2002-09-03 07:52:59 -04:00
|
|
|
|
/***************************************************************************
|
2004-05-12 08:04:38 -04:00
|
|
|
|
* _ _ ____ _
|
|
|
|
|
* Project ___| | | | _ \| |
|
|
|
|
|
* / __| | | | |_) | |
|
|
|
|
|
* | (__| |_| | _ <| |___
|
2001-01-03 04:29:33 -05:00
|
|
|
|
* \___|\___/|_| \_\_____|
|
|
|
|
|
*
|
2017-01-27 06:59:12 -05:00
|
|
|
|
* Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
|
2001-01-03 04:29:33 -05:00
|
|
|
|
*
|
2002-09-03 07:52:59 -04:00
|
|
|
|
* This software is licensed as described in the file COPYING, which
|
|
|
|
|
* you should have received as part of this distribution. The terms
|
2016-02-02 18:19:02 -05:00
|
|
|
|
* are also available at https://curl.haxx.se/docs/copyright.html.
|
2004-05-12 08:04:38 -04:00
|
|
|
|
*
|
2001-01-03 04:29:33 -05:00
|
|
|
|
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
|
|
|
|
|
* copies of the Software, and permit persons to whom the Software is
|
2002-09-03 07:52:59 -04:00
|
|
|
|
* furnished to do so, under the terms of the COPYING file.
|
2001-01-03 04:29:33 -05:00
|
|
|
|
*
|
|
|
|
|
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
|
|
|
|
|
* KIND, either express or implied.
|
|
|
|
|
*
|
2002-09-03 07:52:59 -04:00
|
|
|
|
***************************************************************************/
|
1999-12-29 09:20:26 -05:00
|
|
|
|
|
|
|
|
|
/***
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
RECEIVING COOKIE INFORMATION
|
|
|
|
|
============================
|
|
|
|
|
|
2016-06-21 09:47:12 -04:00
|
|
|
|
struct CookieInfo *Curl_cookie_init(struct Curl_easy *data,
|
2014-12-07 06:22:52 -05:00
|
|
|
|
const char *file, struct CookieInfo *inc, bool newsession);
|
2004-05-12 08:04:38 -04:00
|
|
|
|
|
2004-10-06 03:50:18 -04:00
|
|
|
|
Inits a cookie struct to store data in a local file. This is always
|
|
|
|
|
called before any cookies are set.
|
1999-12-29 09:20:26 -05:00
|
|
|
|
|
2016-06-21 09:47:12 -04:00
|
|
|
|
struct Cookie *Curl_cookie_add(struct Curl_easy *data,
|
2014-12-07 06:22:52 -05:00
|
|
|
|
struct CookieInfo *c, bool httpheader, char *lineptr,
|
|
|
|
|
const char *domain, const char *path);
|
1999-12-29 09:20:26 -05:00
|
|
|
|
|
2014-12-07 06:22:52 -05:00
|
|
|
|
The 'lineptr' parameter is a full "Set-cookie:" line as
|
2004-10-06 03:50:18 -04:00
|
|
|
|
received from a server.
|
1999-12-29 09:20:26 -05:00
|
|
|
|
|
2004-10-06 03:50:18 -04:00
|
|
|
|
The function need to replace previously stored lines that this new
|
|
|
|
|
line superceeds.
|
1999-12-29 09:20:26 -05:00
|
|
|
|
|
2004-10-06 03:50:18 -04:00
|
|
|
|
It may remove lines that are expired.
|
1999-12-29 09:20:26 -05:00
|
|
|
|
|
2004-10-06 03:50:18 -04:00
|
|
|
|
It should return an indication of success/error.
|
1999-12-29 09:20:26 -05:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
SENDING COOKIE INFORMATION
|
|
|
|
|
==========================
|
|
|
|
|
|
2014-12-07 06:22:52 -05:00
|
|
|
|
struct Cookies *Curl_cookie_getlist(struct CookieInfo *cookie,
|
|
|
|
|
char *host, char *path, bool secure);
|
1999-12-29 09:20:26 -05:00
|
|
|
|
|
2004-10-06 03:50:18 -04:00
|
|
|
|
For a given host and path, return a linked list of cookies that
|
|
|
|
|
the client should send to the server if used now. The secure
|
|
|
|
|
boolean informs the cookie if a secure connection is achieved or
|
|
|
|
|
not.
|
1999-12-29 09:20:26 -05:00
|
|
|
|
|
2004-10-06 03:50:18 -04:00
|
|
|
|
It shall only return cookies that haven't expired.
|
1999-12-29 09:20:26 -05:00
|
|
|
|
|
2004-05-12 08:04:38 -04:00
|
|
|
|
|
1999-12-29 09:20:26 -05:00
|
|
|
|
Example set of cookies:
|
2004-05-12 08:04:38 -04:00
|
|
|
|
|
1999-12-29 09:20:26 -05:00
|
|
|
|
Set-cookie: PRODUCTINFO=webxpress; domain=.fidelity.com; path=/; secure
|
|
|
|
|
Set-cookie: PERSONALIZE=none;expires=Monday, 13-Jun-1988 03:04:55 GMT;
|
|
|
|
|
domain=.fidelity.com; path=/ftgw; secure
|
|
|
|
|
Set-cookie: FidHist=none;expires=Monday, 13-Jun-1988 03:04:55 GMT;
|
|
|
|
|
domain=.fidelity.com; path=/; secure
|
|
|
|
|
Set-cookie: FidOrder=none;expires=Monday, 13-Jun-1988 03:04:55 GMT;
|
|
|
|
|
domain=.fidelity.com; path=/; secure
|
|
|
|
|
Set-cookie: DisPend=none;expires=Monday, 13-Jun-1988 03:04:55 GMT;
|
|
|
|
|
domain=.fidelity.com; path=/; secure
|
|
|
|
|
Set-cookie: FidDis=none;expires=Monday, 13-Jun-1988 03:04:55 GMT;
|
|
|
|
|
domain=.fidelity.com; path=/; secure
|
|
|
|
|
Set-cookie:
|
|
|
|
|
Session_Key@6791a9e0-901a-11d0-a1c8-9b012c88aa77=none;expires=Monday,
|
|
|
|
|
13-Jun-1988 03:04:55 GMT; domain=.fidelity.com; path=/; secure
|
|
|
|
|
****/
|
|
|
|
|
|
2003-03-31 10:59:17 -05:00
|
|
|
|
|
2013-01-06 13:06:49 -05:00
|
|
|
|
#include "curl_setup.h"
|
2000-08-24 10:26:33 -04:00
|
|
|
|
|
2004-12-05 18:59:32 -05:00
|
|
|
|
#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES)
|
2002-06-11 07:13:01 -04:00
|
|
|
|
|
2015-09-29 05:33:01 -04:00
|
|
|
|
#ifdef USE_LIBPSL
|
|
|
|
|
# include <libpsl.h>
|
|
|
|
|
#endif
|
|
|
|
|
|
2013-01-03 20:50:28 -05:00
|
|
|
|
#include "urldata.h"
|
|
|
|
|
#include "cookie.h"
|
|
|
|
|
#include "strtok.h"
|
|
|
|
|
#include "sendf.h"
|
2013-07-15 10:53:43 -04:00
|
|
|
|
#include "slist.h"
|
2013-01-03 20:50:28 -05:00
|
|
|
|
#include "share.h"
|
|
|
|
|
#include "strtoofft.h"
|
2016-09-30 12:54:02 -04:00
|
|
|
|
#include "strcase.h"
|
2009-09-28 12:05:20 -04:00
|
|
|
|
#include "curl_memrchr.h"
|
2014-08-19 15:01:28 -04:00
|
|
|
|
#include "inet_pton.h"
|
1999-12-29 09:20:26 -05:00
|
|
|
|
|
2016-04-29 09:46:40 -04:00
|
|
|
|
/* The last 3 #include files should be in this order */
|
|
|
|
|
#include "curl_printf.h"
|
2015-03-24 18:12:03 -04:00
|
|
|
|
#include "curl_memory.h"
|
2013-01-03 20:50:28 -05:00
|
|
|
|
#include "memdebug.h"
|
2000-10-09 07:12:34 -04:00
|
|
|
|
|
2004-05-12 08:04:38 -04:00
|
|
|
|
static void freecookie(struct Cookie *co)
|
2002-05-07 05:58:13 -04:00
|
|
|
|
{
|
2015-03-11 12:41:01 -04:00
|
|
|
|
free(co->expirestr);
|
|
|
|
|
free(co->domain);
|
|
|
|
|
free(co->path);
|
|
|
|
|
free(co->spath);
|
|
|
|
|
free(co->name);
|
|
|
|
|
free(co->value);
|
|
|
|
|
free(co->maxage);
|
|
|
|
|
free(co->version);
|
2002-05-07 05:58:13 -04:00
|
|
|
|
free(co);
|
|
|
|
|
}
|
|
|
|
|
|
2013-04-10 18:17:15 -04:00
|
|
|
|
static bool tailmatch(const char *cooke_domain, const char *hostname)
|
2003-04-30 13:03:43 -04:00
|
|
|
|
{
|
2013-04-10 18:17:15 -04:00
|
|
|
|
size_t cookie_domain_len = strlen(cooke_domain);
|
|
|
|
|
size_t hostname_len = strlen(hostname);
|
2003-04-30 13:03:43 -04:00
|
|
|
|
|
2013-04-10 18:17:15 -04:00
|
|
|
|
if(hostname_len < cookie_domain_len)
|
2003-04-30 13:03:43 -04:00
|
|
|
|
return FALSE;
|
|
|
|
|
|
2016-09-30 12:54:02 -04:00
|
|
|
|
if(!strcasecompare(cooke_domain, hostname+hostname_len-cookie_domain_len))
|
2013-04-10 18:17:15 -04:00
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
|
|
/* A lead char of cookie_domain is not '.'.
|
|
|
|
|
RFC6265 4.1.2.3. The Domain Attribute says:
|
|
|
|
|
For example, if the value of the Domain attribute is
|
|
|
|
|
"example.com", the user agent will include the cookie in the Cookie
|
|
|
|
|
header when making HTTP requests to example.com, www.example.com, and
|
|
|
|
|
www.corp.example.com.
|
|
|
|
|
*/
|
|
|
|
|
if(hostname_len == cookie_domain_len)
|
|
|
|
|
return TRUE;
|
|
|
|
|
if('.' == *(hostname + hostname_len - cookie_domain_len - 1))
|
|
|
|
|
return TRUE;
|
|
|
|
|
return FALSE;
|
2003-04-30 13:03:43 -04:00
|
|
|
|
}
|
|
|
|
|
|
2013-06-12 05:19:56 -04:00
|
|
|
|
/*
|
|
|
|
|
* matching cookie path and url path
|
|
|
|
|
* RFC6265 5.1.4 Paths and Path-Match
|
|
|
|
|
*/
|
2016-11-23 01:53:24 -05:00
|
|
|
|
static bool pathmatch(const char *cookie_path, const char *request_uri)
|
2013-05-18 16:51:31 -04:00
|
|
|
|
{
|
2013-06-12 05:19:56 -04:00
|
|
|
|
size_t cookie_path_len;
|
|
|
|
|
size_t uri_path_len;
|
2016-11-23 01:53:24 -05:00
|
|
|
|
char *uri_path = NULL;
|
|
|
|
|
char *pos;
|
2013-06-12 05:19:56 -04:00
|
|
|
|
bool ret = FALSE;
|
|
|
|
|
|
|
|
|
|
/* cookie_path must not have last '/' separator. ex: /sample */
|
|
|
|
|
cookie_path_len = strlen(cookie_path);
|
|
|
|
|
if(1 == cookie_path_len) {
|
|
|
|
|
/* cookie_path must be '/' */
|
|
|
|
|
return TRUE;
|
|
|
|
|
}
|
2013-05-18 16:51:31 -04:00
|
|
|
|
|
2013-06-12 05:19:56 -04:00
|
|
|
|
uri_path = strdup(request_uri);
|
|
|
|
|
if(!uri_path)
|
2013-05-18 16:51:31 -04:00
|
|
|
|
return FALSE;
|
2013-06-12 05:19:56 -04:00
|
|
|
|
pos = strchr(uri_path, '?');
|
|
|
|
|
if(pos)
|
|
|
|
|
*pos = 0x0;
|
|
|
|
|
|
|
|
|
|
/* #-fragments are already cut off! */
|
|
|
|
|
if(0 == strlen(uri_path) || uri_path[0] != '/') {
|
|
|
|
|
free(uri_path);
|
|
|
|
|
uri_path = strdup("/");
|
|
|
|
|
if(!uri_path)
|
|
|
|
|
return FALSE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* here, RFC6265 5.1.4 says
|
|
|
|
|
4. Output the characters of the uri-path from the first character up
|
|
|
|
|
to, but not including, the right-most %x2F ("/").
|
|
|
|
|
but URL path /hoge?fuga=xxx means /hoge/index.cgi?fuga=xxx in some site
|
|
|
|
|
without redirect.
|
|
|
|
|
Ignore this algorithm because /hoge is uri path for this case
|
|
|
|
|
(uri path is not /).
