cookies: support creation-time attribute for cookies

According to RFC6265 section 5.4, cookies with equal path lengths SHOULD be sorted by creation-time (earlier first). This adds a creation-time record to the cookie struct in order to make cookie sorting more deterministic. The creation-time is defined as the order of the cookies in the jar, the first cookie read fro the jar being the oldest. The creation-time is thus not serialized into the jar. Also remove the strcmp() matching in the sorting as there is no lexicographic ordering in RFC6265. Existing tests are updated to match. Closes #2524
author: Daniel Gustafsson <daniel@yesql.se> 2018-08-28 11:28:50 +0200
committer: Daniel Stenberg <daniel@haxx.se> 2018-08-31 14:11:37 +0200
commit: e2ef8d6fa11b2345e10b89db525920f2a0d5fd79 (patch)
tree: 3be4fab33a03fcda3d398217511d5e4744dd546a /lib/cookie.c
parent: b842fa3110aa2ff1204fd9370d657bc5f1174ffb (diff)
download: curl-e2ef8d6fa11b2345e10b89db525920f2a0d5fd79.tar.gz
1 files changed, 52 insertions, 16 deletions
diff --git a/lib/cookie.c b/lib/cookie.c
index 72aaa7636..5a8e4fc65 100644
--- a/lib/cookie.c
+++ b/lib/cookie.c
@@ -40,7 +40,7 @@ struct Cookie *Curl_cookie_add(struct Curl_easy *data,
         received from a server.
 
         The function need to replace previously stored lines that this new
-        line superceeds.
+        line supersedes.
 
         It may remove lines that are expired.
 
@@ -874,9 +874,10 @@ Curl_cookie_add(struct Curl_easy *data,
   }
 
   co->livecookie = c->running;
+  co->creationtime = ++c->lastct;
 
   /* now, we have parsed the incoming line, we must now check if this
-     superceeds an already existing cookie, which it may if the previous have
+     supersedes an already existing cookie, which it may if the previous have
      the same domain and path as this */
 
   /* at first, remove expired cookies */
@@ -952,6 +953,9 @@ Curl_cookie_add(struct Curl_easy *data,
       if(replace_old) {
         co->next = clist->next; /* get the next-pointer first */
 
+        /* when replacing, creationtime is kept from old */
+        co->creationtime = clist->creationtime;
+
         /* then free all the old pointers */
         free(clist->name);
         free(clist->value);
@@ -1141,12 +1145,24 @@ static int cookie_sort(const void *p1, const void *p2)
   if(l1 != l2)
     return (l2 > l1) ? 1 : -1 ;  /* avoid size_t <=> int conversions */
 
-  /* 3 - compare cookie names */
-  if(c1->name && c2->name)
-    return strcmp(c1->name, c2->name);
+  /* 3 - compare cookie name lengths */
+  l1 = c1->name ? strlen(c1->name) : 0;
+  l2 = c2->name ? strlen(c2->name) : 0;
 
-  /* sorry, can't be more deterministic */
-  return 0;
+  if(l1 != l2)
+    return (l2 > l1) ? 1 : -1;
+
+  /* 4 - compare cookie creation time */
+  return (c2->creationtime > c1->creationtime) ? 1 : -1;
+}
+
+/* sort cookies only according to creation time */
+static int cookie_sort_ct(const void *p1, const void *p2)
+{
+  struct Cookie *c1 = *(struct Cookie **)p1;
+  struct Cookie *c2 = *(struct Cookie **)p2;
+
+  return (c2->creationtime > c1->creationtime) ? 1 : -1;
 }
 
 #define CLONE(field)                     \
@@ -1175,6 +1191,7 @@ static struct Cookie *dup_cookie(struct Cookie *src)
     d->secure = src->secure;
     d->livecookie = src->livecookie;
     d->httponly = src->httponly;
+    d->creationtime = src->creationtime;
   }
   return d;
 
@@ -1439,6 +1456,8 @@ static int cookie_output(struct CookieInfo *c, const char *dumphere)
   bool use_stdout = FALSE;
   char *format_ptr;
   unsigned int i;
+  unsigned int j;
+  struct Cookie **array;
 
   if((NULL == c) || (0 == c->numcookies))
     /* If there are no known cookies, we don't write or even create any
@@ -1452,6 +1471,10 @@ static int cookie_output(struct CookieInfo *c, const char *dumphere)
   if(0 == c->numcookies)
     return 0;
 
+  array = malloc(sizeof(struct Cookie *) * c->numcookies);
+  if(!array)
+    return 1;
+
   if(!strcmp("-", dumphere)) {
     /* use stdout */
     out = stdout;
@@ -1459,8 +1482,10 @@ static int cookie_output(struct CookieInfo *c, const char *dumphere)
   }
   else {
     out = fopen(dumphere, FOPEN_WRITETEXT);
-    if(!out)
+    if(!out) {
+      free(array);
       return 1; /* failure */
+    }
   }
 
   fputs("# Netscape HTTP Cookie File\n"
@@ -1468,22 +1493,33 @@ static int cookie_output(struct CookieInfo *c, const char *dumphere)
         "# This file was generated by libcurl! Edit at your own risk.\n\n",
         out);
 
+  j = 0;
   for(i = 0; i < COOKIE_HASH_SIZE; i++) {
     for(co = c->cookies[i]; co; co = co->next) {
       if(!co->domain)
         continue;
-      format_ptr = get_netscape_format(co);
-      if(format_ptr == NULL) {
-        fprintf(out, "#\n# Fatal libcurl error\n");
-        if(!use_stdout)
-          fclose(out);
-        return 1;
+      array[j++] = co;
+    }
+  }
+
+  qsort(array, c->numcookies, sizeof(struct Cookie *), cookie_sort_ct);
+
+  for(i = 0; i < j; i++) {
+    format_ptr = get_netscape_format(array[i]);
+    if(format_ptr == NULL) {
+      fprintf(out, "#\n# Fatal libcurl error\n");
+      if(!use_stdout) {
+        free(array);
+        fclose(out);
       }
-      fprintf(out, "%s\n", format_ptr);
-      free(format_ptr);
+      return 1;
     }
+    fprintf(out, "%s\n", format_ptr);
+    free(format_ptr);
   }
 
+  free(array);
+
   if(!use_stdout)
     fclose(out);
author	Daniel Gustafsson <daniel@yesql.se>	2018-08-28 11:28:50 +0200
committer	Daniel Stenberg <daniel@haxx.se>	2018-08-31 14:11:37 +0200
commit	e2ef8d6fa11b2345e10b89db525920f2a0d5fd79 (patch)
tree	3be4fab33a03fcda3d398217511d5e4744dd546a /lib/cookie.c
parent	b842fa3110aa2ff1204fd9370d657bc5f1174ffb (diff)
download	curl-e2ef8d6fa11b2345e10b89db525920f2a0d5fd79.tar.gz