cookies: do not take cookie name as a parameter

RFC 6265 section 4.2.1 does not set restrictions on cookie names. This is a follow-up to commit 7f7fcd0. Also explicitly check proper syntax of cookie name/value pair. New test 1155 checks that cookie names are not reserved words. Reported-By: anshnd at github Fixes #2564 Closes #2566
author: Patrick Monnerat <patrick@monnerat.net> 2018-05-13 01:23:10 +0200
committer: Patrick Monnerat <patrick@monnerat.net> 2018-05-13 01:23:10 +0200
commit: 1b55d270ad3d4473b2fd46481478275e47c60eaf (patch)
tree: b3698c5dec22655c49fe6fbacaf8440e511f98d8 /lib/cookie.c
parent: 9cacc24630e55ea54803458f37fadfe9d4beb52c (diff)
download: curl-1b55d270ad3d4473b2fd46481478275e47c60eaf.tar.gz
1 files changed, 7 insertions, 1 deletions
diff --git a/lib/cookie.c b/lib/cookie.c
index 5eb3c1209..29f627fd4 100644
--- a/lib/cookie.c
+++ b/lib/cookie.c
@@ -528,10 +528,16 @@ Curl_cookie_add(struct Curl_easy *data,
         while(*whatptr && ISBLANK(*whatptr))
           whatptr++;
 
-        if(!co->name && sep) {
+        if(!co->name) {
           /* The very first name/value pair is the actual cookie name */
+          if(!sep) {
+            /* Bad name/value pair. */
+            badcookie = TRUE;
+            break;
+          }
           co->name = strdup(name);
           co->value = strdup(whatptr);
+          done = TRUE;
           if(!co->name || !co->value) {
             badcookie = TRUE;
             break;
author	Patrick Monnerat <patrick@monnerat.net>	2018-05-13 01:23:10 +0200
committer	Patrick Monnerat <patrick@monnerat.net>	2018-05-13 01:23:10 +0200
commit	1b55d270ad3d4473b2fd46481478275e47c60eaf (patch)
tree	b3698c5dec22655c49fe6fbacaf8440e511f98d8 /lib/cookie.c
parent	9cacc24630e55ea54803458f37fadfe9d4beb52c (diff)
download	curl-1b55d270ad3d4473b2fd46481478275e47c60eaf.tar.gz