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
uri_path_len = strlen(uri_path);
|
|
|
|
|
|
|
|
|
|
if(uri_path_len < cookie_path_len) {
|
|
|
|
|
ret = FALSE;
|
|
|
|
|
goto pathmatched;
|
|
|
|
|
}
|
2013-05-18 16:51:31 -04:00
|
|
|
|
|
|
|
|
|
/* not using checkprefix() because matching should be case-sensitive */
|
2013-06-12 05:19:56 -04:00
|
|
|
|
if(strncmp(cookie_path, uri_path, cookie_path_len)) {
|
|
|
|
|
ret = FALSE;
|
|
|
|
|
goto pathmatched;
|
|
|
|
|
}
|
2013-05-18 16:51:31 -04:00
|
|
|
|
|
2013-06-12 05:19:56 -04:00
|
|
|
|
/* The cookie-path and the uri-path are identical. */
|
|
|
|
|
if(cookie_path_len == uri_path_len) {
|
|
|
|
|
ret = TRUE;
|
|
|
|
|
goto pathmatched;
|
|
|
|
|
}
|
2013-05-18 16:51:31 -04:00
|
|
|
|
|
|
|
|
|
/* here, cookie_path_len < url_path_len */
|
2013-06-12 05:19:56 -04:00
|
|
|
|
if(uri_path[cookie_path_len] == '/') {
|
|
|
|
|
ret = TRUE;
|
|
|
|
|
goto pathmatched;
|
|
|
|
|
}
|
2013-05-18 16:51:31 -04:00
|
|
|
|
|
2013-06-12 05:19:56 -04:00
|
|
|
|
ret = FALSE;
|
|
|
|
|
|
|
|
|
|
pathmatched:
|
|
|
|
|
free(uri_path);
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* cookie path sanitize
|
|
|
|
|
*/
|
|
|
|
|
static char *sanitize_cookie_path(const char *cookie_path)
|
|
|
|
|
{
|
|
|
|
|
size_t len;
|
|
|
|
|
char *new_path = strdup(cookie_path);
|
|
|
|
|
if(!new_path)
|
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
|
|
/* some stupid site sends path attribute with '"'. */
|
2015-04-16 10:37:40 -04:00
|
|
|
|
len = strlen(new_path);
|
2013-06-12 05:19:56 -04:00
|
|
|
|
if(new_path[0] == '\"') {
|
2015-04-16 10:37:40 -04:00
|
|
|
|
memmove((void *)new_path, (const void *)(new_path + 1), len);
|
|
|
|
|
len--;
|
2013-06-12 05:19:56 -04:00
|
|
|
|
}
|
2015-04-16 10:37:40 -04:00
|
|
|
|
if(len && (new_path[len - 1] == '\"')) {
|
|
|
|
|
new_path[len - 1] = 0x0;
|
|
|
|
|
len--;
|
2013-06-12 05:19:56 -04:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* RFC6265 5.2.4 The Path Attribute */
|
|
|
|
|
if(new_path[0] != '/') {
|
|
|
|
|
/* Let cookie-path be the default-path. */
|
|
|
|
|
free(new_path);
|
|
|
|
|
new_path = strdup("/");
|
|
|
|
|
return new_path;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* convert /hoge/ to /hoge */
|
2015-04-16 10:37:40 -04:00
|
|
|
|
if(len && new_path[len - 1] == '/') {
|
2013-06-12 05:19:56 -04:00
|
|
|
|
new_path[len - 1] = 0x0;
|
2013-05-18 16:51:31 -04:00
|
|
|
|
}
|
2013-06-12 05:19:56 -04:00
|
|
|
|
|
|
|
|
|
return new_path;
|
2013-05-18 16:51:31 -04:00
|
|
|
|
}
|
|
|
|
|
|
2005-08-17 04:55:43 -04:00
|
|
|
|
/*
|
|
|
|
|
* Load cookies from all given cookie files (CURLOPT_COOKIEFILE).
|
2014-12-07 06:24:29 -05:00
|
|
|
|
*
|
|
|
|
|
* NOTE: OOM or cookie parsing failures are ignored.
|
2005-08-17 04:55:43 -04:00
|
|
|
|
*/
|
2016-06-21 09:47:12 -04:00
|
|
|
|
void Curl_cookie_loadfiles(struct Curl_easy *data)
|
2005-08-17 04:55:43 -04:00
|
|
|
|
{
|
|
|
|
|
struct curl_slist *list = data->change.cookielist;
|
|
|
|
|
if(list) {
|
|
|
|
|
Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE);
|
|
|
|
|
while(list) {
|
2014-12-07 06:24:29 -05:00
|
|
|
|
struct CookieInfo *newcookies = Curl_cookie_init(data,
|
|
|
|
|
list->data,
|
|
|
|
|
data->cookies,
|
|
|
|
|
data->set.cookiesession);
|
|
|
|
|
if(!newcookies)
|
|
|
|
|
/* Failure may be due to OOM or a bad cookie; both are ignored
|
|
|
|
|
* but only the first should be
|
|
|
|
|
*/
|
|
|
|
|
infof(data, "ignoring failed cookie_init for %s\n", list->data);
|
|
|
|
|
else
|
|
|
|
|
data->cookies = newcookies;
|
2005-08-17 04:55:43 -04:00
|
|
|
|
list = list->next;
|
|
|
|
|
}
|
|
|
|
|
curl_slist_free_all(data->change.cookielist); /* clean up list */
|
|
|
|
|
data->change.cookielist = NULL; /* don't do this again! */
|
2011-10-11 13:41:30 -04:00
|
|
|
|
Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE);
|
2005-08-17 04:55:43 -04:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2009-05-25 08:23:22 -04:00
|
|
|
|
/*
|
|
|
|
|
* strstore() makes a strdup() on the 'newstr' and if '*str' is non-NULL
|
|
|
|
|
* that will be freed before the allocated string is stored there.
|
|
|
|
|
*
|
|
|
|
|
* It is meant to easily replace strdup()
|
|
|
|
|
*/
|
|
|
|
|
static void strstore(char **str, const char *newstr)
|
|
|
|
|
{
|
2015-03-11 12:41:01 -04:00
|
|
|
|
free(*str);
|
2009-05-25 08:23:22 -04:00
|
|
|
|
*str = strdup(newstr);
|
|
|
|
|
}
|
|
|
|
|
|
2013-09-17 02:51:22 -04:00
|
|
|
|
/*
|
|
|
|
|
* remove_expired() removes expired cookies.
|
|
|
|
|
*/
|
|
|
|
|
static void remove_expired(struct CookieInfo *cookies)
|
|
|
|
|
{
|
|
|
|
|
struct Cookie *co, *nx, *pv;
|
|
|
|
|
curl_off_t now = (curl_off_t)time(NULL);
|
|
|
|
|
|
|
|
|
|
co = cookies->cookies;
|
|
|
|
|
pv = NULL;
|
|
|
|
|
while(co) {
|
|
|
|
|
nx = co->next;
|
2016-03-05 13:35:17 -05:00
|
|
|
|
if(co->expires && co->expires < now) {
|
2013-09-17 02:51:22 -04:00
|
|
|
|
if(co == cookies->cookies) {
|
|
|
|
|
cookies->cookies = co->next;
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
pv->next = co->next;
|
|
|
|
|
}
|
|
|
|
|
cookies->numcookies--;
|
|
|
|
|
freecookie(co);
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
pv = co;
|
|
|
|
|
}
|
|
|
|
|
co = nx;
|
|
|
|
|
}
|
|
|
|
|
}
|
2009-09-26 16:51:51 -04:00
|
|
|
|
|
2014-08-19 15:01:28 -04:00
|
|
|
|
/*
|
|
|
|
|
* Return true if the given string is an IP(v4|v6) address.
|
|
|
|
|
*/
|
|
|
|
|
static bool isip(const char *domain)
|
|
|
|
|
{
|
|
|
|
|
struct in_addr addr;
|
|
|
|
|
#ifdef ENABLE_IPV6
|
|
|
|
|
struct in6_addr addr6;
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
if(Curl_inet_pton(AF_INET, domain, &addr)
|
|
|
|
|
#ifdef ENABLE_IPV6
|
|
|
|
|
|| Curl_inet_pton(AF_INET6, domain, &addr6)
|
|
|
|
|
#endif
|
|
|
|
|
) {
|
|
|
|
|
/* domain name given as IP address */
|
|
|
|
|
return TRUE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return FALSE;
|
|
|
|
|
}
|
|
|
|
|
|
1999-12-29 09:20:26 -05:00
|
|
|
|
/****************************************************************************
|
|
|
|
|
*
|
2001-08-23 10:05:25 -04:00
|
|
|
|
* Curl_cookie_add()
|
1999-12-29 09:20:26 -05:00
|
|
|
|
*
|
|
|
|
|
* Add a single cookie line to the cookie keeping object.
|
|
|
|
|
*
|
2013-05-21 17:28:59 -04:00
|
|
|
|
* Be aware that sometimes we get an IP-only host name, and that might also be
|
|
|
|
|
* a numerical IPv6 address.
|
|
|
|
|
*
|
2014-12-07 06:24:29 -05:00
|
|
|
|
* Returns NULL on out of memory or invalid cookie. This is suboptimal,
|
|
|
|
|
* as they should be treated separately.
