From ae1912cb0d494b48d514d937826c9fe83ec96c4d Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 29 Dec 1999 14:20:26 +0000 Subject: Initial revision --- lib/cookie.c | 457 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 457 insertions(+) create mode 100644 lib/cookie.c (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c new file mode 100644 index 000000000..dde335042 --- /dev/null +++ b/lib/cookie.c @@ -0,0 +1,457 @@ + +/*** + + +RECEIVING COOKIE INFORMATION +============================ + +struct CookieInfo *cookie_init(char *file); + + Inits a cookie struct to store data in a local file. This is always + called before any cookies are set. + +int cookies_set(struct CookieInfo *cookie, char *cookie_line); + + The 'cookie_line' parameter is a full "Set-cookie:" line as + received from a server. + + The function need to replace previously stored lines that this new + line superceeds. + + It may remove lines that are expired. + + It should return an indication of success/error. + + +SENDING COOKIE INFORMATION +========================== + +struct Cookies *cookie_getlist(struct CookieInfo *cookie, + char *host, char *path, bool secure); + + For a given host and path, return a linked list of cookies that + the client should send to the server if used now. The secure + boolean informs the cookie if a secure connection is achieved or + not. + + It shall only return cookies that haven't expired. + + +Example set of cookies: + + Set-cookie: PRODUCTINFO=webxpress; domain=.fidelity.com; path=/; secure + Set-cookie: PERSONALIZE=none;expires=Monday, 13-Jun-1988 03:04:55 GMT; + domain=.fidelity.com; path=/ftgw; secure + Set-cookie: FidHist=none;expires=Monday, 13-Jun-1988 03:04:55 GMT; + domain=.fidelity.com; path=/; secure + Set-cookie: FidOrder=none;expires=Monday, 13-Jun-1988 03:04:55 GMT; + domain=.fidelity.com; path=/; secure + Set-cookie: DisPend=none;expires=Monday, 13-Jun-1988 03:04:55 GMT; + domain=.fidelity.com; path=/; secure + Set-cookie: FidDis=none;expires=Monday, 13-Jun-1988 03:04:55 GMT; + domain=.fidelity.com; path=/; secure + Set-cookie: + Session_Key@6791a9e0-901a-11d0-a1c8-9b012c88aa77=none;expires=Monday, + 13-Jun-1988 03:04:55 GMT; domain=.fidelity.com; path=/; secure +****/ + +#include +#include +#include + +#include "cookie.h" +#include "setup.h" +#include "getdate.h" + +/**************************************************************************** + * + * cookie_add() + * + * Add a single cookie line to the cookie keeping object. + * + ***************************************************************************/ + +struct Cookie *cookie_add(struct CookieInfo *c, + bool httpheader, /* TRUE if HTTP header-style line */ + char *lineptr) /* first non-space of the line */ +{ + struct Cookie *clist; + char what[MAX_COOKIE_LINE]; + char name[MAX_NAME]; + char *ptr; + char *semiptr; + struct Cookie *co; + time_t now = time(NULL); + bool replace_old = FALSE; + + /* First, alloc and init a new struct for it */ + co = (struct Cookie *)malloc(sizeof(struct Cookie)); + if(!co) + return NULL; /* bail out if we're this low on memory */ + + /* clear the whole struct first */ + memset(co, 0, sizeof(struct Cookie)); + + if(httpheader) { + /* This line was read off a HTTP-header */ + + semiptr=strchr(lineptr, ';'); /* first, find a semicolon */ + ptr = lineptr; + while(semiptr) { + *semiptr='\0'; /* zero terminate for a while */ + /* we have a = pair or a 'secure' word here */ + if(strchr(ptr, '=')) { + if(2 == sscanf(ptr, "%" MAX_NAME_TXT "[^=]=%" + MAX_COOKIE_LINE_TXT "[^\r\n]", + name, what)) { + /* this is a legal = pair */ + if(strequal("path", name)) { + co->path=strdup(what); + } + else if(strequal("domain", name)) { + co->domain=strdup(what); + } + else if(strequal("expires", name)) { + co->expirestr=strdup(what); + co->expires = get_date(what, &now); + } + else if(!co->name) { + co->name = strdup(name); + co->value = strdup(what); + } + else + ;/* this is the second (or more) name we don't know + about! */ + } + else { + /* this is an "illegal" = pair */ + } + } + else { + if(sscanf(ptr, "%" MAX_COOKIE_LINE_TXT "[^\r\n]", + what)) { + if(strequal("secure", what)) + co->secure = TRUE; + else + ; /* unsupported keyword without assign! */ + } + } + *semiptr=';'; /* put the semicolon back */ + ptr=semiptr+1; + while(ptr && *ptr && isspace((int)*ptr)) + ptr++; + semiptr=strchr(ptr, ';'); /* now, find the next semicolon */ + } + } + else { + /* This line is NOT a HTTP header style line, we do offer support for + reading the odd netscape cookies-file format here */ + char *firstptr; + int fields; + + if(lineptr[0]=='#') { + /* don't even try the comments */ + free(co); + return NULL; + } + /* strip off the possible end-of-line characters */ + if(ptr=strchr(lineptr, '\r')) + *ptr=0; /* clear it */ + if(ptr=strchr(lineptr, '\n')) + *ptr=0; /* clear it */ + + firstptr=strtok(lineptr, "\t"); /* first tokenize it on the TAB */ + + /* Here's a quick check to eliminate normal HTTP-headers from this */ + if(!firstptr || strchr(firstptr, ':')) { + free(co); + return NULL; + } + + /* Now loop through the fields and init the struct we already have + allocated */ + for(ptr=firstptr, fields=0; ptr; ptr=strtok(NULL, "\t"), fields++) { + switch(fields) { + case 0: + co->domain = strdup(ptr); + break; + case 1: + /* what _is_ this field for? */ + break; + case 2: + co->path = strdup(ptr); + break; + case 3: + co->secure = strequal(ptr, "TRUE"); + break; + case 4: + co->expires = atoi(ptr); + break; + case 5: + co->name = strdup(ptr); + break; + case 6: + co->value = strdup(ptr); + break; + } + } + + if(7 != fields) { + /* we did not find the sufficient number of fields to recognize this + as a valid line, abort and go home */ + + if(co->domain) + free(co->domain); + if(co->path) + free(co->path); + if(co->name) + free(co->name); + if(co->value) + free(co->value); + + free(co); + return NULL; + } + + } + + /* now, we have parsed the incoming line, we must now check if this + superceeds an already existing cookie, which it may if the previous have + the same domain and path as this */ + + clist = c->cookies; + replace_old = FALSE; + while(clist) { + if(strequal(clist->name, co->name)) { + /* the names are identical */ + + if(clist->domain && co->domain) { + if(strequal(clist->domain, co->domain)) + replace_old=TRUE; + } + else if(!clist->domain && !co->domain) + replace_old = TRUE; + + if(replace_old) { + /* the domains were identical */ + + if(clist->path && co->path) { + if(strequal(clist->path, co->path)) { + replace_old = TRUE; + } + else + replace_old = FALSE; + } + else if(!clist->path && !co->path) + replace_old = TRUE; + else + replace_old = FALSE; + + } + + if(replace_old) { + co->next = clist->next; /* get the next-pointer first */ + + /* then free all the old pointers */ + if(clist->name) + free(clist->name); + if(clist->value) + free(clist->value); + if(clist->domain) + free(clist->domain); + if(clist->path) + free(clist->path); + if(clist->expirestr) + free(clist->expirestr); + + *clist = *co; /* then store all the new data */ + } + + } + clist = clist->next; + } + + if(!replace_old) { + + /* first, point to our "next" */ + co->next = c->cookies; + /* then make ourselves first in the list */ + c->cookies = co; + } + return co; +} + +/***************************************************************************** + * + * cookie_init() + * + * Inits a cookie struct to read data from a local file. This is always + * called before any cookies are set. File may be NULL. + * + ****************************************************************************/ +struct CookieInfo *cookie_init(char *file) +{ + char line[MAX_COOKIE_LINE]; + struct CookieInfo *c; + FILE *fp; + + c = (struct CookieInfo *)malloc(sizeof(struct CookieInfo)); + if(!c) + return NULL; /* failed to get memory */ + memset(c, 0, sizeof(struct CookieInfo)); + c->filename = strdup(file?file:"none"); /* copy the name just in case */ + + fp = file?fopen(file, "r"):NULL; + if(fp) { + while(fgets(line, MAX_COOKIE_LINE, fp)) { + if(strnequal("Set-Cookie:", line, 11)) { + /* This is a cookie line, get it! */ + char *lineptr=&line[11]; + while(*lineptr && isspace((int)*lineptr)) + lineptr++; + + cookie_add(c, TRUE, lineptr); + } + else { + /* This might be a netscape cookie-file line, get it! */ + char *lineptr=line; + while(*lineptr && isspace((int)*lineptr)) + lineptr++; + + cookie_add(c, FALSE, lineptr); + } + } + fclose(fp); + } + + return c; +} + +/***************************************************************************** + * + * cookie_getlist() + * + * For a given host and path, return a linked list of cookies that the + * client should send to the server if used now. The secure boolean informs + * the cookie if a secure connection is achieved or not. + * + * It shall only return cookies that haven't expired. + * + ****************************************************************************/ + +struct Cookie *cookie_getlist(struct CookieInfo *c, + char *host, char *path, bool secure) +{ + struct Cookie *newco; + struct Cookie *co; + time_t now = time(NULL); + int hostlen=strlen(host); + int domlen; + + struct Cookie *mainco=NULL; + + if(!c || !c->cookies) + return NULL; /* no cookie struct or no cookies in the struct */ + + co = c->cookies; + + while(co) { + /* only process this cookie if it is not expired or had no expire + date AND that if the cookie requires we're secure we must only + continue if we are! */ + if( (co->expires<=0 || (co->expires> now)) && + (co->secure?secure:TRUE) ) { + + /* now check if the domain is correct */ + domlen=co->domain?strlen(co->domain):0; + if(!co->domain || + ((domlendomain)) ) { + /* the right part of the host matches the domain stuff in the + cookie data */ + + /* now check the left part of the path with the cookies path + requirement */ + if(!co->path || + strnequal(path, co->path, strlen(co->path))) { + + /* and now, we know this is a match and we should create an + entry for the return-linked-list */ + + newco = (struct Cookie *)malloc(sizeof(struct Cookie)); + if(newco) { + /* first, copy the whole source cookie: */ + memcpy(newco, co, sizeof(struct Cookie)); + + /* then modify our next */ + newco->next = mainco; + + /* point the main to us */ + mainco = newco; + } + } + } + } + co = co->next; + } + + return mainco; /* return the new list */ +} + + +/***************************************************************************** + * + * cookie_freelist() + * + * Free a list previously returned by cookie_getlist(); + * + ****************************************************************************/ + +void cookie_freelist(struct Cookie *co) +{ + struct Cookie *next; + if(co) { + while(co) { + next = co->next; + free(co); /* we only free the struct since the "members" are all + just copied! */ + co = next; + } + } +} + +/***************************************************************************** + * + * cookie_cleanup() + * + * Free a "cookie object" previous created with cookie_init(). + * + ****************************************************************************/ +void cookie_cleanup(struct CookieInfo *c) +{ + struct Cookie *co; + struct Cookie *next; + if(c) { + if(c->filename) + free(c->filename); + co = c->cookies; + + while(co) { + if(co->name) + free(co->name); + if(co->value) + free(co->value); + if(co->domain) + free(co->domain); + if(co->path) + free(co->path); + if(co->expirestr) + free(co->expirestr); + + next = co->next; + free(co); + co = next; + } + } +} + -- cgit v1.2.1 From c6a8bb3d5642ab674f884c535ca4955b951f2ff8 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 1 Feb 2000 23:54:51 +0000 Subject: Added some RFC2109 support --- lib/cookie.c | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index dde335042..613c52e7f 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -101,6 +101,7 @@ struct Cookie *cookie_add(struct CookieInfo *c, *semiptr='\0'; /* zero terminate for a while */ /* we have a = pair or a 'secure' word here */ if(strchr(ptr, '=')) { + name[0]=what[0]=0; /* init the buffers */ if(2 == sscanf(ptr, "%" MAX_NAME_TXT "[^=]=%" MAX_COOKIE_LINE_TXT "[^\r\n]", name, what)) { @@ -111,6 +112,23 @@ struct Cookie *cookie_add(struct CookieInfo *c, else if(strequal("domain", name)) { co->domain=strdup(what); } + else if(strequal("version", name)) { + co->version=strdup(what); + } + else if(strequal("max-age", name)) { + /* Defined in RFC2109: + + Optional. The Max-Age attribute defines the lifetime of the + cookie, in seconds. The delta-seconds value is a decimal non- + negative integer. After delta-seconds seconds elapse, the + client should discard the cookie. A value of zero means the + cookie should be discarded immediately. + + */ + co->maxage = strdup(what); + co->expires = + atoi((*co->maxage=='\"')?&co->maxage[1]:&co->maxage[0]); + } else if(strequal("expires", name)) { co->expirestr=strdup(what); co->expires = get_date(what, &now); @@ -264,6 +282,11 @@ struct Cookie *cookie_add(struct CookieInfo *c, if(clist->expirestr) free(clist->expirestr); + if(clist->version) + free(clist->version); + if(clist->maxage) + free(clist->maxage); + *clist = *co; /* then store all the new data */ } @@ -448,6 +471,11 @@ void cookie_cleanup(struct CookieInfo *c) if(co->expirestr) free(co->expirestr); + if(co->version) + free(co->version); + if(co->maxage) + free(co->maxage); + next = co->next; free(co); co = next; -- cgit v1.2.1 From 9280c208d3caf4b0188b66d32dffbce8f32f705f Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 10 Feb 2000 23:14:53 +0000 Subject: * Made '-' as file name to read cookies from equal stdin. * I hope I finally removed 'empty cookies' crash --- lib/cookie.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 613c52e7f..00497bc94 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -102,7 +102,7 @@ struct Cookie *cookie_add(struct CookieInfo *c, /* we have a = pair or a 'secure' word here */ if(strchr(ptr, '=')) { name[0]=what[0]=0; /* init the buffers */ - if(2 == sscanf(ptr, "%" MAX_NAME_TXT "[^=]=%" + if(1 <= sscanf(ptr, "%" MAX_NAME_TXT "[^=]=%" MAX_COOKIE_LINE_TXT "[^\r\n]", name, what)) { /* this is a legal = pair */ @@ -317,14 +317,21 @@ struct CookieInfo *cookie_init(char *file) char line[MAX_COOKIE_LINE]; struct CookieInfo *c; FILE *fp; - + bool fromfile=TRUE; + c = (struct CookieInfo *)malloc(sizeof(struct CookieInfo)); if(!c) return NULL; /* failed to get memory */ memset(c, 0, sizeof(struct CookieInfo)); c->filename = strdup(file?file:"none"); /* copy the name just in case */ - fp = file?fopen(file, "r"):NULL; + if(strequal(file, "-")) { + fp = stdin; + fromfile=FALSE; + } + else + fp = file?fopen(file, "r"):NULL; + if(fp) { while(fgets(line, MAX_COOKIE_LINE, fp)) { if(strnequal("Set-Cookie:", line, 11)) { @@ -344,7 +351,8 @@ struct CookieInfo *cookie_init(char *file) cookie_add(c, FALSE, lineptr); } } - fclose(fp); + if(fromfile) + fclose(fp); } return c; -- cgit v1.2.1 From 96dde76b99897352aa3d0877a0b621a9e605733e Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 22 May 2000 14:12:12 +0000 Subject: moved here from the newlib branch --- lib/cookie.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 00497bc94..8038dafe3 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -62,6 +62,7 @@ Example set of cookies: #include "cookie.h" #include "setup.h" #include "getdate.h" +#include "strequal.h" /**************************************************************************** * @@ -131,7 +132,7 @@ struct Cookie *cookie_add(struct CookieInfo *c, } else if(strequal("expires", name)) { co->expirestr=strdup(what); - co->expires = get_date(what, &now); + co->expires = curl_getdate(what, &now); } else if(!co->name) { co->name = strdup(name); @@ -173,9 +174,11 @@ struct Cookie *cookie_add(struct CookieInfo *c, return NULL; } /* strip off the possible end-of-line characters */ - if(ptr=strchr(lineptr, '\r')) + ptr=strchr(lineptr, '\r'); + if(ptr) *ptr=0; /* clear it */ - if(ptr=strchr(lineptr, '\n')) + ptr=strchr(lineptr, '\n'); + if(ptr) *ptr=0; /* clear it */ firstptr=strtok(lineptr, "\t"); /* first tokenize it on the TAB */ -- cgit v1.2.1 From b6e18f2f665f16910c04cb52bdc7b90270ab7c9b Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 24 Aug 2000 14:26:33 +0000 Subject: #include "setup.h" moved first of all includes --- lib/cookie.