summaryrefslogtreecommitdiff
path: root/lib/cookie.h
Commit message (Collapse)AuthorAgeFilesLines
* cookie: clarify that init with data set to NULL reads no fileDaniel Stenberg2023-04-111-1/+0
| | | | | | | | | | | | | | ... and make Curl_cookie_add() require 'data' being set proper with an assert. The function has not worked with a NULL data for quite some time so this just corrects the code and comment. This is a different take than the proposed fixed in #10927 Reported-by: Kvarec Lezki Ref: #10929 Closes #10930
* copyright: update all copyright lines and remove year rangesDaniel Stenberg2023-01-031-1/+1
| | | | | | | | | | | | - they are mostly pointless in all major jurisdictions - many big corporations and projects already don't use them - saves us from pointless churn - git keeps history for us - the year range is kept in COPYING checksrc is updated to allow non-year using copyright statements Closes #10205
* cookie: apply limitsDaniel Stenberg2022-06-261-2/+19
| | | | | | | | | | | - Send no more than 150 cookies per request - Cap the max length used for a cookie: header to 8K - Cap the max number of received Set-Cookie: headers to 50 Bug: https://curl.se/docs/CVE-2022-32205.html CVE-2022-32205 Reported-by: Harry Sintonen Closes #9048
* copyright: make repository REUSE compliantmax.mehl2022-06-131-1/+3
| | | | | | | | | | | Add licensing and copyright information for all files in this repository. This either happens in the file itself as a comment header or in the file `.reuse/dep5`. This commit also adds a Github workflow to check pull requests and adapts copyright.pl to the changes. Closes #8869
* cookies: track expiration in jar to optimize removalsDaniel Gustafsson2021-06-081-0/+1
| | | | | | | | | | Removing expired cookies needs to be a fast operation since we want to be able to perform it often and speculatively. By tracking the timestamp of the next known expiration we can exit early in case the timestamp is in the future. Closes: #7172 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
* cookies: Use named parameters in header prototypesDaniel Gustafsson2021-02-231-6/+7
| | | | | | | | Align header with project style of using named parameters in the function prototypes to aid readability and self-documentation. Closes #6653 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
* copyright: fix missing year (range) updatesDaniel Stenberg2021-01-291-1/+1
|
* lib: save a bit of space with some structure packingErik Olsson2021-01-201-2/+2
| | | | | | | | | | | | | | | - Reorder some internal struct members so that less padding is used. This is an attempt at saving a bit of space by packing some structs (using pahole to find the holes) where it might make sense to do so without losing readability. I.e., I tried to avoid separating fields that seem grouped together (like the cwd... fields in struct ftp_conn for instance). Also abstained from touching fields behind conditional macros as that quickly can get complicated. Closes https://github.com/curl/curl/pull/6483
* copyright: fix year rangesDaniel Stenberg2020-11-051-1/+1
| | | | Follow-up from 4d2f8006777
* curl.se: new homeDaniel Stenberg2020-11-041-1/+1
| | | | Closes #6172
* cookies: change argument type for Curl_flush_cookiesDaniel Stenberg2019-10-031-1/+1
| | | | | | | The second argument is really a 'bool' so use that and pass in TRUE/FALSE to make it clear. Closes #4455
* altsvc: Fix building with cookies disablesPo-Chuan Hsieh2019-04-201-1/+0
| | | | | | | | | | | ALTSVC requires Curl_get_line which is defined in lib/cookie.c inside a #if check of HTTP and COOKIES. That makes Curl_get_line undefined if COOKIES is disabled. Fix by splitting out the function into a separate file which can be included where needed. Closes #3717 Reviewed-by: Daniel Gustafsson <daniel@yesql.se> Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
* alt-svc: the libcurl bitsDaniel Stenberg2019-03-031-0/+1
|
* cookie: Add support for cookie prefixesDaniel Gustafsson2019-02-171-1/+9
| | | | | | | | | | | The draft-ietf-httpbis-rfc6265bis-02 draft, specify a set of prefixes and how they should affect cookie initialization, which has been adopted by the major browsers. This adds support for the two prefixes defined, __Host- and __Secure, and updates the testcase with the supplied examples from the draft. Closes #3554 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
* cookies: leave secure cookies aloneDaniel Gustafsson2018-12-131-2/+3
| | | | | | | | | | | Only allow secure origins to be able to write cookies with the 'secure' flag set. This reduces the risk of non-secure origins to influence the state of secure origins. This implements IETF Internet-Draft draft-ietf-httpbis-cookie-alone-01 which updates RFC6265. Closes #2956 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