|
1999-12-29 09:20:26 -05:00
|
|
|
|
***************************************************************************/
|
|
|
|
|
|
2001-01-05 05:11:41 -05:00
|
|
|
|
struct Cookie *
|
2016-06-21 09:47:12 -04:00
|
|
|
|
Curl_cookie_add(struct Curl_easy *data,
|
2003-08-11 05:55:11 -04:00
|
|
|
|
/* The 'data' pointer here may be NULL at times, and thus
|
|
|
|
|
must only be used very carefully for things that can deal
|
|
|
|
|
with data being NULL. Such as infof() and similar */
|
2004-05-12 08:04:38 -04:00
|
|
|
|
|
2003-08-11 05:55:11 -04:00
|
|
|
|
struct CookieInfo *c,
|
2001-01-05 05:11:41 -05:00
|
|
|
|
bool httpheader, /* TRUE if HTTP header-style line */
|
2002-07-29 18:22:49 -04:00
|
|
|
|
char *lineptr, /* first character of the line */
|
2007-08-29 01:36:53 -04:00
|
|
|
|
const char *domain, /* default domain */
|
|
|
|
|
const char *path) /* full path used when this cookie is set,
|
2009-09-26 16:51:51 -04:00
|
|
|
|
used to get default path for the cookie
|
|
|
|
|
unless set */
|
1999-12-29 09:20:26 -05:00
|
|
|
|
{
|
|
|
|
|
struct Cookie *clist;
|
|
|
|
|
char name[MAX_NAME];
|
|
|
|
|
struct Cookie *co;
|
2001-08-23 10:05:25 -04:00
|
|
|
|
struct Cookie *lastc=NULL;
|
1999-12-29 09:20:26 -05:00
|
|
|
|
time_t now = time(NULL);
|
|
|
|
|
bool replace_old = FALSE;
|
2003-04-30 13:03:43 -04:00
|
|
|
|
bool badcookie = FALSE; /* cookies are good by default. mmmmm yummy */
|
1999-12-29 09:20:26 -05:00
|
|
|
|
|
2015-09-29 05:33:01 -04:00
|
|
|
|
#ifdef USE_LIBPSL
|
|
|
|
|
const psl_ctx_t *psl;
|
|
|
|
|
#endif
|
|
|
|
|
|
2007-03-24 22:30:58 -04:00
|
|
|
|
#ifdef CURL_DISABLE_VERBOSE_STRINGS
|
|
|
|
|
(void)data;
|
|
|
|
|
#endif
|
|
|
|
|
|
1999-12-29 09:20:26 -05:00
|
|
|
|
/* First, alloc and init a new struct for it */
|
2009-11-18 05:33:54 -05:00
|
|
|
|
co = calloc(1, sizeof(struct Cookie));
|
1999-12-29 09:20:26 -05:00
|
|
|
|
if(!co)
|
|
|
|
|
return NULL; /* bail out if we're this low on memory */
|
|
|
|
|
|
|
|
|
|
if(httpheader) {
|
|
|
|
|
/* This line was read off a HTTP-header */
|
2007-08-29 01:36:53 -04:00
|
|
|
|
const char *ptr;
|
|
|
|
|
const char *semiptr;
|
|
|
|
|
char *what;
|
2004-06-22 17:15:51 -04:00
|
|
|
|
|
|
|
|
|
what = malloc(MAX_COOKIE_LINE);
|
|
|
|
|
if(!what) {
|
|
|
|
|
free(co);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
1999-12-29 09:20:26 -05:00
|
|
|
|
semiptr=strchr(lineptr, ';'); /* first, find a semicolon */
|
2002-07-29 18:22:49 -04:00
|
|
|
|
|
2007-02-13 12:47:27 -05:00
|
|
|
|
while(*lineptr && ISBLANK(*lineptr))
|
2002-07-29 18:22:49 -04:00
|
|
|
|
lineptr++;
|
|
|
|
|
|
1999-12-29 09:20:26 -05:00
|
|
|
|
ptr = lineptr;
|
2000-09-25 18:14:42 -04:00
|
|
|
|
do {
|
2011-08-09 08:02:05 -04:00
|
|
|
|
/* we have a <what>=<this> pair or a stand-alone word here */
|
|
|
|
|
name[0]=what[0]=0; /* init the buffers */
|
2016-02-08 09:48:18 -05:00
|
|
|
|
if(1 <= sscanf(ptr, "%" MAX_NAME_TXT "[^;\r\n=] =%"
|
2011-08-09 08:02:05 -04:00
|
|
|
|
MAX_COOKIE_LINE_TXT "[^;\r\n]",
|
|
|
|
|
name, what)) {
|
|
|
|
|
/* Use strstore() below to properly deal with received cookie
|
|
|
|
|
headers that have the same string property set more than once,
|
|
|
|
|
and then we use the last one. */
|
|
|
|
|
const char *whatptr;
|
|
|
|
|
bool done = FALSE;
|
|
|
|
|
bool sep;
|
|
|
|
|
size_t len=strlen(what);
|
2016-02-08 09:48:18 -05:00
|
|
|
|
size_t nlen = strlen(name);
|
|
|
|
|
const char *endofn = &ptr[ nlen ];
|
2011-08-09 08:02:05 -04:00
|
|
|
|
|
|
|
|
|
/* name ends with a '=' ? */
|
2011-09-05 14:46:09 -04:00
|
|
|
|
sep = (*endofn == '=')?TRUE:FALSE;
|
2011-08-09 08:02:05 -04:00
|
|
|
|
|
2016-02-08 09:48:18 -05:00
|
|
|
|
if(nlen) {
|
|
|
|
|
endofn--; /* move to the last character */
|
|
|
|
|
if(ISBLANK(*endofn)) {
|
|
|
|
|
/* skip trailing spaces in name */
|
|
|
|
|
while(*endofn && ISBLANK(*endofn) && nlen) {
|
|
|
|
|
endofn--;
|
|
|
|
|
nlen--;
|
|
|
|
|
}
|
|
|
|
|
name[nlen]=0; /* new end of name */
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2011-08-09 08:02:05 -04:00
|
|
|
|
/* Strip off trailing whitespace from the 'what' */
|
|
|
|
|
while(len && ISBLANK(what[len-1])) {
|
|
|
|
|
what[len-1]=0;
|
|
|
|
|
len--;
|
|
|
|
|
}
|
2002-02-27 02:38:04 -05:00
|
|
|
|
|
2011-08-09 08:02:05 -04:00
|
|
|
|
/* Skip leading whitespace from the 'what' */
|
|
|
|
|
whatptr=what;
|
|
|
|
|
while(*whatptr && ISBLANK(*whatptr))
|
|
|
|
|
whatptr++;
|
2002-04-14 14:21:17 -04:00
|
|
|
|
|
2016-03-10 05:20:56 -05:00
|
|
|
|
if(!co->name && sep) {
|
|
|
|
|
/* The very first name/value pair is the actual cookie name */
|
|
|
|
|
co->name = strdup(name);
|
|
|
|
|
co->value = strdup(whatptr);
|
|
|
|
|
if(!co->name || !co->value) {
|
|
|
|
|
badcookie = TRUE;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else if(!len) {
|
2011-08-09 08:02:05 -04:00
|
|
|
|
/* this was a "<name>=" with no content, and we must allow
|
|
|
|
|
'secure' and 'httponly' specified this weirdly */
|
|
|
|
|
done = TRUE;
|
2016-09-30 12:54:02 -04:00
|
|
|
|
if(strcasecompare("secure", name))
|
2011-08-09 08:02:05 -04:00
|
|
|
|
co->secure = TRUE;
|
2016-09-30 12:54:02 -04:00
|
|
|
|
else if(strcasecompare("httponly", name))
|
2011-08-09 08:02:05 -04:00
|
|
|
|
co->httponly = TRUE;
|
|
|
|
|
else if(sep)
|
|
|
|
|
/* there was a '=' so we're not done parsing this field */
|
|
|
|
|
done = FALSE;
|
|
|
|
|
}
|
|
|
|
|
if(done)
|
|
|
|
|
;
|
2016-09-30 12:54:02 -04:00
|
|
|
|
else if(strcasecompare("path", name)) {
|
2011-08-09 08:02:05 -04:00
|
|
|
|
strstore(&co->path, whatptr);
|
|
|
|
|
if(!co->path) {
|
|
|
|
|
badcookie = TRUE; /* out of memory bad */
|
|
|
|
|
break;
|
|
|
|
|
}
|
2013-06-12 05:19:56 -04:00
|
|
|
|
co->spath = sanitize_cookie_path(co->path);
|
|
|
|
|
if(!co->spath) {
|
|
|
|
|
badcookie = TRUE; /* out of memory bad */
|
|
|
|
|
break;
|
|
|
|
|
}
|
2011-08-09 08:02:05 -04:00
|
|
|
|
}
|
2016-09-30 12:54:02 -04:00
|
|
|
|
else if(strcasecompare("domain", name)) {
|
2014-08-19 15:01:28 -04:00
|
|
|
|
bool is_ip;
|
|
|
|
|
|
2013-05-21 17:28:59 -04:00
|
|
|
|
/* Now, we make sure that our host is within the given domain,
|
|
|
|
|
or the given domain is not valid and thus cannot be set. */
|
2011-08-09 08:02:05 -04:00
|
|
|
|
|
|
|
|
|
if('.' == whatptr[0])
|
2013-05-21 17:28:59 -04:00
|
|
|
|
whatptr++; /* ignore preceding dot */
|
|
|
|
|
|
2017-01-27 06:59:12 -05:00
|
|
|
|
#ifndef USE_LIBPSL
|
|
|
|
|
/*
|
|
|
|
|
* Without PSL we don't know when the incoming cookie is set on a
|
|
|
|
|
* TLD or otherwise "protected" suffix. To reduce risk, we require a
|
|
|
|
|
* dot OR the exact host name being "localhost".
|
|
|
|
|
*/
|
|
|
|
|
{
|
|
|
|
|
const char *dotp;
|
|
|
|
|
/* check for more dots */
|
|
|
|
|
dotp = strchr(whatptr, '.');
|
|
|
|
|
if(!dotp && !strcasecompare("localhost", whatptr))
|
|
|
|
|
domain=":";
|
|
|
|
|
}
|
|
|
|
|
#endif
|
2014-08-19 15:01:28 -04:00
|
|
|
|
|
2017-01-27 06:59:12 -05:00
|
|
|
|
is_ip = isip(domain ? domain : whatptr);
|
2014-08-19 15:11:20 -04:00
|
|
|
|
|
2014-08-19 15:01:28 -04:00
|
|
|
|
if(!domain
|
|
|
|
|
|| (is_ip && !strcmp(whatptr, domain))
|
|
|
|
|
|| (!is_ip && tailmatch(whatptr, domain))) {
|
|
|
|
|
strstore(&co->domain, whatptr);
|
2013-05-21 17:28:59 -04:00
|
|
|
|
if(!co->domain) {
|
|
|
|
|
badcookie = TRUE;
|
|
|
|
|
break;
|
2004-05-12 08:04:38 -04:00
|
|
|
|
}
|
2014-08-19 15:01:28 -04:00
|
|
|
|
if(!is_ip)
|
|
|
|
|
co->tailmatch=TRUE; /* we always do that if the domain name was
|
|
|
|
|
given */
|
1999-12-29 09:20:26 -05:00
|
|
|
|
}
|
2011-08-09 08:02:05 -04:00
|
|
|
|
else {
|
2013-05-21 17:28:59 -04:00
|
|
|
|
/* we did not get a tailmatch and then the attempted set domain
|
|
|
|
|
is not a domain to which the current host belongs. Mark as
|
|
|
|
|
bad. */
|
|
|
|
|
badcookie=TRUE;
|
|
|
|
|
infof(data, "skipped cookie with bad tailmatch domain: %s\n",
|
|
|
|
|
whatptr);
|
2000-02-01 18:54:51 -05:00
|
|
|
|
}
|
2011-08-09 08:02:05 -04:00
|
|
|
|
}
|
2016-09-30 12:54:02 -04:00
|
|
|
|
else if(strcasecompare("version", name)) {
|
2011-08-09 08:02:05 -04:00
|
|
|
|
strstore(&co->version, whatptr);
|
|
|
|
|
if(!co->version) {
|
|
|
|
|
badcookie = TRUE;
|
|
|
|
|
break;
|
2000-02-01 18:54:51 -05:00
|
|
|
|
}
|
2011-08-09 08:02:05 -04:00
|
|
|
|
}
|
2016-09-30 12:54:02 -04:00
|
|
|
|
else if(strcasecompare("max-age", name)) {
|
2011-08-09 08:02:05 -04:00
|
|
|
|
/* Defined in RFC2109:
|
|
|
|
|
|
|
|
|
|
Optional. The Max-Age attribute defines the lifetime of the
|
|
|
|
|
cookie, in seconds. The delta-seconds value is a decimal non-
|
|
|
|
|
negative integer. After delta-seconds seconds elapse, the
|
|
|
|
|
client should discard the cookie. A value of zero means the
|
|
|
|
|
cookie should be discarded immediately.
