1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-21 23:58:49 -05:00

cookies: allow spaces in cookie names, cut of trailing spaces

It turns out Firefox and Chrome both allow spaces in cookie names and
there are sites out there using that.

Turned out the code meant to strip off trailing space from cookie names
didn't work. Fixed now.

Test case 8 modified to verify both these changes.

Closes #639
This commit is contained in:
Daniel Stenberg 2016-02-08 15:48:18 +01:00
parent c4303fd5bb
commit 18c735e790
2 changed files with 19 additions and 8 deletions

View File

@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
* Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@ -417,7 +417,7 @@ Curl_cookie_add(struct SessionHandle *data,
do {
/* we have a <what>=<this> pair or a stand-alone word here */
name[0]=what[0]=0; /* init the buffers */
if(1 <= sscanf(ptr, "%" MAX_NAME_TXT "[^;\r\n =] =%"
if(1 <= sscanf(ptr, "%" MAX_NAME_TXT "[^;\r\n=] =%"
MAX_COOKIE_LINE_TXT "[^;\r\n]",
name, what)) {
/* Use strstore() below to properly deal with received cookie
@ -427,15 +427,24 @@ Curl_cookie_add(struct SessionHandle *data,
bool done = FALSE;
bool sep;
size_t len=strlen(what);
const char *endofn = &ptr[ strlen(name) ];
/* skip trailing spaces in name */
while(*endofn && ISBLANK(*endofn))
endofn++;
size_t nlen = strlen(name);
const char *endofn = &ptr[ nlen ];
/* name ends with a '=' ? */
sep = (*endofn == '=')?TRUE:FALSE;
if(nlen) {
endofn--; /* move to the last character */
if(ISBLANK(*endofn)) {
/* skip trailing spaces in name */
while(*endofn && ISBLANK(*endofn) && nlen) {
endofn--;
nlen--;
}
name[nlen]=0; /* new end of name */
}
}
/* Strip off trailing whitespace from the 'what' */
while(len && ISBLANK(what[len-1])) {
what[len-1]=0;

View File

@ -41,6 +41,8 @@ Set-Cookie: partmatch=present; domain=.0.0.1; path=/w;
Set-Cookie: duplicate=test; domain=.0.0.1; domain=.0.0.1; path=/donkey;
Set-Cookie: cookie=yes; path=/we;
Set-Cookie: cookie=perhaps; path=/we/want;
Set-Cookie: name with space=is weird but; path=/we/want;
Set-Cookie: trailingspace = removed; path=/we/want;
Set-Cookie: nocookie=yes; path=/WE;
Set-Cookie: blexp=yesyes; domain=%HOSTIP; domain=%HOSTIP; expiry=totally bad;
Set-Cookie: partialip=nono; domain=.0.0.1;
@ -60,7 +62,7 @@ perl -e 'if ("%HOSTIP" !~ /\.0\.0\.1$/) {print "Test only works for HOSTIPs endi
GET /we/want/8 HTTP/1.1
Host: %HOSTIP:%HTTPPORT
Accept: */*
Cookie: cookie=perhaps; cookie=yes; foobar=name; blexp=yesyes
Cookie: cookie=perhaps; name with space=is weird but; trailingspace=removed; cookie=yes; foobar=name; blexp=yesyes
</protocol>
</verify>