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 8038dafe3..e21e88b40 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -55,12 +55,13 @@ Example set of cookies: 13-Jun-1988 03:04:55 GMT; domain=.fidelity.com; path=/; secure ****/ +#include "setup.h" + #include #include #include #include "cookie.h" -#include "setup.h" #include "getdate.h" #include "strequal.h" -- cgit v1.2.1 From 28ad7dc4a1e78d55a17fe4c0b20823791ce74caa Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 25 Sep 2000 22:14:42 +0000 Subject: a single cookie does not require a trailing semicolon anymore --- lib/cookie.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index e21e88b40..01c3f2d2f 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -99,8 +99,9 @@ struct Cookie *cookie_add(struct CookieInfo *c, semiptr=strchr(lineptr, ';'); /* first, find a semicolon */ ptr = lineptr; - while(semiptr) { - *semiptr='\0'; /* zero terminate for a while */ + do { + if(semiptr) + *semiptr='\0'; /* zero terminate for a while */ /* we have a = pair or a 'secure' word here */ if(strchr(ptr, '=')) { name[0]=what[0]=0; /* init the buffers */ @@ -156,12 +157,15 @@ struct Cookie *cookie_add(struct CookieInfo *c, ; /* unsupported keyword without assign! */ } } + if(!semiptr) + continue; /* we already know there are no more cookies */ + *semiptr=';'; /* put the semicolon back */ ptr=semiptr+1; while(ptr && *ptr && isspace((int)*ptr)) ptr++; semiptr=strchr(ptr, ';'); /* now, find the next semicolon */ - } + } while(semiptr); } else { /* This line is NOT a HTTP header style line, we do offer support for -- cgit v1.2.1 From 0f8facb49b45a711fa7832c68260a5b45b362922 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 9 Oct 2000 11:12:34 +0000 Subject: added memory debugging include file --- lib/cookie.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 01c3f2d2f..a39ff88ad 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -65,6 +65,11 @@ Example set of cookies: #include "getdate.h" #include "strequal.h" +/* The last #include file should be: */ +#ifdef MALLOCDEBUG +#include "memdebug.h" +#endif + /**************************************************************************** * * cookie_add() @@ -496,6 +501,7 @@ void cookie_cleanup(struct CookieInfo *c) free(co); co = next; } + free(c); /* free the base struct as well */ } } -- cgit v1.2.1 From 78423c5899c3927fc038c0f8ceccce9245c5043d Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Fri, 10 Nov 2000 08:10:04 +0000 Subject: Venkataramana Mokkapati corrected a cookie parser bug --- lib/cookie.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index a39ff88ad..f372cb544 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -409,7 +409,7 @@ struct Cookie *cookie_getlist(struct CookieInfo *c, /* now check if the domain is correct */ domlen=co->domain?strlen(co->domain):0; if(!co->domain || - ((domlendomain)) ) { /* the right part of the host matches the domain stuff in the cookie data */ -- cgit v1.2.1 From 24dee483e9e925c2ab79dd582f70c9a55ab9ba4d Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 3 Jan 2001 09:29:33 +0000 Subject: dual-license fix --- lib/cookie.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index f372cb544..8016a63f1 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -1,3 +1,25 @@ +/***************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 2000, Daniel Stenberg, , et al. + * + * In order to be useful for every potential user, curl and libcurl are + * dual-licensed under the MPL and the MIT/X-derivate licenses. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the MPL or the MIT/X-derivate + * licenses. You may pick one of these licenses. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + * $Id$ + *****************************************************************************/ /*** -- cgit v1.2.1 From 4031104404c6ceed5e57134125dcdb6cac51c564 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Fri, 5 Jan 2001 10:11:41 +0000 Subject: Internal symbols that aren't static are now prefixed with 'Curl_' --- lib/cookie.c | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 8016a63f1..d1c308304 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -100,9 +100,10 @@ Example set of cookies: * ***************************************************************************/ -struct Cookie *cookie_add(struct CookieInfo *c, - bool httpheader, /* TRUE if HTTP header-style line */ - char *lineptr) /* first non-space of the line */ +struct Cookie * +Curl_cookie_add(struct CookieInfo *c, + bool httpheader, /* TRUE if HTTP header-style line */ + char *lineptr) /* first non-space of the line */ { struct Cookie *clist; char what[MAX_COOKIE_LINE]; @@ -347,7 +348,7 @@ struct Cookie *cookie_add(struct CookieInfo *c, * called before any cookies are set. File may be NULL. * ****************************************************************************/ -struct CookieInfo *cookie_init(char *file) +struct CookieInfo *Curl_cookie_init(char *file) { char line[MAX_COOKIE_LINE]; struct CookieInfo *c; @@ -375,7 +376,7 @@ struct CookieInfo *cookie_init(char *file) while(*lineptr && isspace((int)*lineptr)) lineptr++; - cookie_add(c, TRUE, lineptr); + Curl_cookie_add(c, TRUE, lineptr); } else { /* This might be a netscape cookie-file line, get it! */ @@ -383,7 +384,7 @@ struct CookieInfo *cookie_init(char *file) while(*lineptr && isspace((int)*lineptr)) lineptr++; - cookie_add(c, FALSE, lineptr); + Curl_cookie_add(c, FALSE, lineptr); } } if(fromfile) @@ -405,8 +406,8 @@ struct CookieInfo *cookie_init(char *file) * ****************************************************************************/ -struct Cookie *cookie_getlist(struct CookieInfo *c, - char *host, char *path, bool secure) +struct Cookie *Curl_cookie_getlist(struct CookieInfo *c, + char *host, char *path, bool secure) { struct Cookie *newco; struct Cookie *co; @@ -473,7 +474,7 @@ struct Cookie *cookie_getlist(struct CookieInfo *c, * ****************************************************************************/ -void cookie_freelist(struct Cookie *co) +void Curl_cookie_freelist(struct Cookie *co) { struct Cookie *next; if(co) { @@ -493,7 +494,7 @@ void cookie_freelist(struct Cookie *co) * Free a "cookie object" previous created with cookie_init(). * ****************************************************************************/ -void cookie_cleanup(struct CookieInfo *c) +void Curl_cookie_cleanup(struct CookieInfo *c) { struct Cookie *co; struct Cookie *next; -- cgit v1.2.1 From 8dc9f4330c4d9c16c21d6e7c1e94608b6c8f4959 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 23 May 2001 09:26:45 +0000 Subject: =?UTF-8?q?Andr=E9s=20Garc=EDa's=20netscape=20cookie=20file=20pars?= =?UTF-8?q?er=20fix?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/cookie.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index d1c308304..3c4034c42 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -233,8 +233,18 @@ Curl_cookie_add(struct CookieInfo *c, /* what _is_ this field for? */ break; case 2: - co->path = strdup(ptr); - break; + /* It turns out, that sometimes the file format allows the path + field to remain not filled in, we try to detect this and work + around it! Andrés García made us aware of this... */ + if (strcmp("TRUE", ptr) && strcmp("FALSE", ptr)) { + /* only if the path doesn't look like a boolean option! */ + co->path = strdup(ptr); + break; + } + /* this doesn't look like a path, make one up! */ + co->path = strdup("/"); + fields++; /* add a field and fall down to secure */ + /* FALLTHROUGH */ case 3: co->secure = strequal(ptr, "TRUE"); break; -- cgit v1.2.1 From 72dec6cfecf9db0b589da7e3b4fc101938298bb1 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 23 May 2001 13:04:19 +0000 Subject: Added Andres' comments about field 2 in netscape cookie files --- lib/cookie.