|
|
|
|
|
|
|
|
|
|
*/
|
|
|
|
|
strstore(&co->maxage, whatptr);
|
|
|
|
|
if(!co->maxage) {
|
|
|
|
|
badcookie = TRUE;
|
|
|
|
|
break;
|
1999-12-29 09:20:26 -05:00
|
|
|
|
}
|
2011-08-09 08:02:05 -04:00
|
|
|
|
}
|
2016-09-30 12:54:02 -04:00
|
|
|
|
else if(strcasecompare("expires", name)) {
|
2011-08-09 08:02:05 -04:00
|
|
|
|
strstore(&co->expirestr, whatptr);
|
|
|
|
|
if(!co->expirestr) {
|
|
|
|
|
badcookie = TRUE;
|
|
|
|
|
break;
|
1999-12-29 09:20:26 -05:00
|
|
|
|
}
|
|
|
|
|
}
|
2011-08-09 08:02:05 -04:00
|
|
|
|
/*
|
|
|
|
|
else this is the second (or more) name we don't know
|
|
|
|
|
about! */
|
1999-12-29 09:20:26 -05:00
|
|
|
|
}
|
|
|
|
|
else {
|
2011-08-09 08:02:05 -04:00
|
|
|
|
/* this is an "illegal" <what>=<this> pair */
|
1999-12-29 09:20:26 -05:00
|
|
|
|
}
|
2011-08-09 08:02:05 -04:00
|
|
|
|
|
2002-02-26 08:07:53 -05:00
|
|
|
|
if(!semiptr || !*semiptr) {
|
|
|
|
|
/* we already know there are no more cookies */
|
|
|
|
|
semiptr = NULL;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2000-09-25 18:14:42 -04:00
|
|
|
|
|
1999-12-29 09:20:26 -05:00
|
|
|
|
ptr=semiptr+1;
|
2009-06-10 17:26:11 -04:00
|
|
|
|
while(*ptr && ISBLANK(*ptr))
|
1999-12-29 09:20:26 -05:00
|
|
|
|
ptr++;
|
|
|
|
|
semiptr=strchr(ptr, ';'); /* now, find the next semicolon */
|
2002-01-07 18:05:36 -05:00
|
|
|
|
|
|
|
|
|
if(!semiptr && *ptr)
|
|
|
|
|
/* There are no more semicolons, but there's a final name=value pair
|
|
|
|
|
coming up */
|
2002-02-26 08:07:53 -05:00
|
|
|
|
semiptr=strchr(ptr, '\0');
|
2000-09-25 18:14:42 -04:00
|
|
|
|
} while(semiptr);
|
2001-09-26 03:08:29 -04:00
|
|
|
|
|
2014-01-16 02:51:30 -05:00
|
|
|
|
if(co->maxage) {
|
|
|
|
|
co->expires =
|
|
|
|
|
curlx_strtoofft((*co->maxage=='\"')?
|
|
|
|
|
&co->maxage[1]:&co->maxage[0], NULL, 10);
|
|
|
|
|
if(CURL_OFF_T_MAX - now < co->expires)
|
|
|
|
|
/* avoid overflow */
|
|
|
|
|
co->expires = CURL_OFF_T_MAX;
|
|
|
|
|
else
|
|
|
|
|
co->expires += now;
|
|
|
|
|
}
|
|
|
|
|
else if(co->expirestr) {
|
|
|
|
|
/* Note that if the date couldn't get parsed for whatever reason,
|
|
|
|
|
the cookie will be treated as a session cookie */
|
|
|
|
|
co->expires = curl_getdate(co->expirestr, NULL);
|
|
|
|
|
|
|
|
|
|
/* Session cookies have expires set to 0 so if we get that back
|
|
|
|
|
from the date parser let's add a second to make it a
|
|
|
|
|
non-session cookie */
|
|
|
|
|
if(co->expires == 0)
|
|
|
|
|
co->expires = 1;
|
|
|
|
|
else if(co->expires < 0)
|
|
|
|
|
co->expires = 0;
|
|
|
|
|
}
|
|
|
|
|
|
2004-05-12 08:04:38 -04:00
|
|
|
|
if(!badcookie && !co->domain) {
|
|
|
|
|
if(domain) {
|
|
|
|
|
/* no domain was given in the header line, set the default */
|
|
|
|
|
co->domain=strdup(domain);
|
|
|
|
|
if(!co->domain)
|
|
|
|
|
badcookie = TRUE;
|
|
|
|
|
}
|
2002-02-26 08:07:53 -05:00
|
|
|
|
}
|
|
|
|
|
|
2004-05-12 08:04:38 -04:00
|
|
|
|
if(!badcookie && !co->path && path) {
|
2009-09-26 16:51:51 -04:00
|
|
|
|
/* No path was given in the header line, set the default.
|
|
|
|
|
Note that the passed-in path to this function MAY have a '?' and
|
|
|
|
|
following part that MUST not be stored as part of the path. */
|
|
|
|
|
char *queryp = strchr(path, '?');
|
|
|
|
|
|
|
|
|
|
/* queryp is where the interesting part of the path ends, so now we
|
|
|
|
|
want to the find the last */
|
|
|
|
|
char *endslash;
|
|
|
|
|
if(!queryp)
|
|
|
|
|
endslash = strrchr(path, '/');
|
|
|
|
|
else
|
2009-09-28 13:01:23 -04:00
|
|
|
|
endslash = memrchr(path, '/', (size_t)(queryp - path));
|
2003-04-30 13:03:43 -04:00
|
|
|
|
if(endslash) {
|
2009-09-28 13:01:23 -04:00
|
|
|
|
size_t pathlen = (size_t)(endslash-path+1); /* include ending slash */
|
2003-04-30 13:03:43 -04:00
|
|
|
|
co->path=malloc(pathlen+1); /* one extra for the zero byte */
|
|
|
|
|
if(co->path) {
|
|
|
|
|
memcpy(co->path, path, pathlen);
|
|
|
|
|
co->path[pathlen]=0; /* zero terminate */
|
2013-06-12 05:19:56 -04:00
|
|
|
|
co->spath = sanitize_cookie_path(co->path);
|
|
|
|
|
if(!co->spath)
|
|
|
|
|
badcookie = TRUE; /* out of memory bad */
|
2003-04-30 13:03:43 -04:00
|
|
|
|
}
|
2004-05-12 08:04:38 -04:00
|
|
|
|
else
|
|
|
|
|
badcookie = TRUE;
|
2003-04-30 13:03:43 -04:00
|
|
|
|
}
|
|
|
|
|
}
|
2004-05-12 08:04:38 -04:00
|
|
|
|
|
2004-06-22 17:15:51 -04:00
|
|
|
|
free(what);
|
|
|
|
|
|
2004-05-12 08:04:38 -04:00
|
|
|
|
if(badcookie || !co->name) {
|
|
|
|
|
/* we didn't get a cookie name or a bad one,
|
|
|
|
|
this is an illegal line, bail out */
|
|
|
|
|
freecookie(co);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
1999-12-29 09:20:26 -05:00
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
/* This line is NOT a HTTP header style line, we do offer support for
|
|
|
|
|
reading the odd netscape cookies-file format here */
|
2007-08-29 01:36:53 -04:00
|
|
|
|
char *ptr;
|
1999-12-29 09:20:26 -05:00
|
|
|
|
char *firstptr;
|
2009-01-15 03:32:58 -05:00
|
|
|
|
char *tok_buf=NULL;
|
1999-12-29 09:20:26 -05:00
|
|
|
|
int fields;
|
|
|
|
|
|
2008-09-08 07:36:19 -04:00
|
|
|
|
/* IE introduced HTTP-only cookies to prevent XSS attacks. Cookies
|
|
|
|
|
marked with httpOnly after the domain name are not accessible
|
|
|
|
|
from javascripts, but since curl does not operate at javascript
|
|
|
|
|
level, we include them anyway. In Firefox's cookie files, these
|
2011-04-19 09:54:13 -04:00
|
|
|
|
lines are preceded with #HttpOnly_ and then everything is
|
2008-01-31 07:21:57 -05:00
|
|
|
|
as usual, so we skip 10 characters of the line..
|
|
|
|
|
*/
|
2011-04-20 09:17:42 -04:00
|
|
|
|
if(strncmp(lineptr, "#HttpOnly_", 10) == 0) {
|
2008-01-31 07:21:57 -05:00
|
|
|
|
lineptr += 10;
|
|
|
|
|
co->httponly = TRUE;
|
|
|
|
|
}
|
|
|
|
|
|
1999-12-29 09:20:26 -05:00
|
|
|
|
if(lineptr[0]=='#') {
|
|
|
|
|
/* don't even try the comments */
|
|
|
|
|
free(co);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
/* strip off the possible end-of-line characters */
|
2000-05-22 10:12:12 -04:00
|
|
|
|
ptr=strchr(lineptr, '\r');
|
|
|
|
|
if(ptr)
|
1999-12-29 09:20:26 -05:00
|
|
|
|
*ptr=0; /* clear it */
|
2000-05-22 10:12:12 -04:00
|
|
|
|
ptr=strchr(lineptr, '\n');
|
|
|
|
|
if(ptr)
|
1999-12-29 09:20:26 -05:00
|
|
|
|
*ptr=0; /* clear it */
|
|
|
|
|
|
2004-05-12 08:04:38 -04:00
|
|
|
|
firstptr=strtok_r(lineptr, "\t", &tok_buf); /* tokenize it on the TAB */
|
1999-12-29 09:20:26 -05:00
|
|
|
|
|
|
|
|
|
/* Now loop through the fields and init the struct we already have
|
|
|
|
|
allocated */
|
2004-05-12 08:04:38 -04:00
|
|
|
|
for(ptr=firstptr, fields=0; ptr && !badcookie;
|
2003-04-30 13:03:43 -04:00
|
|
|
|
ptr=strtok_r(NULL, "\t", &tok_buf), fields++) {
|
1999-12-29 09:20:26 -05:00
|
|
|
|
switch(fields) {
|
|
|
|
|
case 0:
|
2011-04-19 09:54:13 -04:00
|
|
|
|
if(ptr[0]=='.') /* skip preceding dots */
|
2003-05-15 18:28:19 -04:00
|
|
|
|
ptr++;
|
1999-12-29 09:20:26 -05:00
|
|
|
|
co->domain = strdup(ptr);
|
2004-05-12 08:04:38 -04:00
|
|
|
|
if(!co->domain)
|
|
|
|
|
badcookie = TRUE;
|
1999-12-29 09:20:26 -05:00
|
|
|
|
break;
|
|
|
|
|
case 1:
|
2001-05-23 09:04:19 -04:00
|
|
|
|
/* This field got its explanation on the 23rd of May 2001 by
|
|
|
|
|
Andr<EFBFBD>s Garc<EFBFBD>a:
|
|
|
|
|
|
|
|
|
|
flag: A TRUE/FALSE value indicating if all machines within a given
|
|
|
|
|
domain can access the variable. This value is set automatically by
|
|
|
|
|
the browser, depending on the value you set for the domain.
