moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2024-08-13 17:03:50 -04:00
Code Issues Releases Wiki Activity

- John P. McCaskey posted a bug report that showed how libcurl did wrong when

Browse Source 
saving received cookies with no given path, if the path in the request had a
  query part. That is means a question mark (?) and characters on the right
  side of that. I wrote test case 1105 and fixed this problem.
This commit is contained in:
Daniel Stenberg 2009-09-26 20:51:51 +00:00
parent 8d39a31e89
commit 4f47fc4e14
5 changed files with 43 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGES
View File

@ -6,6 +6,12 @@
Changelog Changelog
Daniel Stenberg (26 Sep 2009)
- John P. McCaskey posted a bug report that showed how libcurl did wrong when
saving received cookies with no given path, if the path in the request had a
query part. That is means a question mark (?) and characters on the right
side of that. I wrote test case 1105 and fixed this problem.
Kamil Dudka (26 Sep 2009) Kamil Dudka (26 Sep 2009)
- Implemented a protocol independent way to specify blocking direction, used by - Implemented a protocol independent way to specify blocking direction, used by
transfer.c for blocking. It is currently used only by SCP and SFTP protocols. transfer.c for blocking. It is currently used only by SCP and SFTP protocols.

4
RELEASE-NOTES
View File

@ -30,6 +30,8 @@ This release includes the following bugfixes:
o cookie expiry date at 1970-jan-1 00:00:00 o cookie expiry date at 1970-jan-1 00:00:00
o libcurl-OpenSSL failed to verify some certs with Subject Alternative Name o libcurl-OpenSSL failed to verify some certs with Subject Alternative Name
o libcurl-OpenSSL can load CRL files with more than one certificate inside o libcurl-OpenSSL can load CRL files with more than one certificate inside
o received cookies without explicit path got saved wrong if the URL had a
query part
This release includes the following known bugs: This release includes the following known bugs:
@ -40,6 +42,6 @@ advice from friends like these:
Karl Moerder, Kamil Dudka, Krister Johansen, Andre Guibert de Bruet, Karl Moerder, Kamil Dudka, Krister Johansen, Andre Guibert de Bruet,
Michal Marek, Eric Wong, Guenter Knauf, Peter Sylvester, Daniel Johnson, Michal Marek, Eric Wong, Guenter Knauf, Peter Sylvester, Daniel Johnson,
Claes Jakobsson, Sven Anders, Chris Mumford Claes Jakobsson, Sven Anders, Chris Mumford, John P. McCaskey
Thanks! (and sorry if I forgot to mention someone) Thanks! (and sorry if I forgot to mention someone)

36
lib/cookie.c
View File

@ -167,6 +167,24 @@ static void strstore(char **str, const char *newstr)
*str = strdup(newstr); *str = strdup(newstr);
} }
/*
* The memrchr() function is like the memchr() function, except that it
* searches backwards from the end of the n bytes pointed to by s instead of
* forwards from the front.
*
* Exists in glibc but is not widely available on other systems.
*/
static void *memrchr(const char *s, int c, size_t n)
{
while(n--) {
if(s[n] == c)
return &s[n];
}
return NULL;
}
/**************************************************************************** /****************************************************************************
* *
* Curl_cookie_add() * Curl_cookie_add()
@ -186,8 +204,8 @@ Curl_cookie_add(struct SessionHandle *data,
char *lineptr, /* first character of the line */ char *lineptr, /* first character of the line */
const char *domain, /* default domain */ const char *domain, /* default domain */
const char *path) /* full path used when this cookie is set, const char *path) /* full path used when this cookie is set,
used to get default path for the cookie used to get default path for the cookie
unless set */ unless set */
{ {
struct Cookie *clist; struct Cookie *clist;
char name[MAX_NAME]; char name[MAX_NAME];
@ -429,8 +447,18 @@ Curl_cookie_add(struct SessionHandle *data,
} }
if(!badcookie && !co->path && path) { if(!badcookie && !co->path && path) {
/* no path was given in the header line, set the default */ /* No path was given in the header line, set the default.
char *endslash = strrchr(path, '/'); Note that the passed-in path to this function MAY have a '?' and
following part that MUST not be stored as part of the path. */
char *queryp = strchr(path, '?');
/* queryp is where the interesting part of the path ends, so now we
want to the find the last */
char *endslash;
if(!queryp)
endslash = strrchr(path, '/');
else
endslash = memrchr(path, '/', queryp - path);
if(endslash) { if(endslash) {
size_t pathlen = endslash-path+1; /* include the ending slash */ size_t pathlen = endslash-path+1; /* include the ending slash */
co->path=malloc(pathlen+1); /* one extra for the zero byte */ co->path=malloc(pathlen+1); /* one extra for the zero byte */

2
tests/data/DISABLED
View File

@ -5,4 +5,4 @@
# Lines starting with '#' letters are treated as comments. # Lines starting with '#' letters are treated as comments.
563 563
564 564
1105

3
tests/data/test1105
View File

@ -55,10 +55,9 @@ userid=myname&password=mypassword
# http://curl.haxx.se/rfc/cookie_spec.html # http://curl.haxx.se/rfc/cookie_spec.html
# This file was generated by libcurl! Edit at your own risk. # This file was generated by libcurl! Edit at your own risk.
127.0.0.1 FALSE /we/want FALSE 0 foobar name 127.0.0.1 FALSE /we/want/ FALSE 0 foobar name
.127.0.0.1 TRUE "/silly/" FALSE 0 mismatch this .127.0.0.1 TRUE "/silly/" FALSE 0 mismatch this
.0.0.1 TRUE / FALSE 0 partmatch present .0.0.1 TRUE / FALSE 0 partmatch present
</file> </file>
</verify> </verify>
</testcase> </testcase>