David Cohen pointed out that RFC2109 says clients should allow cookies to

contain least 4096 bytes while libcurl only allowed 2047. I raised the limit to 4999 now and made the used buffer get malloc()ed instead of simply allocated on stack as before.
2024-11-11 20:15:03 -05:00 · 2004-06-22 21:15:51 +00:00 · 2004-06-22 21:15:51 +00:00 · 35558e6bd7
commit 35558e6bd7
parent 7659747e6f
2 changed files with 29 additions and 13 deletions
--- a/lib/cookie.c
+++ b/lib/cookie.c
@ -149,7 +149,7 @@ Curl_cookie_add(struct SessionHandle *data,
                                    unless set */
 {
  struct Cookie *clist;
-  char what[MAX_COOKIE_LINE];
+  char *what;
  char name[MAX_NAME];
  char *ptr;
  char *semiptr;
@ -167,6 +167,13 @@ Curl_cookie_add(struct SessionHandle *data,
  if(httpheader) {
    /* This line was read off a HTTP-header */
    char *sep;
    what = malloc(MAX_COOKIE_LINE);
    if(!what) {
      free(co);
      return NULL;
    }
    semiptr=strchr(lineptr, ';'); /* first, find a semicolon */
    while(*lineptr && isspace((int)*lineptr))
@ -387,6 +394,8 @@ Curl_cookie_add(struct SessionHandle *data,
      }
    }
    free(what);
    if(badcookie || !co->name) {
      /* we didn't get a cookie name or a bad one,
         this is an illegal line, bail out */
--- a/lib/cookie.h
+++ b/lib/cookie.h
@ -1,10 +1,10 @@
 #ifndef __COOKIE_H
 #define __COOKIE_H
 /***************************************************************************
- *                                  _   _ ____  _     
+ *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |    
+ *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |    
+ *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___ 
+ *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
 * Copyright (C) 1998 - 2004, Daniel Stenberg, <daniel@haxx.se>, et al.
@ -12,7 +12,7 @@
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
 * are also available at http://curl.haxx.se/docs/copyright.html.
- * 
+ *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
 * furnished to do so, under the terms of the COPYING file.
@ -41,11 +41,11 @@ struct Cookie {
  long expires;    /* expires = <this> */
  char *expirestr;   /* the plain text version */
  bool tailmatch;    /* weather we do tail-matchning of the domain name */
-  
+
  /* RFC 2109 keywords. Version=1 means 2109-compliant cookie sending */
  char *version;     /* Version = <value> */
  char *maxage;      /* Max-Age = <value> */
-  
+
  bool secure;       /* whether the 'secure' keyword was used */
  bool livecookie;   /* updated from a server, not a stored file */
 };
@ -60,13 +60,20 @@ struct CookieInfo {
  bool newsession; /* new session, discard session cookies on load */
 };
-/* This is the maximum line length we accept for a cookie line */
+/* This is the maximum line length we accept for a cookie line. RFC 2109
-#define MAX_COOKIE_LINE 2048
+   section 6.3 says:
-#define MAX_COOKIE_LINE_TXT "2047"
+
   "at least 4096 bytes per cookie (as measured by the size of the characters
   that comprise the cookie non-terminal in the syntax description of the
   Set-Cookie header)"
 */
 #define MAX_COOKIE_LINE 5000
 #define MAX_COOKIE_LINE_TXT "4999"
 /* This is the maximum length of a cookie name we deal with: */
-#define MAX_NAME 256
+#define MAX_NAME 1024
-#define MAX_NAME_TXT "255"
+#define MAX_NAME_TXT "1023"
 struct SessionHandle;
 /*