|
|
|
|
|
|
|
|
|
|
As far as I can see, it is set to true when the cookie says
|
|
|
|
|
.domain.com and to false when the domain is complete www.domain.com
|
|
|
|
|
*/
|
2016-09-30 12:54:02 -04:00
|
|
|
|
co->tailmatch = strcasecompare(ptr, "TRUE")?TRUE:FALSE;
|
1999-12-29 09:20:26 -05:00
|
|
|
|
break;
|
|
|
|
|
case 2:
|
2001-05-23 05:26:45 -04:00
|
|
|
|
/* It turns out, that sometimes the file format allows the path
|
|
|
|
|
field to remain not filled in, we try to detect this and work
|
|
|
|
|
around it! Andr<EFBFBD>s Garc<EFBFBD>a made us aware of this... */
|
2007-11-07 04:21:35 -05:00
|
|
|
|
if(strcmp("TRUE", ptr) && strcmp("FALSE", ptr)) {
|
2001-05-23 05:26:45 -04:00
|
|
|
|
/* only if the path doesn't look like a boolean option! */
|
|
|
|
|
co->path = strdup(ptr);
|
2004-05-12 08:04:38 -04:00
|
|
|
|
if(!co->path)
|
|
|
|
|
badcookie = TRUE;
|
2013-06-12 05:19:56 -04:00
|
|
|
|
else {
|
|
|
|
|
co->spath = sanitize_cookie_path(co->path);
|
|
|
|
|
if(!co->spath) {
|
|
|
|
|
badcookie = TRUE; /* out of memory bad */
|
|
|
|
|
}
|
|
|
|
|
}
|
2001-05-23 05:26:45 -04:00
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
/* this doesn't look like a path, make one up! */
|
|
|
|
|
co->path = strdup("/");
|
2004-05-12 08:04:38 -04:00
|
|
|
|
if(!co->path)
|
|
|
|
|
badcookie = TRUE;
|
2013-06-12 05:19:56 -04:00
|
|
|
|
co->spath = strdup("/");
|
|
|
|
|
if(!co->spath)
|
|
|
|
|
badcookie = TRUE;
|
2001-05-23 05:26:45 -04:00
|
|
|
|
fields++; /* add a field and fall down to secure */
|
|
|
|
|
/* FALLTHROUGH */
|
1999-12-29 09:20:26 -05:00
|
|
|
|
case 3:
|
2016-09-30 12:54:02 -04:00
|
|
|
|
co->secure = strcasecompare(ptr, "TRUE")?TRUE:FALSE;
|
1999-12-29 09:20:26 -05:00
|
|
|
|
break;
|
|
|
|
|
case 4:
|
2005-08-17 04:55:43 -04:00
|
|
|
|
co->expires = curlx_strtoofft(ptr, NULL, 10);
|
1999-12-29 09:20:26 -05:00
|
|
|
|
break;
|
|
|
|
|
case 5:
|
|
|
|
|
co->name = strdup(ptr);
|
2004-05-12 08:04:38 -04:00
|
|
|
|
if(!co->name)
|
|
|
|
|
badcookie = TRUE;
|
1999-12-29 09:20:26 -05:00
|
|
|
|
break;
|
|
|
|
|
case 6:
|
|
|
|
|
co->value = strdup(ptr);
|
2004-05-12 08:04:38 -04:00
|
|
|
|
if(!co->value)
|
|
|
|
|
badcookie = TRUE;
|
1999-12-29 09:20:26 -05:00
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
2003-08-11 05:55:11 -04:00
|
|
|
|
if(6 == fields) {
|
|
|
|
|
/* we got a cookie with blank contents, fix it */
|
|
|
|
|
co->value = strdup("");
|
2004-05-12 08:04:38 -04:00
|
|
|
|
if(!co->value)
|
|
|
|
|
badcookie = TRUE;
|
|
|
|
|
else
|
|
|
|
|
fields++;
|
2003-08-11 05:55:11 -04:00
|
|
|
|
}
|
2004-05-12 08:04:38 -04:00
|
|
|
|
|
|
|
|
|
if(!badcookie && (7 != fields))
|
|
|
|
|
/* we did not find the sufficient number of fields */
|
|
|
|
|
badcookie = TRUE;
|
|
|
|
|
|
|
|
|
|
if(badcookie) {
|
|
|
|
|
freecookie(co);
|
1999-12-29 09:20:26 -05:00
|
|
|
|
return NULL;
|
|
|
|
|
}
|
2004-05-12 08:04:38 -04:00
|
|
|
|
|
1999-12-29 09:20:26 -05:00
|
|
|
|
}
|
|
|
|
|
|
2002-05-07 05:58:13 -04:00
|
|
|
|
if(!c->running && /* read from a file */
|
|
|
|
|
c->newsession && /* clean session cookies */
|
|
|
|
|
!co->expires) { /* this is a session cookie since it doesn't expire! */
|
2004-05-12 08:04:38 -04:00
|
|
|
|
freecookie(co);
|
2002-05-07 05:58:13 -04:00
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2001-08-23 10:05:25 -04:00
|
|
|
|
co->livecookie = c->running;
|
|
|
|
|
|
1999-12-29 09:20:26 -05:00
|
|
|
|
/* now, we have parsed the incoming line, we must now check if this
|
|
|
|
|
superceeds an already existing cookie, which it may if the previous have
|
|
|
|
|
the same domain and path as this */
|
|
|
|
|
|
2013-09-17 02:51:22 -04:00
|
|
|
|
/* at first, remove expired cookies */
|
|
|
|
|
remove_expired(c);
|
|
|
|
|
|
2015-09-29 05:33:01 -04:00
|
|
|
|
#ifdef USE_LIBPSL
|
|
|
|
|
/* Check if the domain is a Public Suffix and if yes, ignore the cookie.
|
|
|
|
|
This needs a libpsl compiled with builtin data. */
|
2016-03-02 05:07:16 -05:00
|
|
|
|
if(domain && co->domain && !isip(co->domain)) {
|
2016-12-13 19:29:44 -05:00
|
|
|
|
psl = psl_builtin();
|
|
|
|
|
if(psl && !psl_is_cookie_domain_acceptable(psl, domain, co->domain)) {
|
2016-03-02 05:07:16 -05:00
|
|
|
|
infof(data,
|
|
|
|
|
"cookie '%s' dropped, domain '%s' must not set cookies for '%s'\n",
|
|
|
|
|
co->name, domain, co->domain);
|
2015-09-29 05:33:01 -04:00
|
|
|
|
freecookie(co);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
1999-12-29 09:20:26 -05:00
|
|
|
|
clist = c->cookies;
|
|
|
|
|
replace_old = FALSE;
|
|
|
|
|
while(clist) {
|
2016-09-30 12:54:02 -04:00
|
|
|
|
if(strcasecompare(clist->name, co->name)) {
|
1999-12-29 09:20:26 -05:00
|
|
|
|
/* the names are identical */
|
|
|
|
|
|
|
|
|
|
if(clist->domain && co->domain) {
|
2016-09-30 12:54:02 -04:00
|
|
|
|
if(strcasecompare(clist->domain, co->domain) &&
|
2016-10-03 00:34:59 -04:00
|
|
|
|
(clist->tailmatch == co->tailmatch))
|
2003-05-15 18:28:19 -04:00
|
|
|
|
/* The domains are identical */
|
1999-12-29 09:20:26 -05:00
|
|
|
|
replace_old=TRUE;
|
|
|
|
|
}
|
|
|
|
|
else if(!clist->domain && !co->domain)
|
|
|
|
|
replace_old = TRUE;
|
|
|
|
|
|
|
|
|
|
if(replace_old) {
|
|
|
|
|
/* the domains were identical */
|
|
|
|
|
|
2013-06-12 05:19:56 -04:00
|
|
|
|
if(clist->spath && co->spath) {
|
2016-09-30 12:54:02 -04:00
|
|
|
|
if(strcasecompare(clist->spath, co->spath)) {
|
1999-12-29 09:20:26 -05:00
|
|
|
|
replace_old = TRUE;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
replace_old = FALSE;
|
|
|
|
|
}
|
2013-06-12 05:19:56 -04:00
|
|
|
|
else if(!clist->spath && !co->spath)
|
1999-12-29 09:20:26 -05:00
|
|
|
|
replace_old = TRUE;
|
|
|
|
|
else
|
|
|
|
|
replace_old = FALSE;
|
2004-05-12 08:04:38 -04:00
|
|
|
|
|
1999-12-29 09:20:26 -05:00
|
|
|
|
}
|
|
|
|
|
|
2001-08-23 10:05:25 -04:00
|
|
|
|
if(replace_old && !co->livecookie && clist->livecookie) {
|
|
|
|
|
/* Both cookies matched fine, except that the already present
|
|
|
|
|
cookie is "live", which means it was set from a header, while
|
|
|
|
|
the new one isn't "live" and thus only read from a file. We let
|
|
|
|
|
live cookies stay alive */
|
|
|
|
|
|
|
|
|
|
/* Free the newcomer and get out of here! */
|
2004-05-12 08:04:38 -04:00
|
|
|
|
freecookie(co);
|
2001-08-23 10:05:25 -04:00
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
1999-12-29 09:20:26 -05:00
|
|
|
|
if(replace_old) {
|
|
|
|
|
co->next = clist->next; /* get the next-pointer first */
|
|
|
|
|
|
|
|
|
|
/* then free all the old pointers */
|
2008-10-13 17:03:12 -04:00
|
|
|
|
free(clist->name);
|
2015-03-11 12:41:01 -04:00
|
|
|
|
free(clist->value);
|
|
|
|
|
free(clist->domain);
|
|
|
|
|
free(clist->path);
|
|
|
|
|
free(clist->spath);
|
|
|
|
|
free(clist->expirestr);
|
|
|
|
|
free(clist->version);
|
|
|
|
|
free(clist->maxage);
|
2000-02-01 18:54:51 -05:00
|
|
|
|
|
1999-12-29 09:20:26 -05:00
|
|
|
|
*clist = *co; /* then store all the new data */
|
2001-10-24 07:36:55 -04:00
|
|
|
|
|
|
|
|
|
free(co); /* free the newly alloced memory */
|
|
|
|
|
co = clist; /* point to the previous struct instead */
|
1999-12-29 09:20:26 -05:00
|
|
|
|
|
2002-01-07 09:56:15 -05:00
|
|
|
|
/* We have replaced a cookie, now skip the rest of the list but
|
|
|
|
|
make sure the 'lastc' pointer is properly set */
|
|
|
|
|
do {
|
|
|
|
|
lastc = clist;
|
|
|
|
|
clist = clist->next;
|
|
|
|
|
} while(clist);
|
|
|
|
|
break;
|
|
|
|
|
}
|
1999-12-29 09:20:26 -05:00
|
|
|
|
}
|
2001-08-23 10:05:25 -04:00
|
|
|
|
lastc = clist;
|
1999-12-29 09:20:26 -05:00
|
|
|
|
clist = clist->next;
|
|
|
|
|
}
|
|
|
|
|
|
2003-08-11 05:55:11 -04:00
|
|
|
|
if(c->running)
|
|
|
|
|
/* Only show this when NOT reading the cookies from a file */
|
2010-01-28 10:34:18 -05:00
|
|
|
|
infof(data, "%s cookie %s=\"%s\" for domain %s, path %s, "
|
2013-12-31 06:10:25 -05:00
|
|
|
|
"expire %" CURL_FORMAT_CURL_OFF_T "\n",
|
2003-08-11 05:55:11 -04:00
|
|
|
|
replace_old?"Replaced":"Added", co->name, co->value,
|
|
|
|
|
co->domain, co->path, co->expires);
|
|
|
|
|
|
1999-12-29 09:20:26 -05:00
|
|
|
|
if(!replace_old) {
|
2001-08-23 10:05:25 -04:00
|
|
|
|
/* then make the last item point on this new one */
|
|
|
|
|
if(lastc)
|
|
|
|
|
lastc->next = co;
|
|
|
|
|
else
|
|
|
|
|
c->cookies = co;
|
2013-04-02 05:45:15 -04:00
|
|
|
|
c->numcookies++; /* one more cookie in the jar */
|
1999-12-29 09:20:26 -05:00
|
|
|
|
}
|
2001-08-23 10:05:25 -04:00
|
|
|
|
|
1999-12-29 09:20:26 -05:00
|
|
|
|
return co;
|
|
|
|
|
}
|
|
|
|
|
|
2016-09-27 11:36:19 -04:00
|
|
|
|
/*
|
|
|
|
|
* get_line() makes sure to only return complete whole lines that fit in 'len'
|
|
|
|
|
* bytes and end with a newline.
