Commit Graph

120 Commits

Author SHA1 Message Date
Daniel Stenberg
49465fffdb cookies: tricked dotcounter fixed
Providing multiple dots in a series in the domain field (domain=..com) could
trick the cookie engine to wrongly accept the cookie believing it to be
fine. Since the tailmatching would then match all .com sites, the cookie would
then be sent to all of them.

The code now requires at least one letter between each dot for them to be
counted. Edited test case 61 to verify this.
2010-12-23 22:52:32 +01:00
Yang Tse
5db0a412ff atoi: remove atoi usage 2010-11-28 23:11:14 +01:00
Daniel Stenberg
2309b4e330 remove the CVSish $Id$ lines 2010-03-24 11:02:54 +01:00
Yang Tse
87428e07ca fix compiler warning 2010-02-26 01:47:21 +00:00
Yang Tse
d65cf7889b fix printf-style format strings 2010-01-28 15:34:18 +00:00
Yang Tse
bbefdf88fd fix compiler warning 2010-01-27 03:43:34 +00:00
Daniel Stenberg
877dad1e24 - As was pointed out on the http-state mailing list, the order of cookies in a
HTTP Cookie: header _needs_ to be sorted on the path length in the cases
  where two cookies using the same name are set more than once using
  (overlapping) paths. Realizing this, identically named cookies must be
  sorted correctly. But detecting only identically named cookies and take care
  of them individually is harder than just to blindly and unconditionally sort
  all cookies based on their path lengths. All major browsers also already do
  this, so this makes our behavior one step closer to them in the cookie area.