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 3c4034c42..6fa35d783 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -230,7 +230,18 @@ Curl_cookie_add(struct CookieInfo *c, co->domain = strdup(ptr); break; case 1: - /* what _is_ this field for? */ + /* This field got its explanation on the 23rd of May 2001 by + Andrés García: + + flag: A TRUE/FALSE value indicating if all machines within a given + domain can access the variable. This value is set automatically by + the browser, depending on the value you set for the domain. + + As far as I can see, it is set to true when the cookie says + .domain.com and to false when the domain is complete www.domain.com + + We don't currently take advantage of this knowledge. + */ break; case 2: /* It turns out, that sometimes the file format allows the path -- cgit v1.2.1 From d567659bf4003c0808c309a52100a32a82a4b128 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 29 May 2001 19:17:39 +0000 Subject: strtok() replaced with strtok_r() --- lib/cookie.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 6fa35d783..f15a3223e 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -199,6 +199,7 @@ Curl_cookie_add(struct CookieInfo *c, /* This line is NOT a HTTP header style line, we do offer support for reading the odd netscape cookies-file format here */ char *firstptr; + char *tok_buf; int fields; if(lineptr[0]=='#') { @@ -214,7 +215,7 @@ Curl_cookie_add(struct CookieInfo *c, if(ptr) *ptr=0; /* clear it */ - firstptr=strtok(lineptr, "\t"); /* first tokenize it on the TAB */ + firstptr=strtok_r(lineptr, "\t", &tok_buf); /* first tokenize it on the TAB */ /* Here's a quick check to eliminate normal HTTP-headers from this */ if(!firstptr || strchr(firstptr, ':')) { @@ -224,7 +225,7 @@ Curl_cookie_add(struct CookieInfo *c, /* Now loop through the fields and init the struct we already have allocated */ - for(ptr=firstptr, fields=0; ptr; ptr=strtok(NULL, "\t"), fields++) { + for(ptr=firstptr, fields=0; ptr; ptr=strtok_r(NULL, "\t", &tok_buf), fields++) { switch(fields) { case 0: co->domain = strdup(ptr); -- cgit v1.2.1 From 870bacd6897b62666aeaaa8b8b2c937529abac90 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 30 May 2001 11:06:56 +0000 Subject: include strtok.h to get the prototype --- lib/cookie.c | 1 + 1 file changed, 1 insertion(+) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index f15a3223e..2585639b5 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -86,6 +86,7 @@ Example set of cookies: #include "cookie.h" #include "getdate.h" #include "strequal.h" +#include "strtok.h" /* The last #include file should be: */ #ifdef MALLOCDEBUG -- cgit v1.2.1 From c8926138d12d2c074e52093db83cea3350fdab30 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 14 Aug 2001 08:17:29 +0000 Subject: commented out empty else blocks to shut up pedantic compilers --- lib/cookie.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 2585639b5..3ec72250f 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -169,9 +169,9 @@ Curl_cookie_add(struct CookieInfo *c, co->name = strdup(name); co->value = strdup(what); } - else - ;/* this is the second (or more) name we don't know - about! */ + /* + else this is the second (or more) name we don't know + about! */ } else { /* this is an "illegal" = pair */ @@ -182,8 +182,9 @@ Curl_cookie_add(struct CookieInfo *c, what)) { if(strequal("secure", what)) co->secure = TRUE; - else - ; /* unsupported keyword without assign! */ + /* else, + unsupported keyword without assign! */ + } } if(!semiptr) -- cgit v1.2.1 From c9c2115088e0ae46bd88e42425c32e42ff0be87b Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 23 Aug 2001 14:05:25 +0000 Subject: started working on a function for writing (all) cookies, made it possible to read multiple cookie files, no longer writes to the URL string passed to the _add() function. The new stuff is now conditionally compiled on the COOKIE define. Changed the _init() proto. --- lib/cookie.c | 173 +++++++++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 139 insertions(+), 34 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 3ec72250f..a8c4179a5 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2000, Daniel Stenberg, , et al. + * Copyright (C) 2001, Daniel Stenberg, , et al. * * In order to be useful for every potential user, curl and libcurl are * dual-licensed under the MPL and the MIT/X-derivate licenses. @@ -95,7 +95,7 @@ Example set of cookies: /**************************************************************************** * - * cookie_add() + * Curl_cookie_add() * * Add a single cookie line to the cookie keeping object. * @@ -112,6 +112,7 @@ Curl_cookie_add(struct CookieInfo *c, char *ptr; char *semiptr; struct Cookie *co; + struct Cookie *lastc=NULL; time_t now = time(NULL); bool replace_old = FALSE; @@ -129,13 +130,11 @@ Curl_cookie_add(struct CookieInfo *c, semiptr=strchr(lineptr, ';'); /* first, find a semicolon */ ptr = lineptr; do { - if(semiptr) - *semiptr='\0'; /* zero terminate for a while */ /* we have a = pair or a 'secure' word here */ if(strchr(ptr, '=')) { name[0]=what[0]=0; /* init the buffers */ if(1 <= sscanf(ptr, "%" MAX_NAME_TXT "[^=]=%" - MAX_COOKIE_LINE_TXT "[^\r\n]", + MAX_COOKIE_LINE_TXT "[^;\r\n]", name, what)) { /* this is a legal = pair */ if(strequal("path", name)) { @@ -178,7 +177,7 @@ Curl_cookie_add(struct CookieInfo *c, } } else { - if(sscanf(ptr, "%" MAX_COOKIE_LINE_TXT "[^\r\n]", + if(sscanf(ptr, "%" MAX_COOKIE_LINE_TXT "[^;\r\n]", what)) { if(strequal("secure", what)) co->secure = TRUE; @@ -190,7 +189,6 @@ Curl_cookie_add(struct CookieInfo *c, if(!semiptr) continue; /* we already know there are no more cookies */ - *semiptr=';'; /* put the semicolon back */ ptr=semiptr+1; while(ptr && *ptr && isspace((int)*ptr)) ptr++; @@ -245,6 +243,7 @@ Curl_cookie_add(struct CookieInfo *c, We don't currently take advantage of this knowledge. */ + co->field1=strequal(ptr, "TRUE")+1; /* store information */ break; case 2: /* It turns out, that sometimes the file format allows the path @@ -293,6 +292,8 @@ Curl_cookie_add(struct CookieInfo *c, } + co->livecookie = c->running; + /* now, we have parsed the incoming line, we must now check if this superceeds an already existing cookie, which it may if the previous have the same domain and path as this */ @@ -327,6 +328,26 @@ Curl_cookie_add(struct CookieInfo *c, } + if(replace_old && !co->livecookie && clist->livecookie) { + /* Both cookies matched fine, except that the already present + cookie is "live", which means it was set from a header, while + the new one isn't "live" and thus only read from a file. We let + live cookies stay alive */ + + /* Free the newcomer and get out of here! */ + if(co->domain) + free(co->domain); + if(co->path) + free(co->path); + if(co->name) + free(co->name); + if(co->value) + free(co->value); + + free(co); + return NULL; + } + if(replace_old) { co->next = clist->next; /* get the next-pointer first */ @@ -351,39 +372,49 @@ Curl_cookie_add(struct CookieInfo *c, } } + lastc = clist; clist = clist->next; } if(!replace_old) { - - /* first, point to our "next" */ - co->next = c->cookies; - /* then make ourselves first in the list */ - c->cookies = co; + /* then make the last item point on this new one */ + if(lastc) + lastc->next = co; + else + c->cookies = co; } + return co; } /***************************************************************************** * - * cookie_init() + * Curl_cookie_init() * * Inits a cookie struct to read data from a local file. This is always * called before any cookies are set. File may be NULL. * ****************************************************************************/ -struct CookieInfo *Curl_cookie_init(char *file) +struct CookieInfo *Curl_cookie_init(char *file, struct CookieInfo *inc) { char line[MAX_COOKIE_LINE]; struct CookieInfo *c; FILE *fp; bool fromfile=TRUE; - c = (struct CookieInfo *)malloc(sizeof(struct CookieInfo)); - if(!c) - return NULL; /* failed to get memory */ - memset(c, 0, sizeof(struct CookieInfo)); - c->filename = strdup(file?file:"none"); /* copy the name just in case */ + if(NULL == inc) { + /* we didn't get a struct, create one */ + c = (struct CookieInfo *)malloc(sizeof(struct CookieInfo)); + if(!c) + return NULL; /* failed to get memory */ + memset(c, 0, sizeof(struct CookieInfo)); + c->filename = strdup(file?file:"none"); /* copy the name just in case */ + } + else { + /* we got an already existing one, use that */ + c = inc; + } + c->running = FALSE; /* this is not running, this is init */ if(strequal(file, "-")) { fp = stdin; @@ -393,34 +424,35 @@ struct CookieInfo *Curl_cookie_init(char *file) fp = file?fopen(file, "r"):NULL; if(fp) { + char *lineptr; + bool headerline; while(fgets(line, MAX_COOKIE_LINE, fp)) { if(strnequal("Set-Cookie:", line, 11)) { /* This is a cookie line, get it! */ - char *lineptr=&line[11]; - while(*lineptr && isspace((int)*lineptr)) - lineptr++; - - Curl_cookie_add(c, TRUE, lineptr); + lineptr=&line[11]; + headerline=TRUE; } else { - /* This might be a netscape cookie-file line, get it! */ - char *lineptr=line; - while(*lineptr && isspace((int)*lineptr)) - lineptr++; - - Curl_cookie_add(c, FALSE, lineptr); + lineptr=line; + headerline=FALSE; } + while(*lineptr && isspace((int)*lineptr)) + lineptr++; + + Curl_cookie_add(c, headerline, lineptr); } if(fromfile) fclose(fp); } + c->running = TRUE; /* now, we're running */ + return c; } /***************************************************************************** * - * cookie_getlist() + * Curl_cookie_getlist() * * For a given host and path, return a linked list of cookies that the * client should send to the server if used now. The secure boolean informs @@ -492,9 +524,9 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c, /***************************************************************************** * - * cookie_freelist() + * Curl_cookie_freelist() * - * Free a list previously returned by cookie_getlist(); + * Free a list of cookies previously returned by Curl_cookie_getlist(); * ****************************************************************************/ @@ -513,7 +545,7 @@ void Curl_cookie_freelist(struct Cookie *co) /***************************************************************************** * - * cookie_cleanup() + * Curl_cookie_cleanup() * * Free a "cookie object" previous created with cookie_init(). * @@ -552,3 +584,76 @@ void Curl_cookie_cleanup(struct CookieInfo *c) } } +#ifdef COOKIE /* experiemental functions for the upcoming cookie jar stuff */ + +/* + * On my Solaris box, this command line builds this test program: + * + * gcc -g -o cooktest -DCOOKIE=1 -DHAVE_CONFIG_H -I.. -I../include cookie.c strequal.o getdate.o memdebug.o mprintf.o strtok.o -lnsl -lsocket + * + */ + +void Curl_cookie_output(struct CookieInfo *c) +{ + struct Cookie *co; + struct Cookie *next; + if(c) { +#if COOKIE > 1 + if(c->filename) + printf("Got these cookies from: \"%s\"\n", c->filename); +#else + puts("# Netscape HTTP Cookie File\n" + "# http://www.netscape.com/newsref/std/cookie_spec.html\n" + "# This is generated by libcurl! Do not edit.\n"); +#endif + + co = c->cookies; + + while(co) { +#if COOKIE > 1 + printf("Name: %s\n", co->name?co->name:""); + printf(" Value: %s\n", co->value?co->value:""); + printf(" Domain: %s\n", co->domain?co->domain:""); + printf(" Path: %s\n", co->path?co->path:""); + printf(" Expire: %s\n", co->expirestr?co->expirestr:""); + printf(" Version: %s\n", co->version?co->version:""); + printf(" Max-Age: %s\n\n", co->maxage?co->maxage:""); +#endif + printf("%s\t" /* domain */ + "%s\t" /* field1 */ + "%s\t" /* path */ + "%s\t" /* secure */ + "%d\t" /* expires */ + "%s\t" /* name */ + "%s\n", /* value */ + co->domain, + co->field1==2?"TRUE":"FALSE", + co->path, + co->secure?"TRUE":"FALSE", + co->expires, + co->name, + co->value); + + co=co->next; + } + } +} + +int main(int argc, char **argv) +{ + struct CookieInfo *c=NULL; + if(argc>1) { + c = Curl_cookie_init(argv[1], c); + c = Curl_cookie_init(argv[1], c); + c = Curl_cookie_init(argv[1], c); + + Curl_cookie_add(c, TRUE, "PERSONALIZE=none;expires=Monday, 13-Jun-1988 03:04:55 GMT; domain=.fidelity.com; path=/ftgw; secure"); + + Curl_cookie_output(c); + Curl_cookie_cleanup(c); + return 0; + } + return 1; +} + +#endif -- cgit v1.2.1 From 9e5dfc15ac7f7e31bf61bb172fda28da979b8137 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Sun, 26 Aug 2001 14:28:05 +0000 Subject: improved the test --- lib/cookie.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index a8c4179a5..b9acb944b 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -644,10 +644,8 @@ int main(int argc, char **argv) struct CookieInfo *c=NULL; if(argc>1) { c = Curl_cookie_init(argv[1], c); - c = Curl_cookie_init(argv[1], c); - c = Curl_cookie_init(argv[1], c); - Curl_cookie_add(c, TRUE, "PERSONALIZE=none;expires=Monday, 13-Jun-1988 03:04:55 GMT; domain=.fidelity.com; path=/ftgw; secure"); + c = Curl_cookie_init(argv[1], c); Curl_cookie_output(c); Curl_cookie_cleanup(c); -- cgit v1.2.1 From a2b6ef3478e2c37982521a326ea7b90d856adc8c Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 29 Aug 2001 09:32:18 +0000 Subject: cookie jar adjustments --- lib/cookie.c | 99 ++++++++++++++++++++++++++++++++++++------------------------ 1 file changed, 60 insertions(+), 39 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index b9acb944b..f303363d8 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -384,6 +384,8 @@ Curl_cookie_add(struct CookieInfo *c, c->cookies = co; } + c->numcookies++; /* one more cookie in the jar */ + return co; } @@ -584,67 +586,86 @@ void Curl_cookie_cleanup(struct CookieInfo *c) } } -#ifdef COOKIE /* experiemental functions for the upcoming cookie jar stuff */ - /* - * On my Solaris box, this command line builds this test program: + * Curl_cookie_output() * - * gcc -g -o cooktest -DCOOKIE=1 -DHAVE_CONFIG_H -I.. -I../include cookie.c strequal.o getdate.o memdebug.o mprintf.o strtok.o -lnsl -lsocket + * Writes all internally known cookies to the specified file. Specify + * "-" as file name to write to stdout. * + * The function returns non-zero on write failure. */ - -void Curl_cookie_output(struct CookieInfo *c) +int Curl_cookie_output(struct CookieInfo *c, char *dumphere) { struct Cookie *co; - struct Cookie *next; + FILE *out; + bool use_stdout=FALSE; + + if(0 == c->numcookies) + /* If there are no known cookies, we don't write or even create any + destination file */ + return 0; + + if(strequal("-", dumphere)) { + /* use stdout */ + out = stdout; + use_stdout=TRUE; + } + else { + out = fopen(dumphere, "w"); + if(!out) + return 1; /* failure */ + } + if(c) { -#if COOKIE > 1 - if(c->filename) - printf("Got these cookies from: \"%s\"\n", c->filename); -#else - puts("# Netscape HTTP Cookie File\n" - "# http://www.netscape.com/newsref/std/cookie_spec.html\n" - "# This is generated by libcurl! Do not edit.\n"); -#endif - + fputs("# Netscape HTTP Cookie File\n" + "# http://www.netscape.com/newsref/std/cookie_spec.html\n" + "# This is generated by libcurl! Edit on your own risk.