|
|
|
|
|
*/
|
|
|
|
|
static char *get_line(char *buf, int len, FILE *input)
|
|
|
|
|
{
|
|
|
|
|
bool partial = FALSE;
|
|
|
|
|
while(1) {
|
|
|
|
|
char *b = fgets(buf, len, input);
|
|
|
|
|
if(b) {
|
|
|
|
|
size_t rlen = strlen(b);
|
|
|
|
|
if(rlen && (b[rlen-1] == '\n')) {
|
|
|
|
|
if(partial) {
|
|
|
|
|
partial = FALSE;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
return b;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
/* read a partial, discard the next piece that ends with newline */
|
|
|
|
|
partial = TRUE;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
1999-12-29 09:20:26 -05:00
|
|
|
|
/*****************************************************************************
|
|
|
|
|
*
|
2001-08-23 10:05:25 -04:00
|
|
|
|
* Curl_cookie_init()
|
1999-12-29 09:20:26 -05:00
|
|
|
|
*
|
|
|
|
|
* Inits a cookie struct to read data from a local file. This is always
|
|
|
|
|
* called before any cookies are set. File may be NULL.
|
|
|
|
|
*
|
2002-05-07 05:58:13 -04:00
|
|
|
|
* If 'newsession' is TRUE, discard all "session cookies" on read from file.
|
|
|
|
|
*
|
2014-12-07 06:24:29 -05:00
|
|
|
|
* Returns NULL on out of memory. Invalid cookies are ignored.
|
1999-12-29 09:20:26 -05:00
|
|
|
|
****************************************************************************/
|
2016-06-21 09:47:12 -04:00
|
|
|
|
struct CookieInfo *Curl_cookie_init(struct Curl_easy *data,
|
2007-08-29 01:36:53 -04:00
|
|
|
|
const char *file,
|
2002-05-07 05:58:13 -04:00
|
|
|
|
struct CookieInfo *inc,
|
|
|
|
|
bool newsession)
|
1999-12-29 09:20:26 -05:00
|
|
|
|
{
|
|
|
|
|
struct CookieInfo *c;
|
2014-12-07 06:24:29 -05:00
|
|
|
|
FILE *fp = NULL;
|
2000-02-10 18:14:53 -05:00
|
|
|
|
bool fromfile=TRUE;
|
2014-12-07 06:24:29 -05:00
|
|
|
|
char *line = NULL;
|
2004-05-12 08:04:38 -04:00
|
|
|
|
|
2001-08-23 10:05:25 -04:00
|
|
|
|
if(NULL == inc) {
|
|
|
|
|
/* we didn't get a struct, create one */
|
2008-09-06 00:47:14 -04:00
|
|
|
|
c = calloc(1, sizeof(struct CookieInfo));
|
2001-08-23 10:05:25 -04:00
|
|
|
|
if(!c)
|
|
|
|
|
return NULL; /* failed to get memory */
|
|
|
|
|
c->filename = strdup(file?file:"none"); /* copy the name just in case */
|
2014-12-07 06:24:29 -05:00
|
|
|
|
if(!c->filename)
|
|
|
|
|
goto fail; /* failed to get memory */
|
2001-08-23 10:05:25 -04:00
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
/* we got an already existing one, use that */
|
|
|
|
|
c = inc;
|
|
|
|
|
}
|
|
|
|
|
c->running = FALSE; /* this is not running, this is init */
|
1999-12-29 09:20:26 -05:00
|
|
|
|
|
2016-09-30 11:15:05 -04:00
|
|
|
|
if(file && !strcmp(file, "-")) {
|
2000-02-10 18:14:53 -05:00
|
|
|
|
fp = stdin;
|
|
|
|
|
fromfile=FALSE;
|
|
|
|
|
}
|
2005-03-03 19:26:50 -05:00
|
|
|
|
else if(file && !*file) {
|
|
|
|
|
/* points to a "" string */
|
|
|
|
|
fp = NULL;
|
|
|
|
|
}
|
2000-02-10 18:14:53 -05:00
|
|
|
|
else
|
2015-06-01 03:20:18 -04:00
|
|
|
|
fp = file?fopen(file, FOPEN_READTEXT):NULL;
|
2000-02-10 18:14:53 -05:00
|
|
|
|
|
2002-05-07 05:58:13 -04:00
|
|
|
|
c->newsession = newsession; /* new session? */
|
|
|
|
|
|
1999-12-29 09:20:26 -05:00
|
|
|
|
if(fp) {
|
2001-08-23 10:05:25 -04:00
|
|
|
|
char *lineptr;
|
|
|
|
|
bool headerline;
|
|
|
|
|
|
2014-12-07 06:24:29 -05:00
|
|
|
|
line = malloc(MAX_COOKIE_LINE);
|
|
|
|
|
if(!line)
|
|
|
|
|
goto fail;
|
2016-09-27 11:36:19 -04:00
|
|
|
|
while(get_line(line, MAX_COOKIE_LINE, fp)) {
|
2014-12-07 06:24:29 -05:00
|
|
|
|
if(checkprefix("Set-Cookie:", line)) {
|
|
|
|
|
/* This is a cookie line, get it! */
|
|
|
|
|
lineptr=&line[11];
|
|
|
|
|
headerline=TRUE;
|
2004-06-30 08:05:07 -04:00
|
|
|
|
}
|
2014-12-07 06:24:29 -05:00
|
|
|
|
else {
|
|
|
|
|
lineptr=line;
|
|
|
|
|
headerline=FALSE;
|
|
|
|
|
}
|
|
|
|
|
while(*lineptr && ISBLANK(*lineptr))
|
|
|
|
|
lineptr++;
|
|
|
|
|
|
|
|
|
|
Curl_cookie_add(data, c, headerline, lineptr, NULL, NULL);
|
1999-12-29 09:20:26 -05:00
|
|
|
|
}
|
2014-12-07 06:24:29 -05:00
|
|
|
|
free(line); /* free the line buffer */
|
|
|
|
|
|
2000-02-10 18:14:53 -05:00
|
|
|
|
if(fromfile)
|
|
|
|
|
fclose(fp);
|
1999-12-29 09:20:26 -05:00
|
|
|
|
}
|
|
|
|
|
|
2002-05-07 05:58:13 -04:00
|
|
|
|
c->running = TRUE; /* now, we're running */
|
2001-08-23 10:05:25 -04:00
|
|
|
|
|
1999-12-29 09:20:26 -05:00
|
|
|
|
return c;
|
2014-12-07 06:24:29 -05:00
|
|
|
|
|
|
|
|
|
fail:
|
2015-03-16 10:01:15 -04:00
|
|
|
|
free(line);
|
2014-12-07 06:24:29 -05:00
|
|
|
|
if(!inc)
|
|
|
|
|
/* Only clean up if we allocated it here, as the original could still be in
|
|
|
|
|
* use by a share handle */
|
|
|
|
|
Curl_cookie_cleanup(c);
|
|
|
|
|
if(fromfile && fp)
|
|
|
|
|
fclose(fp);
|
|
|
|
|
return NULL; /* out of memory */
|
1999-12-29 09:20:26 -05:00
|
|
|
|
}
|
|
|
|
|
|
2010-01-19 18:19:59 -05:00
|
|
|
|
/* sort this so that the longest path gets before the shorter path */
|
|
|
|
|
static int cookie_sort(const void *p1, const void *p2)
|
|
|
|
|
{
|
|
|
|
|
struct Cookie *c1 = *(struct Cookie **)p1;
|
|
|
|
|
struct Cookie *c2 = *(struct Cookie **)p2;
|
2013-04-07 04:34:32 -04:00
|
|
|
|
size_t l1, l2;
|
2010-01-19 18:19:59 -05:00
|
|
|
|
|
2013-04-07 04:34:32 -04:00
|
|
|
|
/* 1 - compare cookie path lengths */
|
|
|
|
|
l1 = c1->path ? strlen(c1->path) : 0;
|
|
|
|
|
l2 = c2->path ? strlen(c2->path) : 0;
|
2010-01-19 18:19:59 -05:00
|
|
|
|
|
2013-04-07 04:34:32 -04:00
|
|
|
|
if(l1 != l2)
|
|
|
|
|
return (l2 > l1) ? 1 : -1 ; /* avoid size_t <=> int conversions */
|
|
|
|
|
|
|
|
|
|
/* 2 - compare cookie domain lengths */
|
|
|
|
|
l1 = c1->domain ? strlen(c1->domain) : 0;
|
|
|
|
|
l2 = c2->domain ? strlen(c2->domain) : 0;
|
|
|
|
|
|
|
|
|
|
if(l1 != l2)
|
|
|
|
|
return (l2 > l1) ? 1 : -1 ; /* avoid size_t <=> int conversions */
|
|
|
|
|
|
|
|
|
|
/* 3 - compare cookie names */
|
|
|
|
|
if(c1->name && c2->name)
|
|
|
|
|
return strcmp(c1->name, c2->name);
|
|
|
|
|
|
|
|
|
|
/* sorry, can't be more deterministic */
|
|
|
|
|
return 0;
|
2010-01-19 18:19:59 -05:00
|
|
|
|
}
|
|
|
|
|
|
2016-10-04 17:26:13 -04:00
|
|
|
|
#define CLONE(field) \
|
|
|
|
|
do { \
|
|
|
|
|
if(src->field) { \
|
|
|
|
|
dup->field = strdup(src->field); \
|
|
|
|
|
if(!dup->field) \
|
|
|
|
|
goto fail; \
|
|
|
|
|
} \
|
|
|
|
|
} while(0)
|
|
|
|
|
|
|
|
|
|
static struct Cookie *dup_cookie(struct Cookie *src)
|
|
|
|
|
{
|
|
|
|
|
struct Cookie *dup = calloc(sizeof(struct Cookie), 1);
|
|
|
|
|
if(dup) {
|
|
|
|
|
CLONE(expirestr);
|
|
|
|
|
CLONE(domain);
|
|
|
|
|
CLONE(path);
|
|
|
|
|
CLONE(spath);
|
|
|
|
|
CLONE(name);
|
|
|
|
|
CLONE(value);
|
|
|
|
|
CLONE(maxage);
|
|
|
|
|
CLONE(version);
|
|
|
|
|
dup->expires = src->expires;
|
|
|
|
|
dup->tailmatch = src->tailmatch;
|
|
|
|
|
dup->secure = src->secure;
|
|
|
|
|
dup->livecookie = src->livecookie;
|
|
|
|
|
dup->httponly = src->httponly;
|
|
|
|
|
}
|
|
|
|
|
return dup;
|
|
|
|
|
|
|
|
|
|
fail:
|
|
|
|
|
freecookie(dup);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
1999-12-29 09:20:26 -05:00
|
|
|
|
/*****************************************************************************
|
|
|
|
|
*
|
2001-08-23 10:05:25 -04:00
|
|
|
|
* Curl_cookie_getlist()
|
1999-12-29 09:20:26 -05:00
|
|
|
|
*
|
|
|
|
|
* For a given host and path, return a linked list of cookies that the
|
|
|
|
|
* client should send to the server if used now. The secure boolean informs
|
|
|
|
|
* the cookie if a secure connection is achieved or not.