  Test case 8 was the only one that broke due to this change and I updated it
  accordingly.
2010-01-19 23:19:59 +00:00
Daniel Stenberg
240fa29e94 fixed a precaution check in the cookie code, pointed out by Julien Chaffraix 2009-12-19 19:20:26 +00:00
Yang Tse
59939313f8 Make usage of calloc()'s arguments consistent with rest of code base 2009-11-18 10:33:54 +00:00
Daniel Stenberg
448d2b5f49 - Dima Barsky made the curl cookie parser accept cookies even with blank or
unparsable expiry dates and then treat them as session cookies - previously
  libcurl would reject cookies with a date format it couldn't parse. Research
  shows that the major browser treat such cookies as session cookies. I
  modified test 8 and 31 to verify this.
2009-10-25 18:15:14 +00:00
Yang Tse
5b11e3883c fix compiler warning: conversion from "long" to "size_t" may lose sign 2009-09-28 17:01:23 +00:00
Yang Tse
7d22ce5573 libcurl private function Curl_memrchr() now in curl_memrchr.c and curl_memrchr.h 2009-09-28 16:05:20 +00:00
Daniel Stenberg
4f47fc4e14 - John P. McCaskey posted a bug report that showed how libcurl did wrong when
saving received cookies with no given path, if the path in the request had a
  query part. That is means a question mark (?) and characters on the right
  side of that. I wrote test case 1105 and fixed this problem.
2009-09-26 20:51:51 +00:00
Daniel Stenberg
af9ce990f0 minor whitespace edit 2009-09-25 20:26:44 +00:00
Daniel Stenberg
7ff4b4f2b5 - Claes Jakobsson fixed a problem with cookie expiry dates at exctly the epoch
start second "Thu Jan 1 00:00:00 GMT 1970" as the date parser then returns 0
  which internally then is treated as a session cookie. That particular date
  is now made to get the value of 1.
2009-09-10 21:06:50 +00:00
Yang Tse
5931cf77f4 DEBUGBUILD / CURLDEBUG decoupling follow-up 2009-06-15 02:29:49 +00:00
Daniel Stenberg
352177090f - Fabian Keil ran clang on the (lib)curl code, found a bunch of warnings and
contributed a range of patches to fix them.
2009-06-10 21:26:11 +00:00
Daniel Stenberg
1cf6c15ab4 - bug report #2796358 (http://curl.haxx.se/bug/view.cgi?id=2796358) pointed
out that the cookie parser would leak memory when it parses cookies that are
  received with domain, path etc set multiple times in the same header. While
  such a cookie is questionable, they occur in the wild and libcurl no longer
  leaks memory for them. I added such a header to test case 8.
2009-05-25 12:23:22 +00:00
Yang Tse
33a3753c3f libcurl's memory.h renamed to curl_memory.h 2009-04-21 11:46:16 +00:00
Daniel Stenberg
5e74c58b73 - Tim Ansell fixed a compiler warning in lib/cookie.c 2009-01-15 08:32:58 +00:00
Daniel Stenberg
a19e02be5e - Michael Wallner fixed a NULL pointer deref when calling
curl_easy_setup(curl, CURLOPT_COOKIELIST, "SESS") on a CURL handle with no
  cookies data.
2009-01-13 22:21:14 +00:00
Daniel Stenberg
58ebde9502 - Pawel Kierski pointed out a mistake in the cookie code that could lead to a
bad fclose() after a fatal error had occured.
  (http://curl.haxx.se/bug/view.cgi?id=2382219)
2008-12-03 15:08:09 +00:00
Daniel Stenberg
b701ea36a7 moved the Curl_raw_ functions into the new lib/rawstr.c file for easier curlx_
inclusion by the curl tool without colliding with the curl_strequal functions.
2008-10-23 11:49:19 +00:00
Dan Fandrich
bab5183820 Created Curl_raw_nequal() which does a C-locale string case comparison.
Changed checkprefix() to use it and those instances of strnequal() that
compare host names or other protocol strings that are defined to be
independent of case in the C locale.  This should fix a few more
Turkish locale problems.
2008-10-23 01:20:57 +00:00
Daniel Stenberg
9d16b4081e Renamed Curl_ascii_equal to Curl_raw_equal and bugfixed the my_toupper function
used in strequal.c so now all test cases run fine for me again.
2008-10-16 08:23:48 +00:00
Daniel Stenberg
a579d67064 - Pascal Terjan filed bug #2154627
(http://curl.haxx.se/bug/view.cgi?id=2154627) which pointed out that libcurl
  uses strcasecmp() in multiple places where it causes failures when the
  Turkish locale is used. This is because 'i' and 'I' isn't the same letter so
  strcasecmp() on those letters are different in Turkish than in English (or
  just about all other languages). I thus introduced a totally new internal
  function in libcurl (called Curl_ascii_equal) for doing case insentive
  comparisons for english-(ascii?) style strings that thus will make "file"
  and "FILE" match even if the Turkish locale is selected.
2008-10-15 21:43:48 +00:00
Daniel Stenberg
18be9882f7 Removed superfluous check of clist->name, as in this code path that pointer
has already been dereferenced so it is bound to be valid. Pointed out to us
by coverity.com
2008-10-13 21:03:12 +00:00
Daniel Stenberg
f72a26d340 - Stefan Krause pointed out that libcurl would wrongly send away cookies to
sites in cases where the cookie clearly has a very old expiry date. The
  condition was simply that libcurl's date parser would fail to convert the
  date and it would then count as a (timed-based) match. Starting now, a
  missed date due to an unsupported date format or date range will now cause
  the cookie to not match.
2008-09-08 11:36:19 +00:00
Yang Tse
59e378f48f remove unnecessary typecasting of malloc() 2008-09-06 05:29:05 +00:00
Yang Tse
a622fd90b4 remove unnecessary typecasting of calloc() 2008-09-06 04:47:14 +00:00
Daniel Stenberg
e138ae5ec9 - I'm abandoning the system with the web site mirrors (but keeping download
files bing mirrored) and thus I've changed the URL in the cookiejar header
  to no longer use curlm.haxx.se but instead use the main site curl.haxx.se
2008-08-28 11:35:54 +00:00
Yang Tse
ad638da2c2 Library internal only C preprocessor macros FORMAT_OFF_T and FORMAT_OFF_TU
remain in use as internal curl_off_t print formatting strings for the internal
*printf functions which still cannot handle print formatting string directives
such as "I64d", "I64u", and others available on MSVC, MinGW, Intel's ICC, and
other DOS/Windows compilers.

This reverts previous commit part which did:

FORMAT_OFF_T  -> CURL_FORMAT_CURL_OFF_T
FORMAT_OFF_TU -> CURL_FORMAT_CURL_OFF_TU
2008-08-16 01:33:59 +00:00
Yang Tse
66fb9ca5f6 For congruency sake with the naming of other CURL_XXXXXX_CURL_OFF_T macros,
the names of the curl_off_t formatting string directives now become
CURL_FORMAT_CURL_OFF_T and CURL_FORMAT_CURL_OFF_TU.