\n\n", + out); co = c->cookies; while(co) { -#if COOKIE > 1 - printf("Name: %s\n", co->name?co->name:""); - printf(" Value: %s\n", co->value?co->value:""); - printf(" Domain: %s\n", co->domain?co->domain:""); - printf(" Path: %s\n", co->path?co->path:""); - printf(" Expire: %s\n", co->expirestr?co->expirestr:""); - printf(" Version: %s\n", co->version?co->version:""); - printf(" Max-Age: %s\n\n", co->maxage?co->maxage:""); -#endif - printf("%s\t" /* domain */ - "%s\t" /* field1 */ - "%s\t" /* path */ - "%s\t" /* secure */ - "%d\t" /* expires */ - "%s\t" /* name */ - "%s\n", /* value */ - co->domain, - co->field1==2?"TRUE":"FALSE", - co->path, - co->secure?"TRUE":"FALSE", - co->expires, - co->name, - co->value); + fprintf(out, + "%s\t" /* domain */ + "%s\t" /* field1 */ + "%s\t" /* path */ + "%s\t" /* secure */ + "%u\t" /* expires */ + "%s\t" /* name */ + "%s\n", /* value */ + co->domain, + co->field1==2?"TRUE":"FALSE", + co->path, + co->secure?"TRUE":"FALSE", + (unsigned int)co->expires, + co->name, + co->value); co=co->next; } } + + if(!use_stdout) + fclose(out); + + return 0; } +#ifdef CURL_COOKIE_DEBUG + +/* + * On my Solaris box, this command line builds this test program: + * + * gcc -g -o cooktest -DCURL_COOKIE_DEBUG -DHAVE_CONFIG_H -I.. -I../include cookie.c strequal.o getdate.o memdebug.o mprintf.o strtok.o -lnsl -lsocket + * + */ + int main(int argc, char **argv) { struct CookieInfo *c=NULL; if(argc>1) { c = Curl_cookie_init(argv[1], c); Curl_cookie_add(c, TRUE, "PERSONALIZE=none;expires=Monday, 13-Jun-1988 03:04:55 GMT; domain=.fidelity.com; path=/ftgw; secure"); + Curl_cookie_add(c, TRUE, "foobar=yes; domain=.haxx.se; path=/looser;"); c = Curl_cookie_init(argv[1], c); Curl_cookie_output(c); -- cgit v1.2.1 From 6147879837a53d22c9be04e7a4fc315a297ba2b3 Mon Sep 17 00:00:00 2001 From: Sterling Hughes Date: Fri, 7 Sep 2001 04:01:32 +0000 Subject: Added formatting sections for emacs and vim --- lib/cookie.c | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index f303363d8..f17f39c83 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -676,3 +676,11 @@ int main(int argc, char **argv) } #endif + +/* + * local variables: + * eval: (load-file "../curl-mode.el") + * end: + * vim600: et sw=2 ts=2 sts=2 tw=78 fdm=marker + * vim<600: et sw=2 ts=2 sts=2 tw=78 + */ -- cgit v1.2.1 From 3f5227dfc7389f008137a6f4703af8022ab862f3 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 10 Sep 2001 07:43:08 +0000 Subject: Curl_cookie_output() must check that there's a cookie struct present before trying to address it! --- lib/cookie.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index f17f39c83..f859b0bee 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -600,7 +600,7 @@ int Curl_cookie_output(struct CookieInfo *c, char *dumphere) FILE *out; bool use_stdout=FALSE; - if(0 == c->numcookies) + if((NULL == c) || (0 == c->numcookies)) /* If there are no known cookies, we don't write or even create any destination file */ return 0; -- cgit v1.2.1 From 598e8dfbfbf3ed8db75cfd574b05904ecb486c34 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 26 Sep 2001 07:08:29 +0000 Subject: Now we're setting a default domain for received cookies so that we can properly match those cookies in subsequent requests --- lib/cookie.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index f859b0bee..2ae3b1624 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -104,7 +104,8 @@ Example set of cookies: struct Cookie * Curl_cookie_add(struct CookieInfo *c, bool httpheader, /* TRUE if HTTP header-style line */ - char *lineptr) /* first non-space of the line */ + char *lineptr, /* first non-space of the line */ + char *domain) /* default domain */ { struct Cookie *clist; char what[MAX_COOKIE_LINE]; @@ -194,6 +195,10 @@ Curl_cookie_add(struct CookieInfo *c, ptr++; semiptr=strchr(ptr, ';'); /* now, find the next semicolon */ } while(semiptr); + + if(NULL == co->domain) + /* no domain given in the header line, set the default now */ + co->domain=strdup(domain); } else { /* This line is NOT a HTTP header style line, we do offer support for @@ -441,7 +446,7 @@ struct CookieInfo *Curl_cookie_init(char *file, struct CookieInfo *inc) while(*lineptr && isspace((int)*lineptr)) lineptr++; - Curl_cookie_add(c, headerline, lineptr); + Curl_cookie_add(c, headerline, lineptr, NULL); } if(fromfile) fclose(fp); @@ -632,13 +637,13 @@ int Curl_cookie_output(struct CookieInfo *c, char *dumphere) "%u\t" /* expires */ "%s\t" /* name */ "%s\n", /* value */ - co->domain, + co->domain?co->domain:"unknown", co->field1==2?"TRUE":"FALSE", - co->path, + co->path?co->path:"/", co->secure?"TRUE":"FALSE", (unsigned int)co->expires, co->name, - co->value); + co->value?co->value:""); co=co->next; } -- cgit v1.2.1 From e719f4169c39b1a8a721e77c7e2dd3673c42fd0d Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 8 Oct 2001 06:43:22 +0000 Subject: corrected cookie-jar comment --- lib/cookie.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 2ae3b1624..551dd1489 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -624,7 +624,7 @@ int Curl_cookie_output(struct CookieInfo *c, char *dumphere) if(c) { fputs("# Netscape HTTP Cookie File\n" "# http://www.netscape.com/newsref/std/cookie_spec.html\n" - "# This is generated by libcurl! Edit on your own risk.\n\n", + "# This file was generated by libcurl! Edit at your own risk.\n\n", out); co = c->cookies; -- cgit v1.2.1 From f2a25966cf7d18070a7f0e7a61379c3a6e7605b5 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 10 Oct 2001 12:48:32 +0000 Subject: cookiejar now enables the cookie engine --- lib/cookie.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 551dd1489..12e4074c2 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -423,7 +423,7 @@ struct CookieInfo *Curl_cookie_init(char *file, struct CookieInfo *inc) } c->running = FALSE; /* this is not running, this is init */ - if(strequal(file, "-")) { + if(file && strequal(file, "-")) { fp = stdin; fromfile=FALSE; } -- cgit v1.2.1 From 8e91d5de8e4e17ce3d4936cc91171d09726e7bb3 Mon Sep 17 00:00:00 2001 From: Sterling Hughes Date: Thu, 11 Oct 2001 09:32:19 +0000 Subject: looks nicer and is better compatible with older vim versions --- lib/cookie.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 12e4074c2..97330cbc7 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -686,6 +686,6 @@ int main(int argc, char **argv) * local variables: * eval: (load-file "../curl-mode.el") * end: - * vim600: et sw=2 ts=2 sts=2 tw=78 fdm=marker - * vim<600: et sw=2 ts=2 sts=2 tw=78 + * vim600: fdm=marker + * vim: et sw=2 ts=2 sts=2 tw=78 */ -- cgit v1.2.1 From c6822f5a7f4b188dd09f9c0a582d8e76c63be7c3 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 24 Oct 2001 11:36:55 +0000 Subject: T. Bharath found this memory leak. It occurs when we replace an internally already existing cookie with a new one. --- lib/cookie.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 97330cbc7..bac0adb2f 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -374,6 +374,9 @@ Curl_cookie_add(struct CookieInfo *c, free(clist->maxage); *clist = *co; /* then store all the new data */ + + free(co); /* free the newly alloced memory */ + co = clist; /* point to the previous struct instead */ } } -- cgit v1.2.1 From 6d35984286908e199e2ec9516ebbe322745bf2c2 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 30 Oct 2001 12:08:17 +0000 Subject: prevent strdup()ing NULL -- Paul Harrington's report --- lib/cookie.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index bac0adb2f..697081117 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -198,7 +198,7 @@ Curl_cookie_add(struct CookieInfo *c, if(NULL == co->domain) /* no domain given in the header line, set the default now */ - co->domain=strdup(domain); + co->domain=domain?strdup(domain):NULL; } else { /* This line is NOT a HTTP header style line, we do offer support for -- cgit v1.2.1 From d9a77730114b25f0d073208495c8702d9dc28161 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 7 Jan 2002 14:56:15 +0000 Subject: added precautions to not go insane when two matching cookies end up in the cookie list, even though they're not supposed to do that... --- lib/cookie.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 697081117..9ffdd2abe 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -377,8 +377,15 @@ Curl_cookie_add(struct CookieInfo *c, free(co); /* free the newly alloced memory */ co = clist; /* point to the previous struct instead */ - } + /* We have replaced a cookie, now skip the rest of the list but + make sure the 'lastc' pointer is properly set */ + do { + lastc = clist; + clist = clist->next; + } while(clist); + break; + } } lastc = clist; clist = clist->next; -- cgit v1.2.1 From 87037136efd4d5eeefb7456c2ad14740a956e47d Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 7 Jan 2002 23:05:36 +0000 Subject: As identified in bug report #495290, the last "name=value" pair in a Set-Cookie: line was ignored if they didn't end with a trailing semicolon. This is indeed wrong syntax, but there are high-profile web sites out there sending cookies like that so we must make a best-effort to parse them. --- lib/cookie.