-           !strncmp(co->path, path, strlen(co->path)) ) {
+        if(!co->path || pathmatch(co->path, path) ) {
 
           /* and now, we know this is a match and we should create an
              entry for the return-linked-list */
-- 
cgit v1.2.3