* cookies: support creation-time attribute for cookiesDaniel Gustafsson2018-08-311-1/+3
| | | | | | | | | | | | | | According to RFC6265 section 5.4, cookies with equal path lengths SHOULD be sorted by creation-time (earlier first). This adds a creation-time record to the cookie struct in order to make cookie sorting more deterministic. The creation-time is defined as the order of the cookies in the jar, the first cookie read fro the jar being the oldest. The creation-time is thus not serialized into the jar. Also remove the strcmp() matching in the sorting as there is no lexicographic ordering in RFC6265. Existing tests are updated to match. Closes #2524
* cookies: remove unused macroDaniel Gustafsson2018-04-271-1/+0
| | | | | | | Commit 2bc230de63 made the macro MAX_COOKIE_LINE_TXT become unused, so remove as it's not part of the published API. Closes https://github.com/curl/curl/pull/2537
* cookie: store cookies per top-level-domain-specific hash tableLauri Kasanen2018-04-021-1/+3
| | | | | | This makes libcurl handle thousands of cookies much better and speedier. Closes #2440
* cookies: when reading from a file, only remove_expired onceLauri Kasanen2018-04-021-1/+2
| | | | | | This drops the cookie load time for 8k cookies from 178ms to 15ms. Closes #2441
* cookies: reject oversized cookiesDaniel Stenberg2017-09-181-4/+7
| | | | | | | | | | | | | | | | | | ... instead of truncating them. There's no fixed limit for acceptable cookie names in RFC 6265, but the entire cookie is said to be less than 4096 bytes (section 6.1). This is also what browsers seem to implement. We now allow max 5000 bytes cookie header. Max 4095 bytes length per cookie name and value. Name + value together may not exceed 4096 bytes. Added test 1151 to verify Bug: https://curl.haxx.se/mail/lib-2017-09/0062.html Reported-by: Kevin Smith Closes #1894
* cookies: getlist() now holds deep copies of all cookiesDaniel Stenberg2016-10-311-2/+2
| | | | | | | | | | | Previously it only held references to them, which was reckless as the thread lock was released so the cookies could get modified by other handles that share the same cookie jar over the share interface. CVE-2016-8623 Bug: https://curl.haxx.se/docs/adv_20161102I.html Reported-by: Cure53
* internals: rename the SessionHandle struct to Curl_easyDaniel Stenberg2016-06-221-6/+6
|
* URLs: change all http:// URLs to https://Daniel Stenberg2016-02-031-1/+1
|
* cookies: follow-up fix for path checkingYAMADA Yasuharu2013-06-121-1/+2
| | | | | | | The initial fix to only compare full path names were done in commit 04f52e9b4db0 but found out to be incomplete. This takes should make the change more complete and there's now two additional tests to verify (test 31 and 62).
* build: fix circular header inclusion with other packagesYang Tse2013-01-091-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit renames lib/setup.h to lib/curl_setup.h and renames lib/setup_once.h to lib/curl_setup_once.h. Removes the need and usage of a header inclusion guard foreign to libcurl. [1] Removes the need and presence of an alarming notice we carried in old setup_once.h [2] ---------------------------------------- 1 - lib/setup_once.h used __SETUP_ONCE_H macro as header inclusion guard up to commit ec691ca3 which changed this to HEADER_CURL_SETUP_ONCE_H, this single inclusion guard is enough to ensure that inclusion of lib/setup_once.h done from lib/setup.h is only done once. Additionally lib/setup.h has always used __SETUP_ONCE_H macro to protect inclusion of setup_once.h even after commit ec691ca3, this was to avoid a circular header inclusion triggered when building a c-ares enabled version with c-ares sources available which also has a setup_once.h header. Commit ec691ca3 exposes the real nature of __SETUP_ONCE_H usage in lib/setup.h, it is a header inclusion guard foreign to libcurl belonging to c-ares's setup_once.h The renaming this commit does, fixes the circular header inclusion, and as such removes the need and usage of a header inclusion guard foreign to libcurl. Macro __SETUP_ONCE_H no longer used in libcurl. 2 - Due to the circular interdependency of old lib/setup_once.h and the c-ares setup_once.h header, old file lib/setup_once.h has carried back from 2006 up to now days an alarming and prominent notice about the need of keeping libcurl's and c-ares's setup_once.h in sync. Given that this commit fixes the circular interdependency, the need and presence of mentioned notice is removed. All mentioned interdependencies come back from now old days when the c-ares project lived inside a curl subdirectory. This commit removes last traces of such fact.