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 9ffdd2abe..8ba09832f 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -194,6 +194,11 @@ Curl_cookie_add(struct CookieInfo *c, while(ptr && *ptr && isspace((int)*ptr)) ptr++; semiptr=strchr(ptr, ';'); /* now, find the next semicolon */ + + if(!semiptr && *ptr) + /* There are no more semicolons, but there's a final name=value pair + coming up */ + semiptr=ptr; } while(semiptr); if(NULL == co->domain) -- cgit v1.2.1 From a23a897ad219e15b9bfd1f8a740465f3c0f98bfc Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 26 Feb 2002 13:07:53 +0000 Subject: removed crash on weird input, this also better discards silly input --- lib/cookie.c | 39 +++++++++++++++++++++++++++++++-------- 1 file changed, 31 insertions(+), 8 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 8ba09832f..4362bd257 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2001, Daniel Stenberg, , et al. + * Copyright (C) 2002, Daniel Stenberg, , et al. * * In order to be useful for every potential user, curl and libcurl are * dual-licensed under the MPL and the MIT/X-derivate licenses. @@ -127,15 +127,21 @@ Curl_cookie_add(struct CookieInfo *c, if(httpheader) { /* This line was read off a HTTP-header */ - + char *sep; semiptr=strchr(lineptr, ';'); /* first, find a semicolon */ ptr = lineptr; do { /* we have a = pair or a 'secure' word here */ - if(strchr(ptr, '=')) { + sep = strchr(ptr, '='); + if(sep && (!semiptr || (semiptr>sep)) ) { + /* + * There is a = sign and if there was a semicolon too, which make sure + * that the semicolon comes _after_ the equal sign. + */ + name[0]=what[0]=0; /* init the buffers */ - if(1 <= sscanf(ptr, "%" MAX_NAME_TXT "[^=]=%" - MAX_COOKIE_LINE_TXT "[^;\r\n]", + if(1 <= sscanf(ptr, "%" MAX_NAME_TXT "[^;=]=%" + MAX_COOKIE_LINE_TXT "[^;\r\n ]", name, what)) { /* this is a legal = pair */ if(strequal("path", name)) { @@ -187,8 +193,11 @@ Curl_cookie_add(struct CookieInfo *c, } } - if(!semiptr) - continue; /* we already know there are no more cookies */ + if(!semiptr || !*semiptr) { + /* we already know there are no more cookies */ + semiptr = NULL; + continue; + } ptr=semiptr+1; while(ptr && *ptr && isspace((int)*ptr)) @@ -198,9 +207,23 @@ Curl_cookie_add(struct CookieInfo *c, if(!semiptr && *ptr) /* There are no more semicolons, but there's a final name=value pair coming up */ - semiptr=ptr; + semiptr=strchr(ptr, '\0'); } while(semiptr); + if(NULL == co->name) { + /* we didn't get a cookie name, this is an illegal line, bail out */ + if(co->domain) + free(co->domain); + if(co->path) + free(co->path); + if(co->name) + free(co->name); + if(co->value) + free(co->value); + free(co); + return NULL; + } + if(NULL == co->domain) /* no domain given in the header line, set the default now */ co->domain=domain?strdup(domain):NULL; -- cgit v1.2.1 From 66b8f48a88b755e3158cd151d55e3c19967d8726 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 26 Feb 2002 13:18:08 +0000 Subject: When saving a cookie jar, set field 1 (counted from 0) properly to TRUE if the domain starts with a dot. --- lib/cookie.c | 1 + 1 file changed, 1 insertion(+) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 4362bd257..0dc734571 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -149,6 +149,7 @@ Curl_cookie_add(struct CookieInfo *c, } else if(strequal("domain", name)) { co->domain=strdup(what); + co->field1= (what[0]=='.')?2:1; } else if(strequal("version", name)) { co->version=strdup(what); -- cgit v1.2.1 From 3612c3774ea88214c0821b4fe30899b3e65df3d3 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 27 Feb 2002 07:38:04 +0000 Subject: made Max-Age work as defined in the RFC. my brain damaged fix to not parse spaces as part of the value is now fixed to instead strip off trailing spaces from values. --- lib/cookie.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 0dc734571..c80dbcc1e 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -141,9 +141,17 @@ Curl_cookie_add(struct CookieInfo *c, name[0]=what[0]=0; /* init the buffers */ if(1 <= sscanf(ptr, "%" MAX_NAME_TXT "[^;=]=%" - MAX_COOKIE_LINE_TXT "[^;\r\n ]", + MAX_COOKIE_LINE_TXT "[^;\r\n]", name, what)) { - /* this is a legal = pair */ + /* this is a = pair */ + + /* Strip off trailing whitespace from the 'what' */ + int len=strlen(what); + while(len && isspace((int)what[len-1])) { + what[len-1]=0; + len--; + } + if(strequal("path", name)) { co->path=strdup(what); } @@ -166,7 +174,7 @@ Curl_cookie_add(struct CookieInfo *c, */ co->maxage = strdup(what); co->expires = - atoi((*co->maxage=='\"')?&co->maxage[1]:&co->maxage[0]); + atoi((*co->maxage=='\"')?&co->maxage[1]:&co->maxage[0]) + now; } else if(strequal("expires", name)) { co->expirestr=strdup(what); -- cgit v1.2.1 From 974f314f5785156af6983675aeb28313cc8ba2ea Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 19 Mar 2002 07:54:55 +0000 Subject: copyright string (year) update --- lib/cookie.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index c80dbcc1e..96452abfd 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2002, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2002, Daniel Stenberg, , et al. * * In order to be useful for every potential user, curl and libcurl are * dual-licensed under the MPL and the MIT/X-derivate licenses. -- cgit v1.2.1 From 541e5a3b827e6bbd236831fec7e7089664ea5b1c Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 25 Mar 2002 09:08:33 +0000 Subject: Jacky Lam cookie parser fix for domains with preceeding dot --- lib/cookie.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 96452abfd..fbf2ed0c4 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -347,7 +347,13 @@ Curl_cookie_add(struct CookieInfo *c, /* the names are identical */ if(clist->domain && co->domain) { - if(strequal(clist->domain, co->domain)) + if(strequal(clist->domain, co->domain) || + (clist->domain[0]=='.' && + strequal(&(clist->domain[1]), co->domain)) || + (co->domain[0]=='.' && + strequal(clist->domain, &(co->domain[1]))) ) + /* The domains are identical, or at least identical if you skip the + preceeding dot */ replace_old=TRUE; } else if(!clist->domain && !co->domain) -- cgit v1.2.1 From 2361aabbef12496c672bbc9a6e746e0510f21b0e Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Sun, 14 Apr 2002 18:21:17 +0000 Subject: Dirk Manske made libcurl strip off white spaces from the beginning of cookie contents. --- lib/cookie.c | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index fbf2ed0c4..51155786b 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -145,6 +145,8 @@ Curl_cookie_add(struct CookieInfo *c, name, what)) { /* this is a = pair */ + char *whatptr; + /* Strip off trailing whitespace from the 'what' */ int len=strlen(what); while(len && isspace((int)what[len-1])) { @@ -152,15 +154,21 @@ Curl_cookie_add(struct CookieInfo *c, len--; } + /* Skip leading whitespace from the 'what' */ + whatptr=what; + while(isspace((int)*whatptr)) { + whatptr++; + } + if(strequal("path", name)) { - co->path=strdup(what); + co->path=strdup(whatptr); } else if(strequal("domain", name)) { - co->domain=strdup(what); - co->field1= (what[0]=='.')?2:1; + co->domain=strdup(whatptr); + co->field1= (whatptr[0]=='.')?2:1; } else if(strequal("version", name)) { - co->version=strdup(what); + co->version=strdup(whatptr); } else if(strequal("max-age", name)) { /* Defined in RFC2109: @@ -172,17 +180,17 @@ Curl_cookie_add(struct CookieInfo *c, cookie should be discarded immediately. */ - co->maxage = strdup(what); + co->maxage = strdup(whatptr); co->expires = atoi((*co->maxage=='\"')?