|
|
|
|
|
*
|
|
|
|
|
* It shall only return cookies that haven't expired.
|
|
|
|
|
*
|
|
|
|
|
****************************************************************************/
|
|
|
|
|
|
2001-01-05 05:11:41 -05:00
|
|
|
|
struct Cookie *Curl_cookie_getlist(struct CookieInfo *c,
|
2007-08-29 01:36:53 -04:00
|
|
|
|
const char *host, const char *path,
|
2008-09-08 07:36:19 -04:00
|
|
|
|
bool secure)
|
1999-12-29 09:20:26 -05:00
|
|
|
|
{
|
2006-05-24 18:46:38 -04:00
|
|
|
|
struct Cookie *newco;
|
|
|
|
|
struct Cookie *co;
|
|
|
|
|
time_t now = time(NULL);
|
|
|
|
|
struct Cookie *mainco=NULL;
|
2010-01-26 22:43:34 -05:00
|
|
|
|
size_t matches = 0;
|
2014-08-19 15:01:28 -04:00
|
|
|
|
bool is_ip;
|
2006-05-24 18:46:38 -04:00
|
|
|
|
|
|
|
|
|
if(!c || !c->cookies)
|
|
|
|
|
return NULL; /* no cookie struct or no cookies in the struct */
|
|
|
|
|
|
2013-09-17 02:51:22 -04:00
|
|
|
|
/* at first, remove expired cookies */
|
|
|
|
|
remove_expired(c);
|
|
|
|
|
|
2014-08-19 15:01:28 -04:00
|
|
|
|
/* check if host is an IP(v4|v6) address */
|
|
|
|
|
is_ip = isip(host);
|
|
|
|
|
|
2006-05-24 18:46:38 -04:00
|
|
|
|
co = c->cookies;
|
|
|
|
|
|
|
|
|
|
while(co) {
|
|
|
|
|
/* only process this cookie if it is not expired or had no expire
|
|
|
|
|
date AND that if the cookie requires we're secure we must only
|
|
|
|
|
continue if we are! */
|
2011-04-22 17:01:30 -04:00
|
|
|
|
if((!co->expires || (co->expires > now)) &&
|
|
|
|
|
(co->secure?secure:TRUE)) {
|
2006-05-24 18:46:38 -04:00
|
|
|
|
|
|
|
|
|
/* now check if the domain is correct */
|
|
|
|
|
if(!co->domain ||
|
2014-08-19 15:01:28 -04:00
|
|
|
|
(co->tailmatch && !is_ip && tailmatch(co->domain, host)) ||
|
2016-09-30 12:54:02 -04:00
|
|
|
|
((!co->tailmatch || is_ip) && strcasecompare(host, co->domain)) ) {
|
2006-05-24 18:46:38 -04:00
|
|
|
|
/* the right part of the host matches the domain stuff in the
|
|
|
|
|
cookie data */
|
|
|
|
|
|
|
|
|
|
/* now check the left part of the path with the cookies path
|
|
|
|
|
requirement */
|
2013-06-12 05:19:56 -04:00
|
|
|
|
if(!co->spath || pathmatch(co->spath, path) ) {
|
2006-05-24 18:46:38 -04:00
|
|
|
|
|
|
|
|
|
/* and now, we know this is a match and we should create an
|
|
|
|
|
entry for the return-linked-list */
|
|
|
|
|
|
2016-10-04 17:26:13 -04:00
|
|
|
|
newco = dup_cookie(co);
|
2006-05-24 18:46:38 -04:00
|
|
|
|
if(newco) {
|
|
|
|
|
/* then modify our next */
|
|
|
|
|
newco->next = mainco;
|
|
|
|
|
|
|
|
|
|
/* point the main to us */
|
|
|
|
|
mainco = newco;
|
2010-01-19 18:19:59 -05:00
|
|
|
|
|
|
|
|
|
matches++;
|
2006-05-24 18:46:38 -04:00
|
|
|
|
}
|
|
|
|
|
else {
|
2010-01-19 18:19:59 -05:00
|
|
|
|
fail:
|
2006-05-24 18:46:38 -04:00
|
|
|
|
/* failure, clear up the allocated chain and return NULL */
|
2016-10-04 17:26:13 -04:00
|
|
|
|
Curl_cookie_freelist(mainco);
|
2006-05-24 18:46:38 -04:00
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
co = co->next;
|
|
|
|
|
}
|
|
|
|
|
|
2010-01-19 18:19:59 -05:00
|
|
|
|
if(matches) {
|
|
|
|
|
/* Now we need to make sure that if there is a name appearing more than
|
|
|
|
|
once, the longest specified path version comes first. To make this
|
|
|
|
|
the swiftest way, we just sort them all based on path length. */
|
|
|
|
|
struct Cookie **array;
|
2010-01-26 22:43:34 -05:00
|
|
|
|
size_t i;
|
2010-01-19 18:19:59 -05:00
|
|
|
|
|
|
|
|
|
/* alloc an array and store all cookie pointers */
|
2011-06-02 13:42:24 -04:00
|
|
|
|
array = malloc(sizeof(struct Cookie *) * matches);
|
2010-01-19 18:19:59 -05:00
|
|
|
|
if(!array)
|
|
|
|
|
goto fail;
|
|
|
|
|
|
|
|
|
|
co = mainco;
|
|
|
|
|
|
|
|
|
|
for(i=0; co; co = co->next)
|
|
|
|
|
array[i++] = co;
|
|
|
|
|
|
2012-07-09 09:25:34 -04:00
|
|
|
|
/* now sort the cookie pointers in path length order */
|
2010-01-19 18:19:59 -05:00
|
|
|
|
qsort(array, matches, sizeof(struct Cookie *), cookie_sort);
|
|
|
|
|
|
|
|
|
|
/* remake the linked list order according to the new order */
|
|
|
|
|
|
|
|
|
|
mainco = array[0]; /* start here */
|
|
|
|
|
for(i=0; i<matches-1; i++)
|
|
|
|
|
array[i]->next = array[i+1];
|
|
|
|
|
array[matches-1]->next = NULL; /* terminate the list */
|
|
|
|
|
|
|
|
|
|
free(array); /* remove the temporary data again */
|
|
|
|
|
}
|
|
|
|
|
|
2006-05-24 18:46:38 -04:00
|
|
|
|
return mainco; /* return the new list */
|
1999-12-29 09:20:26 -05:00
|
|
|
|
}
|
|
|
|
|
|
2006-05-24 18:46:38 -04:00
|
|
|
|
/*****************************************************************************
|
|
|
|
|
*
|
|
|
|
|
* Curl_cookie_clearall()
|
|
|
|
|
*
|
|
|
|
|
* Clear all existing cookies and reset the counter.
|
|
|
|
|
*
|
|
|
|
|
****************************************************************************/
|
|
|
|
|
void Curl_cookie_clearall(struct CookieInfo *cookies)
|
|
|
|
|
{
|
2007-01-13 18:32:14 -05:00
|
|
|
|
if(cookies) {
|
2016-10-04 17:26:13 -04:00
|
|
|
|
Curl_cookie_freelist(cookies->cookies);
|
2007-01-13 18:32:14 -05:00
|
|
|
|
cookies->cookies = NULL;
|
|
|
|
|
cookies->numcookies = 0;
|
|
|
|
|
}
|
2006-05-24 18:46:38 -04:00
|
|
|
|
}
|
1999-12-29 09:20:26 -05:00
|
|
|
|
|
|
|
|
|
/*****************************************************************************
|
|
|
|
|
*
|
2001-08-23 10:05:25 -04:00
|
|
|
|
* Curl_cookie_freelist()
|
1999-12-29 09:20:26 -05:00
|
|
|
|
*
|
2001-08-23 10:05:25 -04:00
|
|
|
|
* Free a list of cookies previously returned by Curl_cookie_getlist();
|
1999-12-29 09:20:26 -05:00
|
|
|
|
*
|
|
|
|
|
****************************************************************************/
|
|
|
|
|
|
2016-10-04 17:26:13 -04:00
|
|
|
|
void Curl_cookie_freelist(struct Cookie *co)
|
1999-12-29 09:20:26 -05:00
|
|
|
|
{
|
2006-05-24 18:46:38 -04:00
|
|
|
|
struct Cookie *next;
|
2014-12-07 06:22:52 -05:00
|
|
|
|
while(co) {
|
|
|
|
|
next = co->next;
|
2016-10-04 17:26:13 -04:00
|
|
|
|
freecookie(co);
|
2014-12-07 06:22:52 -05:00
|
|
|
|
co = next;
|
2006-05-24 18:46:38 -04:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/*****************************************************************************
|
|
|
|
|
*
|
|
|
|
|
* Curl_cookie_clearsess()
|
|
|
|
|
*
|
|
|
|
|
* Free all session cookies in the cookies list.
|
|
|
|
|
*
|
|
|
|
|
****************************************************************************/
|
|
|
|
|
void Curl_cookie_clearsess(struct CookieInfo *cookies)
|
|
|
|
|
{
|
|
|
|
|
struct Cookie *first, *curr, *next, *prev = NULL;
|
|
|
|
|
|
2009-12-19 14:20:26 -05:00
|
|
|
|
if(!cookies || !cookies->cookies)
|
2006-05-24 18:46:38 -04:00
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
first = curr = prev = cookies->cookies;
|
|
|
|
|
|
|
|
|
|
for(; curr; curr = next) {
|
|
|
|
|
next = curr->next;
|
|
|
|
|
if(!curr->expires) {
|
|
|
|
|
if(first == curr)
|
|
|
|
|
first = next;
|
|
|
|
|
|
|
|
|
|
if(prev == curr)
|
|
|
|
|
prev = next;
|
|
|
|
|
else
|
|
|
|
|
prev->next = next;
|
|
|
|
|
|
2008-01-23 17:22:12 -05:00
|
|
|
|
freecookie(curr);
|
2006-05-24 18:46:38 -04:00
|
|
|
|
cookies->numcookies--;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
prev = curr;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
cookies->cookies = first;
|
1999-12-29 09:20:26 -05:00
|
|
|
|
}
|
|
|
|
|
|
2006-05-24 18:46:38 -04:00
|
|
|
|
|
1999-12-29 09:20:26 -05:00
|
|
|
|
/*****************************************************************************
|
|
|
|
|
*
|
2001-08-23 10:05:25 -04:00
|
|
|
|
* Curl_cookie_cleanup()
|
1999-12-29 09:20:26 -05:00
|
|
|
|
*
|
2014-12-07 06:22:52 -05:00
|
|
|
|
* Free a "cookie object" previous created with Curl_cookie_init().