CURL_FMT_OFF_T  -> CURL_FORMAT_CURL_OFF_T
CURL_FMT_OFF_TU -> CURL_FORMAT_CURL_OFF_TU

Remove the use of an internal name for the curl_off_t formatting string directives
and use the common one available from the inside and outside of the library.

FORMAT_OFF_T  -> CURL_FORMAT_CURL_OFF_T
FORMAT_OFF_TU -> CURL_FORMAT_CURL_OFF_TU
2008-08-15 02:58:15 +00:00
Daniel Stenberg
a62e155ca4 - Niklas Angebrand made the cookie support in libcurl properly deal with the
"HttpOnly" feature introduced by Microsoft and apparently also supported by
  Firefox: http://msdn2.microsoft.com/en-us/library/ms533046.aspx . HttpOnly
  is now supported when received from servers in HTTP headers, when written to
  cookie jars and when read from existing cookie jars.
2008-01-31 12:21:57 +00:00
Daniel Stenberg
c914e6ea5d "Igor" pointed out that CURLOPT_COOKIELIST set to "ALL" leaked memory, and so
did "SESS". Fixed now.
2008-01-23 22:22:12 +00:00
Daniel Stenberg
cbd1a77ec2 if () => if()
while () => while()
and some other minor re-indentings
2007-11-07 09:21:35 +00:00
Dan Fandrich
1b66c1da6c Added lots of consts 2007-08-29 05:36:53 +00:00
Yang Tse
d9e89e170f fix out of memory handling issue 2007-04-07 04:51:35 +00:00
Dan Fandrich
7e74349b86 Fixed file handle leak in OOM condition. 2007-04-04 22:49:12 +00:00
Yang Tse
f08ac86834 fix compiler warning 2007-03-25 02:30:58 +00:00
Yang Tse
fbcf86b83e avoid using funtion isblank() and just use our ISBLANK
macro to provide this functionality on all platforms
2007-02-14 13:31:37 +00:00
Yang Tse
5c3f36b4b4 compiler warning fix 2007-02-14 04:45:30 +00:00
Yang Tse
6d05a33ed9 use our own ISBLANK macro 2007-02-13 17:47:27 +00:00
Daniel Stenberg
277df1c6b1 make Curl_cookie_clearall() survive getting called with a NULL pointer 2007-01-13 23:32:14 +00:00
Daniel Stenberg
68e9f75708 As reported in bug: #1566077 the former URL mentioned in the generated cookie
jar has died and we now instead point out our own version of that
2006-09-27 21:00:45 +00:00
Daniel Stenberg
28611704d9 Ates Goral pointed out that libcurl's cookie parser did case insensitive
string comparisons on the path which is incorrect and provided a patch that
fixes this. I edited test case 8 to include details that test for this.
2006-07-08 18:52:08 +00:00
Daniel Stenberg
606562aa7e Michael Wallner provided a patch that allows "SESS" to be set with
CURLOPT_COOKIELIST, which then makes all session cookies get cleared. (slightly
edited by me, and the re-indent in cookie.c was also done by me)
2006-05-24 22:46:38 +00:00
Daniel Stenberg
90e1a6905a remove the typecast to long from time_t, since we now store it as curl_off_t 2005-08-17 09:11:27 +00:00
Daniel Stenberg
a676c18502 - Jeff Pohlmeyer found out that if you ask libcurl to load a cookiefile (with
CURLOPT_COOKIEFILE), add a cookie (with CURLOPT_COOKIELIST), tell it to
  write the result to a given cookie jar and then never actually call
  curl_easy_perform() - the given file(s) to read was never read but the
  output file was written and thus it caused a "funny" result.

- While doing some tests for the bug above, I noticed that Firefox generates
  large numbers (for the expire time) in the cookies.txt file and libcurl
  didn't treat them properly. Now it does.
2005-08-17 08:55:43 +00:00
Daniel Stenberg
1c388a52a5 curl standard indent/format 2005-07-28 21:49:58 +00:00