- John P. McCaskey posted a bug report that showed how libcurl did wrong when

saving received cookies with no given path, if the path in the request had a
  query part. That is means a question mark (?) and characters on the right
  side of that. I wrote test case 1105 and fixed this problem.
This commit is contained in:
Daniel Stenberg 2009-09-26 20:51:51 +00:00
parent 8d39a31e89
commit 4f47fc4e14
5 changed files with 43 additions and 8 deletions

View File

@ -6,6 +6,12 @@
Changelog
Daniel Stenberg (26 Sep 2009)
- John P. McCaskey posted a bug report that showed how libcurl did wrong when
saving received cookies with no given path, if the path in the request had a
query part. That is means a question mark (?) and characters on the right
side of that. I wrote test case 1105 and fixed this problem.
Kamil Dudka (26 Sep 2009)
- Implemented a protocol independent way to specify blocking direction, used by
transfer.c for blocking. It is currently used only by SCP and SFTP protocols.

View File

@ -30,6 +30,8 @@ This release includes the following bugfixes:
o cookie expiry date at 1970-jan-1 00:00:00
o libcurl-OpenSSL failed to verify some certs with Subject Alternative Name
o libcurl-OpenSSL can load CRL files with more than one certificate inside
o received cookies without explicit path got saved wrong if the URL had a
query part
This release includes the following known bugs:
@ -40,6 +42,6 @@ advice from friends like these:
Karl Moerder, Kamil Dudka, Krister Johansen, Andre Guibert de Bruet,
Michal Marek, Eric Wong, Guenter Knauf, Peter Sylvester, Daniel Johnson,
Claes Jakobsson, Sven Anders, Chris Mumford
Claes Jakobsson, Sven Anders, Chris Mumford, John P. McCaskey
Thanks! (and sorry if I forgot to mention someone)

View File

@ -167,6 +167,24 @@ static void strstore(char **str, const char *newstr)
*str = strdup(newstr);
}
/*
* The memrchr() function is like the memchr() function, except that it
* searches backwards from the end of the n bytes pointed to by s instead of
* forwards from the front.
*
* Exists in glibc but is not widely available on other systems.
*/
static void *memrchr(const char *s, int c, size_t n)
{
while(n--) {
if(s[n] == c)
return &s[n];
}
return NULL;
}
/****************************************************************************
*
* Curl_cookie_add()
@ -186,8 +204,8 @@ Curl_cookie_add(struct SessionHandle *data,
char *lineptr, /* first character of the line */
const char *domain, /* default domain */
const char *path) /* full path used when this cookie is set,
used to get default path for the cookie
unless set */
used to get default path for the cookie
unless set */
{
struct Cookie *clist;
char name[MAX_NAME];
@ -429,8 +447,18 @@ Curl_cookie_add(struct SessionHandle *data,
}
if(!badcookie && !co->path && path) {
/* no path was given in the header line, set the default */
char *endslash = strrchr(path, '/');
/* No path was given in the header line, set the default.
Note that the passed-in path to this function MAY have a '?' and
following part that MUST not be stored as part of the path. */
char *queryp = strchr(path, '?');
/* queryp is where the interesting part of the path ends, so now we
want to the find the last */
char *endslash;
if(!queryp)
endslash = strrchr(path, '/');
else
endslash = memrchr(path, '/', queryp - path);
if(endslash) {
size_t pathlen = endslash-path+1; /* include the ending slash */
co->path=malloc(pathlen+1); /* one extra for the zero byte */

View File

@ -5,4 +5,4 @@
# Lines starting with '#' letters are treated as comments.
563
564
1105

View File

@ -55,10 +55,9 @@ userid=myname&password=mypassword
# http://curl.haxx.se/rfc/cookie_spec.html
# This file was generated by libcurl! Edit at your own risk.
127.0.0.1 FALSE /we/want FALSE 0 foobar name
127.0.0.1 FALSE /we/want/ FALSE 0 foobar name
.127.0.0.1 TRUE "/silly/" FALSE 0 mismatch this
.0.0.1 TRUE / FALSE 0 partmatch present
</file>
</verify>
</testcase>