|
1999-12-29 09:20:26 -05:00
|
|
|
|
*
|
|
|
|
|
****************************************************************************/
|
2001-01-05 05:11:41 -05:00
|
|
|
|
void Curl_cookie_cleanup(struct CookieInfo *c)
|
1999-12-29 09:20:26 -05:00
|
|
|
|
{
|
2006-05-24 18:46:38 -04:00
|
|
|
|
if(c) {
|
2015-03-11 12:41:01 -04:00
|
|
|
|
free(c->filename);
|
2016-10-04 17:26:13 -04:00
|
|
|
|
Curl_cookie_freelist(c->cookies);
|
2006-05-24 18:46:38 -04:00
|
|
|
|
free(c); /* free the base struct as well */
|
|
|
|
|
}
|
1999-12-29 09:20:26 -05:00
|
|
|
|
}
|
|
|
|
|
|
2005-07-27 18:17:14 -04:00
|
|
|
|
/* get_netscape_format()
|
|
|
|
|
*
|
|
|
|
|
* Formats a string for Netscape output file, w/o a newline at the end.
|
|
|
|
|
*
|
|
|
|
|
* Function returns a char * to a formatted line. Has to be free()d
|
|
|
|
|
*/
|
|
|
|
|
static char *get_netscape_format(const struct Cookie *co)
|
|
|
|
|
{
|
2006-05-24 18:46:38 -04:00
|
|
|
|
return aprintf(
|
2008-01-31 07:21:57 -05:00
|
|
|
|
"%s" /* httponly preamble */
|
2006-05-24 18:46:38 -04:00
|
|
|
|
"%s%s\t" /* domain */
|
|
|
|
|
"%s\t" /* tailmatch */
|
|
|
|
|
"%s\t" /* path */
|
|
|
|
|
"%s\t" /* secure */
|
2013-12-31 06:10:25 -05:00
|
|
|
|
"%" CURL_FORMAT_CURL_OFF_T "\t" /* expires */
|
2006-05-24 18:46:38 -04:00
|
|
|
|
"%s\t" /* name */
|
|
|
|
|
"%s", /* value */
|
2008-01-31 07:21:57 -05:00
|
|
|
|
co->httponly?"#HttpOnly_":"",
|
2006-05-24 18:46:38 -04:00
|
|
|
|
/* Make sure all domains are prefixed with a dot if they allow
|
|
|
|
|
tailmatching. This is Mozilla-style. */
|
|
|
|
|
(co->tailmatch && co->domain && co->domain[0] != '.')? ".":"",
|
|
|
|
|
co->domain?co->domain:"unknown",
|
|
|
|
|
co->tailmatch?"TRUE":"FALSE",
|
|
|
|
|
co->path?co->path:"/",
|
|
|
|
|
co->secure?"TRUE":"FALSE",
|
|
|
|
|
co->expires,
|
|
|
|
|
co->name,
|
|
|
|
|
co->value?co->value:"");
|
2005-07-27 18:17:14 -04:00
|
|
|
|
}
|
|
|
|
|
|
2001-08-23 10:05:25 -04:00
|
|
|
|
/*
|
2011-06-03 14:02:07 -04:00
|
|
|
|
* cookie_output()
|
2001-08-23 10:05:25 -04:00
|
|
|
|
*
|
2001-08-29 05:32:18 -04:00
|
|
|
|
* Writes all internally known cookies to the specified file. Specify
|
|
|
|
|
* "-" as file name to write to stdout.
|
2001-08-23 10:05:25 -04:00
|
|
|
|
*
|
2001-08-29 05:32:18 -04:00
|
|
|
|
* The function returns non-zero on write failure.
|
2001-08-23 10:05:25 -04:00
|
|
|
|
*/
|
2011-06-03 14:02:07 -04:00
|
|
|
|
static int cookie_output(struct CookieInfo *c, const char *dumphere)
|
2001-08-23 10:05:25 -04:00
|
|
|
|
{
|
|
|
|
|
struct Cookie *co;
|
2001-08-29 05:32:18 -04:00
|
|
|
|
FILE *out;
|
|
|
|
|
bool use_stdout=FALSE;
|
2016-03-03 15:14:36 -05:00
|
|
|
|
char *format_ptr;
|
2001-08-29 05:32:18 -04:00
|
|
|
|
|
2001-09-10 03:43:08 -04:00
|
|
|
|
if((NULL == c) || (0 == c->numcookies))
|
2001-08-29 05:32:18 -04:00
|
|
|
|
/* If there are no known cookies, we don't write or even create any
|
|
|
|
|
destination file */
|
|
|
|
|
return 0;
|
|
|
|
|
|
2013-09-17 02:51:22 -04:00
|
|
|
|
/* at first, remove expired cookies */
|
|
|
|
|
remove_expired(c);
|
|
|
|
|
|
2016-09-30 11:15:05 -04:00
|
|
|
|
if(!strcmp("-", dumphere)) {
|
2001-08-29 05:32:18 -04:00
|
|
|
|
/* use stdout */
|
|
|
|
|
out = stdout;
|
|
|
|
|
use_stdout=TRUE;
|
|
|
|
|
}
|
|
|
|
|
else {
|
2015-06-01 03:20:18 -04:00
|
|
|
|
out = fopen(dumphere, FOPEN_WRITETEXT);
|
2001-08-29 05:32:18 -04:00
|
|
|
|
if(!out)
|
|
|
|
|
return 1; /* failure */
|
|
|
|
|
}
|
|
|
|
|
|
2016-03-03 15:14:36 -05:00
|
|
|
|
fputs("# Netscape HTTP Cookie File\n"
|
|
|
|
|
"# https://curl.haxx.se/docs/http-cookies.html\n"
|
|
|
|
|
"# This file was generated by libcurl! Edit at your own risk.\n\n",
|
|
|
|
|
out);
|
2004-05-12 08:04:38 -04:00
|
|
|
|
|
2016-03-03 15:14:36 -05:00
|
|
|
|
for(co = c->cookies; co; co = co->next) {
|
|
|
|
|
if(!co->domain)
|
|
|
|
|
continue;
|
|
|
|
|
format_ptr = get_netscape_format(co);
|
|
|
|
|
if(format_ptr == NULL) {
|
|
|
|
|
fprintf(out, "#\n# Fatal libcurl error\n");
|
|
|
|
|
if(!use_stdout)
|
|
|
|
|
fclose(out);
|
2016-07-12 16:44:31 -04:00
|
|
|
|
return 1;
|
2001-08-23 10:05:25 -04:00
|
|
|
|
}
|
2016-03-03 15:14:36 -05:00
|
|
|
|
fprintf(out, "%s\n", format_ptr);
|
|
|
|
|
free(format_ptr);
|
2001-08-23 10:05:25 -04:00
|
|
|
|
}
|
2001-08-29 05:32:18 -04:00
|
|
|
|
|
|
|
|
|
if(!use_stdout)
|
|
|
|
|
fclose(out);
|
|
|
|
|
|
|
|
|
|
return 0;
|
2001-08-23 10:05:25 -04:00
|
|
|
|
}
|
|
|
|
|
|
2016-06-21 09:47:12 -04:00
|
|
|
|
struct curl_slist *Curl_cookie_list(struct Curl_easy *data)
|
2005-07-27 18:17:14 -04:00
|
|
|
|
{
|
2005-07-28 17:49:58 -04:00
|
|
|
|
struct curl_slist *list = NULL;
|
|
|
|
|
struct curl_slist *beg;
|
|
|
|
|
struct Cookie *c;
|
|
|
|
|
char *line;
|
2005-07-27 18:17:14 -04:00
|
|
|
|
|
2007-11-07 04:21:35 -05:00
|
|
|
|
if((data->cookies == NULL) ||
|
2005-07-28 17:49:58 -04:00
|
|
|
|
(data->cookies->numcookies == 0))
|
|
|
|
|
return NULL;
|
2005-07-27 18:17:14 -04:00
|
|
|
|
|
2015-06-18 19:35:04 -04:00
|
|
|
|
for(c = data->cookies->cookies; c; c = c->next) {
|
2015-06-03 21:48:47 -04:00
|
|
|
|
if(!c->domain)
|
|
|
|
|
continue;
|
2005-07-28 17:49:58 -04:00
|
|
|
|
line = get_netscape_format(c);
|
2011-10-07 14:50:57 -04:00
|
|
|
|
if(!line) {
|
|
|
|
|
curl_slist_free_all(list);
|
2005-07-28 17:49:58 -04:00
|
|
|
|
return NULL;
|
|
|
|
|
}
|
2013-07-15 10:53:43 -04:00
|
|
|
|
beg = Curl_slist_append_nodup(list, line);
|
2011-10-07 14:50:57 -04:00
|
|
|
|
if(!beg) {
|
2013-07-15 10:53:43 -04:00
|
|
|
|
free(line);
|
2011-10-07 14:50:57 -04:00
|
|
|
|
curl_slist_free_all(list);
|
2007-04-07 00:51:35 -04:00
|
|
|
|
return NULL;
|
|
|
|
|
}
|
2011-10-07 14:50:57 -04:00
|
|
|
|
list = beg;
|
2005-07-28 17:49:58 -04:00
|
|
|
|
}
|
2005-07-27 18:17:14 -04:00
|
|
|
|
|
2005-07-28 17:49:58 -04:00
|
|
|
|
return list;
|
2005-07-27 18:17:14 -04:00
|
|
|
|
}
|
|
|
|
|
|
2016-06-21 09:47:12 -04:00
|
|
|
|
void Curl_flush_cookies(struct Curl_easy *data, int cleanup)
|
2011-04-04 09:46:42 -04:00
|
|
|
|
{
|
|
|
|
|
if(data->set.str[STRING_COOKIEJAR]) {
|
|
|
|
|
if(data->change.cookielist) {
|
|
|
|
|
/* If there is a list of cookie files to read, do it first so that
|
|
|
|
|
we have all the told files read before we write the new jar.
|
|
|
|
|
Curl_cookie_loadfiles() LOCKS and UNLOCKS the share itself! */
|
|
|
|
|
Curl_cookie_loadfiles(data);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE);
|
|
|
|
|
|
|
|
|
|
/* if we have a destination file for all the cookies to get dumped to */
|
2011-06-03 14:02:07 -04:00
|
|
|
|
if(cookie_output(data->cookies, data->set.str[STRING_COOKIEJAR]))
|
2011-04-04 09:46:42 -04:00
|
|
|
|
infof(data, "WARNING: failed to save cookies in %s\n",
|
|
|
|
|
data->set.str[STRING_COOKIEJAR]);
|
|
|
|
|
}
|
|
|
|
|
else {
|
2011-10-07 14:50:57 -04:00
|
|
|
|
if(cleanup && data->change.cookielist) {
|
2011-04-04 09:46:42 -04:00
|
|
|
|
/* since nothing is written, we can just free the list of cookie file
|
|
|
|
|
names */
|
|
|
|
|
curl_slist_free_all(data->change.cookielist); /* clean up list */
|
2011-10-07 14:50:57 -04:00
|
|
|
|
data->change.cookielist = NULL;
|
|
|
|
|
}
|
2011-04-04 09:46:42 -04:00
|
|
|
|
Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if(cleanup && (!data->share || (data->cookies != data->share->cookies))) {
|
|
|
|
|
Curl_cookie_cleanup(data->cookies);
|
|
|
|
|
}
|
|
|
|
|
Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE);
|
|
|
|
|
}
|
|
|
|
|
|
2004-12-05 18:59:32 -05:00
|
|
|
|
#endif /* CURL_DISABLE_HTTP || CURL_DISABLE_COOKIES */
|