moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2024-12-22 08:08:50 -05:00
Code Issues Releases Wiki Activity

cookies: allow spaces in cookie names, cut of trailing spaces

Browse Source 
It turns out Firefox and Chrome both allow spaces in cookie names and
there are sites out there using that.

Turned out the code meant to strip off trailing space from cookie names
didn't work. Fixed now.

Test case 8 modified to verify both these changes.

Closes #639
This commit is contained in:
Daniel Stenberg 2016-02-08 15:48:18 +01:00
parent c4303fd5bb
commit 18c735e790
2 changed files with 19 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
lib/cookie.c
View File

@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___ * | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____| * \___|\___/|_| \_\_____|
* *
* Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
* *
* This software is licensed as described in the file COPYING, which * This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms * you should have received as part of this distribution. The terms
@ -417,7 +417,7 @@ Curl_cookie_add(struct SessionHandle *data,
do { do {
/* we have a <what>=<this> pair or a stand-alone word here */ /* we have a <what>=<this> pair or a stand-alone word here */
name[0]=what[0]=0; /* init the buffers */ name[0]=what[0]=0; /* init the buffers */
if(1 <= sscanf(ptr, "%" MAX_NAME_TXT "[^;\r\n =] =%" if(1 <= sscanf(ptr, "%" MAX_NAME_TXT "[^;\r\n=] =%"
MAX_COOKIE_LINE_TXT "[^;\r\n]", MAX_COOKIE_LINE_TXT "[^;\r\n]",
name, what)) { name, what)) {
/* Use strstore() below to properly deal with received cookie /* Use strstore() below to properly deal with received cookie
@ -427,15 +427,24 @@ Curl_cookie_add(struct SessionHandle *data,
bool done = FALSE; bool done = FALSE;
bool sep; bool sep;
size_t len=strlen(what); size_t len=strlen(what);
const char *endofn = &ptr[ strlen(name) ]; size_t nlen = strlen(name);
const char *endofn = &ptr[ nlen ];
/* skip trailing spaces in name */
while(*endofn && ISBLANK(*endofn))
endofn++;
/* name ends with a '=' ? */ /* name ends with a '=' ? */
sep = (*endofn == '=')?TRUE:FALSE; sep = (*endofn == '=')?TRUE:FALSE;
if(nlen) {
endofn--; /* move to the last character */
if(ISBLANK(*endofn)) {
/* skip trailing spaces in name */
while(*endofn && ISBLANK(*endofn) && nlen) {
endofn--;
nlen--;
}
name[nlen]=0; /* new end of name */
}
}
/* Strip off trailing whitespace from the 'what' */ /* Strip off trailing whitespace from the 'what' */
while(len && ISBLANK(what[len-1])) { while(len && ISBLANK(what[len-1])) {
what[len-1]=0; what[len-1]=0;

4
tests/data/test8
View File

@ -41,6 +41,8 @@ Set-Cookie: partmatch=present; domain=.0.0.1; path=/w;
Set-Cookie: duplicate=test; domain=.0.0.1; domain=.0.0.1; path=/donkey; Set-Cookie: duplicate=test; domain=.0.0.1; domain=.0.0.1; path=/donkey;
Set-Cookie: cookie=yes; path=/we; Set-Cookie: cookie=yes; path=/we;
Set-Cookie: cookie=perhaps; path=/we/want; Set-Cookie: cookie=perhaps; path=/we/want;
Set-Cookie: name with space=is weird but; path=/we/want;
Set-Cookie: trailingspace = removed; path=/we/want;
Set-Cookie: nocookie=yes; path=/WE; Set-Cookie: nocookie=yes; path=/WE;
Set-Cookie: blexp=yesyes; domain=%HOSTIP; domain=%HOSTIP; expiry=totally bad; Set-Cookie: blexp=yesyes; domain=%HOSTIP; domain=%HOSTIP; expiry=totally bad;
Set-Cookie: partialip=nono; domain=.0.0.1; Set-Cookie: partialip=nono; domain=.0.0.1;
@ -60,7 +62,7 @@ perl -e 'if ("%HOSTIP" !~ /\.0\.0\.1$/) {print "Test only works for HOSTIPs endi
GET /we/want/8 HTTP/1.1 GET /we/want/8 HTTP/1.1
Host: %HOSTIP:%HTTPPORT Host: %HOSTIP:%HTTPPORT
Accept: */* Accept: */*
Cookie: cookie=perhaps; cookie=yes; foobar=name; blexp=yesyes Cookie: cookie=perhaps; name with space=is weird but; trailingspace=removed; cookie=yes; foobar=name; blexp=yesyes
</protocol> </protocol>
</verify> </verify>