- John P. McCaskey posted a bug report that showed how libcurl did wrong when
saving received cookies with no given path, if the path in the request had a query part. That is means a question mark (?) and characters on the right side of that. I wrote test case 1105 and fixed this problem.
This commit is contained in:
parent
8d39a31e89
commit
4f47fc4e14
6
CHANGES
6
CHANGES
@ -6,6 +6,12 @@
|
||||
|
||||
Changelog
|
||||
|
||||
Daniel Stenberg (26 Sep 2009)
|
||||
- John P. McCaskey posted a bug report that showed how libcurl did wrong when
|
||||
saving received cookies with no given path, if the path in the request had a
|
||||
query part. That is means a question mark (?) and characters on the right
|
||||
side of that. I wrote test case 1105 and fixed this problem.
|
||||
|
||||
Kamil Dudka (26 Sep 2009)
|
||||
- Implemented a protocol independent way to specify blocking direction, used by
|
||||
transfer.c for blocking. It is currently used only by SCP and SFTP protocols.
|
||||
|
@ -30,6 +30,8 @@ This release includes the following bugfixes:
|
||||
o cookie expiry date at 1970-jan-1 00:00:00
|
||||
o libcurl-OpenSSL failed to verify some certs with Subject Alternative Name
|
||||
o libcurl-OpenSSL can load CRL files with more than one certificate inside
|
||||
o received cookies without explicit path got saved wrong if the URL had a
|
||||
query part
|
||||
|
||||
This release includes the following known bugs:
|
||||
|
||||
@ -40,6 +42,6 @@ advice from friends like these:
|
||||
|
||||
Karl Moerder, Kamil Dudka, Krister Johansen, Andre Guibert de Bruet,
|
||||
Michal Marek, Eric Wong, Guenter Knauf, Peter Sylvester, Daniel Johnson,
|
||||
Claes Jakobsson, Sven Anders, Chris Mumford
|
||||
Claes Jakobsson, Sven Anders, Chris Mumford, John P. McCaskey
|
||||
|
||||
Thanks! (and sorry if I forgot to mention someone)
|
||||
|
36
lib/cookie.c
36
lib/cookie.c
@ -167,6 +167,24 @@ static void strstore(char **str, const char *newstr)
|
||||
*str = strdup(newstr);
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* The memrchr() function is like the memchr() function, except that it
|
||||
* searches backwards from the end of the n bytes pointed to by s instead of
|
||||
* forwards from the front.
|
||||
*
|
||||
* Exists in glibc but is not widely available on other systems.
|
||||
*/
|
||||
static void *memrchr(const char *s, int c, size_t n)
|
||||
{
|
||||
while(n--) {
|
||||
if(s[n] == c)
|
||||
return &s[n];
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
/****************************************************************************
|
||||
*
|
||||
* Curl_cookie_add()
|
||||
@ -186,8 +204,8 @@ Curl_cookie_add(struct SessionHandle *data,
|
||||
char *lineptr, /* first character of the line */
|
||||
const char *domain, /* default domain */
|
||||
const char *path) /* full path used when this cookie is set,
|
||||
used to get default path for the cookie
|
||||
unless set */
|
||||
used to get default path for the cookie
|
||||
unless set */
|
||||
{
|
||||
struct Cookie *clist;
|
||||
char name[MAX_NAME];
|
||||
@ -429,8 +447,18 @@ Curl_cookie_add(struct SessionHandle *data,
|
||||
}
|
||||
|
||||
if(!badcookie && !co->path && path) {
|
||||
/* no path was given in the header line, set the default */
|
||||
char *endslash = strrchr(path, '/');
|
||||
/* No path was given in the header line, set the default.
|
||||
Note that the passed-in path to this function MAY have a '?' and
|
||||
following part that MUST not be stored as part of the path. */
|
||||
char *queryp = strchr(path, '?');
|
||||
|
||||
/* queryp is where the interesting part of the path ends, so now we
|
||||
want to the find the last */
|
||||
char *endslash;
|
||||
if(!queryp)
|
||||
endslash = strrchr(path, '/');
|
||||
else
|
||||
endslash = memrchr(path, '/', queryp - path);
|
||||
if(endslash) {
|
||||
size_t pathlen = endslash-path+1; /* include the ending slash */
|
||||
co->path=malloc(pathlen+1); /* one extra for the zero byte */
|
||||
|
@ -5,4 +5,4 @@
|
||||
# Lines starting with '#' letters are treated as comments.
|
||||
563
|
||||
564
|
||||
1105
|
||||
|
||||
|
@ -55,10 +55,9 @@ userid=myname&password=mypassword
|
||||
# http://curl.haxx.se/rfc/cookie_spec.html
|
||||
# This file was generated by libcurl! Edit at your own risk.
|
||||
|
||||
127.0.0.1 FALSE /we/want FALSE 0 foobar name
|
||||
127.0.0.1 FALSE /we/want/ FALSE 0 foobar name
|
||||
.127.0.0.1 TRUE "/silly/" FALSE 0 mismatch this
|
||||
.0.0.1 TRUE / FALSE 0 partmatch present
|
||||
|
||||
</file>
|
||||
</verify>
|
||||
</testcase>
|
||||
|
Loading…
Reference in New Issue
Block a user