diff options
author | Daniel Stenberg <daniel@haxx.se> | 2016-02-08 15:48:18 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2016-02-08 15:49:54 +0100 |
commit | 18c735e790e47a1199f9dd71a01aa9847d6474b1 (patch) | |
tree | 29b13b74bba29c6314f4ceeab0383447d5c530e0 /lib | |
parent | c4303fd5bb26c54a90a8e1ab4380f615995dd0c6 (diff) | |
download | curl-18c735e790e47a1199f9dd71a01aa9847d6474b1.tar.gz |
cookies: allow spaces in cookie names, cut of trailing spaces
It turns out Firefox and Chrome both allow spaces in cookie names and
there are sites out there using that.
Turned out the code meant to strip off trailing space from cookie names
didn't work. Fixed now.
Test case 8 modified to verify both these changes.
Closes #639
Diffstat (limited to 'lib')
-rw-r--r-- | lib/cookie.c | 23 |
1 files changed, 16 insertions, 7 deletions
diff --git a/lib/cookie.c b/lib/cookie.c index d62f446b5..c542476a9 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -417,7 +417,7 @@ Curl_cookie_add(struct SessionHandle *data, do { /* we have a <what>=<this> pair or a stand-alone word here */ name[0]=what[0]=0; /* init the buffers */ - if(1 <= sscanf(ptr, "%" MAX_NAME_TXT "[^;\r\n =] =%" + if(1 <= sscanf(ptr, "%" MAX_NAME_TXT "[^;\r\n=] =%" MAX_COOKIE_LINE_TXT "[^;\r\n]", name, what)) { /* Use strstore() below to properly deal with received cookie @@ -427,15 +427,24 @@ Curl_cookie_add(struct SessionHandle *data, bool done = FALSE; bool sep; size_t len=strlen(what); - const char *endofn = &ptr[ strlen(name) ]; - - /* skip trailing spaces in name */ - while(*endofn && ISBLANK(*endofn)) - endofn++; + size_t nlen = strlen(name); + const char *endofn = &ptr[ nlen ]; /* name ends with a '=' ? */ sep = (*endofn == '=')?TRUE:FALSE; + if(nlen) { + endofn--; /* move to the last character */ + if(ISBLANK(*endofn)) { + /* skip trailing spaces in name */ + while(*endofn && ISBLANK(*endofn) && nlen) { + endofn--; + nlen--; + } + name[nlen]=0; /* new end of name */ + } + } + /* Strip off trailing whitespace from the 'what' */ while(len && ISBLANK(what[len-1])) { what[len-1]=0; |