* Revert changes relative to lib/*.[ch] recent renamingYang Tse2013-01-061-0/+103
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts renaming and usage of lib/*.h header files done 28-12-2012, reverting 2 commits: f871de0... build: make use of 76 lib/*.h renamed files ffd8e12... build: rename 76 lib/*.h files This also reverts removal of redundant include guard (redundant thanks to changes in above commits) done 2-12-2013, reverting 1 commit: c087374... curl_setup.h: remove redundant include guard This also reverts renaming and usage of lib/*.c source files done 3-12-2013, reverting 3 commits: 13606bb... build: make use of 93 lib/*.c renamed files 5b6e792... build: rename 93 lib/*.c files 7d83dff... build: commit 13606bbfde follow-up 1 Start of related discussion thread: http://curl.haxx.se/mail/lib-2013-01/0012.html Asking for confirmation on pushing this revertion commit: http://curl.haxx.se/mail/lib-2013-01/0048.html Confirmation summary: http://curl.haxx.se/mail/lib-2013-01/0079.html NOTICE: The list of 2 files that have been modified by other intermixed commits, while renamed, and also by at least one of the 6 commits this one reverts follows below. These 2 files will exhibit a hole in history unless git's '--follow' option is used when viewing logs. lib/curl_imap.h lib/curl_smtp.h
* build: rename 76 lib/*.h filesYang Tse2012-12-281-103/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 76 private header files renamed to use our standard naming scheme. This commit only does the file renaming. ---------------------------------------- renamed: amigaos.h -> curl_amigaos.h renamed: arpa_telnet.h -> curl_arpa_telnet.h renamed: asyn.h -> curl_asyn.h renamed: axtls.h -> curl_axtls.h renamed: bundles.h -> curl_bundles.h renamed: conncache.h -> curl_conncache.h renamed: connect.h -> curl_connect.h renamed: content_encoding.h -> curl_content_encoding.h renamed: cookie.h -> curl_cookie.h renamed: cyassl.h -> curl_cyassl.h renamed: dict.h -> curl_dict.h renamed: easyif.h -> curl_easyif.h renamed: escape.h -> curl_escape.h renamed: file.h -> curl_file.h renamed: fileinfo.h -> curl_fileinfo.h renamed: formdata.h -> curl_formdata.h renamed: ftp.h -> curl_ftp.h renamed: ftplistparser.h -> curl_ftplistparser.h renamed: getinfo.h -> curl_getinfo.h renamed: gopher.h -> curl_gopher.h renamed: gtls.h -> curl_gtls.h renamed: hash.h -> curl_hash.h renamed: hostcheck.h -> curl_hostcheck.h renamed: hostip.h -> curl_hostip.h renamed: http.h -> curl_http.h renamed: http_chunks.h -> curl_http_chunks.h renamed: http_digest.h -> curl_http_digest.h renamed: http_negotiate.h -> curl_http_negotiate.h renamed: http_proxy.h -> curl_http_proxy.h renamed: if2ip.h -> curl_if2ip.h renamed: imap.h -> curl_imap.h renamed: inet_ntop.h -> curl_inet_ntop.h renamed: inet_pton.h -> curl_inet_pton.h renamed: krb4.h -> curl_krb4.h renamed: llist.h -> curl_llist.h renamed: memdebug.h -> curl_memdebug.h renamed: multiif.h -> curl_multiif.h renamed: netrc.h -> curl_netrc.h renamed: non-ascii.h -> curl_non-ascii.h renamed: nonblock.h -> curl_nonblock.h renamed: nssg.h -> curl_nssg.h renamed: parsedate.h -> curl_parsedate.h renamed: pingpong.h -> curl_pingpong.h renamed: polarssl.h -> curl_polarssl.h renamed: pop3.h -> curl_pop3.h renamed: progress.h -> curl_progress.h renamed: qssl.h -> curl_qssl.h renamed: rawstr.h -> curl_rawstr.h renamed: rtsp.h -> curl_rtsp.h renamed: select.h -> curl_select.h renamed: sendf.h -> curl_sendf.h renamed: setup.h -> curl_setup.h renamed: setup_once.h -> curl_setup_once.h renamed: share.h -> curl_share.h renamed: slist.h -> curl_slist.h renamed: smtp.h -> curl_smtp.h renamed: sockaddr.h -> curl_sockaddr.h renamed: socks.h -> curl_socks.h renamed: speedcheck.h -> curl_speedcheck.h renamed: splay.h -> curl_splay.h renamed: ssh.h -> curl_ssh.h renamed: sslgen.h -> curl_sslgen.h renamed: ssluse.h -> curl_ssluse.h renamed: strdup.h -> curl_strdup.h renamed: strequal.h -> curl_strequal.h renamed: strerror.h -> curl_strerror.h renamed: strtok.h -> curl_strtok.h renamed: strtoofft.h -> curl_strtoofft.h renamed: telnet.h -> curl_telnet.h renamed: tftp.h -> curl_tftp.h renamed: timeval.h -> curl_timeval.h renamed: transfer.h -> curl_transfer.h renamed: url.h -> curl_url.h renamed: urldata.h -> curl_urldata.h renamed: warnless.h -> curl_warnless.h renamed: wildcard.h -> curl_wildcard.h ----------------------------------------
* build: make use of 76 lib/*.h renamed filesYang Tse2012-12-281-1/+1
| | | | | | 76 private header files renamed to use our standard naming scheme. This change affects 322 files in libcurl's source tree.
