cookie: handle spaces after the name in Set-Cookie

"name =value" is fine and the space should just be skipped. Updated test 31 to also test for this. Bug: https://github.com/bagder/curl/issues/195 Reported-by: cromestant Help-by: Frank Gevaerts
2025-02-28 17:31:46 -05:00 · 2015-04-01 23:25:29 +02:00 · 2015-04-01 23:25:29 +02:00 · 2685041a5c
commit 2685041a5c
parent b121633402
2 changed files with 9 additions and 1 deletions
--- a/lib/cookie.c
+++ b/lib/cookie.c
@ -407,7 +407,7 @@ Curl_cookie_add(struct SessionHandle *data,
    do {
      /* we have a <what>=<this> pair or a stand-alone word here */
      name[0]=what[0]=0; /* init the buffers */
-      if(1 <= sscanf(ptr, "%" MAX_NAME_TXT "[^;\r\n =]=%"
+      if(1 <= sscanf(ptr, "%" MAX_NAME_TXT "[^;\r\n =] =%"
                     MAX_COOKIE_LINE_TXT "[^;\r\n]",
                     name, what)) {
        /* Use strstore() below to properly deal with received cookie
--- a/tests/data/test31
+++ b/tests/data/test31
@ -53,6 +53,10 @@ Set-Cookie: test2=yes; domain=se; expires=Sat Feb 2 11:56:27 GMT 2030
 Set-Cookie: magic=yessir; path=/silly/; HttpOnly
 Set-Cookie: blexp=yesyes; domain=127.0.0.1; domain=127.0.0.1; expiry=totally bad;
 Set-Cookie: partialip=nono; domain=.0.0.1;
+Set-Cookie: withspaces=  yes  within and around    ;
+Set-Cookie: withspaces2 =before equals;
+Set-Cookie: prespace=  yes before;
+Set-Cookie: securewithspace=after    ; secure =

 boo
 </data>
@ -124,6 +128,10 @@ Accept: */*
 127.0.0.1	FALSE	/we/want/	FALSE	2054030187	nodomain	value
 #HttpOnly_127.0.0.1	FALSE	/silly/	FALSE	0	magic	yessir
 127.0.0.1	FALSE	/we/want/	FALSE	0	blexp	yesyes
+127.0.0.1	FALSE	/we/want/	FALSE	0	withspaces	yes  within and around
+127.0.0.1	FALSE	/we/want/	FALSE	0	withspaces2	before equals
+127.0.0.1	FALSE	/we/want/	FALSE	0	prespace	yes before
+127.0.0.1	FALSE	/we/want/	TRUE	0	securewithspace	after
 </file>
 </verify>
 </testcase>