* fix a bunch of MSVC compiler warningsYang Tse2011-09-031-3/+4
|
* time.h and sys/time.h inclusion conditionally done in setup_once.hYang Tse2011-07-251-9/+0
|
* cookie_output: made privateDaniel Stenberg2011-06-031-1/+0
|
* compiler warning: fixYang Tse2011-05-211-4/+4
| | | | Fix compiler warning: empty body in an if-statement
* disable cookies: remove ifdefs, move codeDaniel Stenberg2011-04-041-4/+8
| | | | | | | | | | | 1 - make sure to #define macros for cookie functions in the cookie header when cookies are disabled to avoid having to use #ifdefs in code using those functions. 2 - move cookie-specific code to cookie.c and use the functio conditionally as mentioned in (1). net result: 6 #if lines removed, and 9 lines of code less
* remove the CVSish $Id$ linesDaniel Stenberg2010-03-241-1/+0
|
* Indentation fixes, untabify and related whitespace-cleanup. No code changed.Daniel Stenberg2009-02-271-1/+1
|
* - Niklas Angebrand made the cookie support in libcurl properly deal with theDaniel Stenberg2008-01-311-0/+1
| | | | | | | "HttpOnly" feature introduced by Microsoft and apparently also supported by Firefox: http://msdn2.microsoft.com/en-us/library/ms533046.aspx . HttpOnly is now supported when received from servers in HTTP headers, when written to cookie jars and when read from existing cookie jars.
* "Igor" pointed out that CURLOPT_COOKIELIST set to "ALL" leaked memory, and soDaniel Stenberg2008-01-231-2/+2
| | | | did "SESS". Fixed now.
* Added lots of constsDan Fandrich2007-08-291-5/+6
|
* Removed "#ifndef__WATCOMC__". Use "#ifdef HAVE_SYS_TIME_H" instead.Gisle Vanem2006-08-301-1/+3
|
* Watcom lacks <sys/time.h>.Gisle Vanem2006-08-291-1/+1
|
* Silence warning: empty body in an if-statementYang Tse2006-07-311-1/+1
|
* Michael Wallner provided a patch that allows "SESS" to be set withDaniel Stenberg2006-05-241-1/+3
| | | | | CURLOPT_COOKIELIST, which then makes all session cookies get cleared. (slightly edited by me, and the re-indent in cookie.c was also done by me)
* Made the copyright year match the latest modification's year.Daniel Stenberg2006-01-091-1/+1
|
* - Jeff Pohlmeyer found out that if you ask libcurl to load a cookiefile (withDaniel Stenberg2005-08-171-1/+3
| | | | | | | | | | | CURLOPT_COOKIEFILE), add a cookie (with CURLOPT_COOKIELIST), tell it to write the result to a given cookie jar and then never actually call curl_easy_perform() - the given file(s) to read was never read but the output file was written and thus it caused a "funny" result. - While doing some tests for the bug above, I noticed that Firefox generates large numbers (for the expire time) in the cookies.txt file and libcurl didn't treat them properly. Now it does.
* Peteris Krumins added CURLOPT_COOKIELIST and CURLINFO_COOKIELIST, which is aDaniel Stenberg2005-07-271-0/+6
| | | | | simple interface to extracting and setting cookies in libcurl's internal "cookie jar". See the new cookie_interface.c example code.
* removed tabs and trailing whitespace from sourceDaniel Stenberg2004-10-061-1/+1
|
* David Cohen pointed out that RFC2109 says clients should allow cookies toDaniel Stenberg2004-06-221-12/+19
| | | | | | contain least 4096 bytes while libcurl only allowed 2047. I raised the limit to 4999 now and made the used buffer get malloc()ed instead of simply allocated on stack as before.
* updated year in the copyright stringDaniel Stenberg2004-01-071-1/+1
|
* the new cookie functions that require 'data' passed inDaniel Stenberg2003-08-111-2/+6
|
* Many cookie fixes:Daniel Stenberg2003-04-301-5/+4
| | | | | | | | | | | | o Save domains in jars like Mozilla does. It means all domains set in Set-Cookie: headers are dot-prefixed. o Save and use the 'tailmatch' field in the Mozilla/Netscape cookie jars (the second column). o Reject cookies using illegal domains in the Set-Cookie: line. Concerns both domains with too few dots or domains that are outside the currently operating server host's domain. o Set the path part by default to the one used in the request, if none was set in the Set-Cookie line.
View Lorry Controller Status