&co->maxage[1]:&co->maxage[0]) + now; } else if(strequal("expires", name)) { - co->expirestr=strdup(what); + co->expirestr=strdup(whatptr); co->expires = curl_getdate(what, &now); } else if(!co->name) { co->name = strdup(name); - co->value = strdup(what); + co->value = strdup(whatptr); } /* else this is the second (or more) name we don't know -- cgit v1.2.1 From 980a47b42b95d7b9ff3378dc7b0f2e1c453fb649 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 7 May 2002 09:58:13 +0000 Subject: support for ingoring session cookies added --- lib/cookie.c | 44 +++++++++++++++++++++++++++++++------------- 1 file changed, 31 insertions(+), 13 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 51155786b..2a90d0b8b 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -93,6 +93,21 @@ Example set of cookies: #include "memdebug.h" #endif +static void +free_cookiemess(struct Cookie *co) +{ + if(co->domain) + free(co->domain); + if(co->path) + free(co->path); + if(co->name) + free(co->name); + if(co->value) + free(co->value); + + free(co); +} + /**************************************************************************** * * Curl_cookie_add() @@ -326,22 +341,19 @@ Curl_cookie_add(struct CookieInfo *c, if(7 != fields) { /* we did not find the sufficient number of fields to recognize this as a valid line, abort and go home */ - - if(co->domain) - free(co->domain); - if(co->path) - free(co->path); - if(co->name) - free(co->name); - if(co->value) - free(co->value); - - free(co); + free_cookiemess(co); return NULL; } } + if(!c->running && /* read from a file */ + c->newsession && /* clean session cookies */ + !co->expires) { /* this is a session cookie since it doesn't expire! */ + free_cookiemess(co); + return NULL; + } + co->livecookie = c->running; /* now, we have parsed the incoming line, we must now check if this @@ -462,8 +474,12 @@ Curl_cookie_add(struct CookieInfo *c, * Inits a cookie struct to read data from a local file. This is always * called before any cookies are set. File may be NULL. * + * If 'newsession' is TRUE, discard all "session cookies" on read from file. + * ****************************************************************************/ -struct CookieInfo *Curl_cookie_init(char *file, struct CookieInfo *inc) +struct CookieInfo *Curl_cookie_init(char *file, + struct CookieInfo *inc, + bool newsession) { char line[MAX_COOKIE_LINE]; struct CookieInfo *c; @@ -491,6 +507,8 @@ struct CookieInfo *Curl_cookie_init(char *file, struct CookieInfo *inc) else fp = file?fopen(file, "r"):NULL; + c->newsession = newsession; /* new session? */ + if(fp) { char *lineptr; bool headerline; @@ -513,7 +531,7 @@ struct CookieInfo *Curl_cookie_init(char *file, struct CookieInfo *inc) fclose(fp); } - c->running = TRUE; /* now, we're running */ + c->running = TRUE; /* now, we're running */ return c; } -- cgit v1.2.1 From 08ef208fb78fb2eabc5cec08c23e74e251eac898 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 11 Jun 2002 11:13:01 +0000 Subject: added disable-[protocol] support, largely provided by Miklos Nemeth --- lib/cookie.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 2a90d0b8b..e7628a9b3 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -79,6 +79,8 @@ Example set of cookies: #include "setup.h" +#ifndef CURL_DISABLE_HTTP + #include #include #include @@ -761,6 +763,8 @@ int main(int argc, char **argv) #endif +#endif /* CURL_DISABLE_HTTP */ + /* * local variables: * eval: (load-file "../curl-mode.el") -- cgit v1.2.1 From d8b2c819e7b96d1fed4bd9921a200899bde80034 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 29 Jul 2002 22:22:49 +0000 Subject: properly skip white spaces on Set-Cookie: header lines --- lib/cookie.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index e7628a9b3..81425413f 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -121,7 +121,7 @@ free_cookiemess(struct Cookie *co) struct Cookie * Curl_cookie_add(struct CookieInfo *c, bool httpheader, /* TRUE if HTTP header-style line */ - char *lineptr, /* first non-space of the line */ + char *lineptr, /* first character of the line */ char *domain) /* default domain */ { struct Cookie *clist; @@ -146,6 +146,10 @@ Curl_cookie_add(struct CookieInfo *c, /* This line was read off a HTTP-header */ char *sep; semiptr=strchr(lineptr, ';'); /* first, find a semicolon */ + + while(*lineptr && isspace((int)*lineptr)) + lineptr++; + ptr = lineptr; do { /* we have a = pair or a 'secure' word here */ -- cgit v1.2.1 From ba4e69bebc8f7f32f3bc7faa1e13e7580754075b Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 3 Sep 2002 11:52:59 +0000 Subject: updated source code boilerplate/header --- lib/cookie.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 81425413f..64d26509b 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -1,4 +1,4 @@ -/***************************************************************************** +/*************************************************************************** * _ _ ____ _ * Project ___| | | | _ \| | * / __| | | | |_) | | @@ -7,19 +7,19 @@ * * Copyright (C) 1998 - 2002, Daniel Stenberg, , et al. * - * In order to be useful for every potential user, curl and libcurl are - * dual-licensed under the MPL and the MIT/X-derivate licenses. - * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at http://curl.haxx.se/docs/copyright.html. + * * You may opt to use, copy, modify, merge, publish, distribute and/or sell * copies of the Software, and permit persons to whom the Software is - * furnished to do so, under the terms of the MPL or the MIT/X-derivate - * licenses. You may pick one of these licenses. + * furnished to do so, under the terms of the COPYING file. * * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY * KIND, either express or implied. * * $Id$ - *****************************************************************************/ + ***************************************************************************/ /*** -- cgit v1.2.1 From 01387f42c582fdbebc12cee39ed91346bd42ec04 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 28 Oct 2002 21:52:00 +0000 Subject: kromJx@crosswinds.net's fix that now uses checkprefix() instead of strnequal() when the third argument was strlen(first argument) anyway. This makes it less prone to errors. (Slightly edited by me) --- lib/cookie.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 64d26509b..23222f2bc 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -519,7 +519,7 @@ struct CookieInfo *Curl_cookie_init(char *file, char *lineptr; bool headerline; while(fgets(line, MAX_COOKIE_LINE, fp)) { - if(strnequal("Set-Cookie:", line, 11)) { + if(checkprefix("Set-Cookie:", line)) { /* This is a cookie line, get it! */ lineptr=&line[11]; headerline=TRUE; @@ -587,8 +587,8 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c, /* now check the left part of the path with the cookies path requirement */ - if(!co->path || - strnequal(path, co->path, strlen(co->path))) { + if(!co->path || + checkprefix(co->path, path) ) { /* and now, we know this is a match and we should create an entry for the return-linked-list */ -- cgit v1.2.1 From f26a338a54e04d0a6907f5d2479d8b0fa9daf297 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 16 Jan 2003 21:08:12 +0000 Subject: copyright year update in the source header --- lib/cookie.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 23222f2bc..d6d3ded60 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2002, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2003, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms -- cgit v1.2.1 From a7c72b7abf1213c471f3fd11e6b8e3a37d526f60 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 29 Jan 2003 10:14:20 +0000 Subject: removed the local variables for emacs and vim, use the new sample.emacs way for emacs, and vim users should provide a similar non-polluting style --- lib/cookie.c | 8 -------- 1 file changed, 8 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index d6d3ded60..931b56f39 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -768,11 +768,3 @@ int main(int argc, char **argv) #endif #endif /* CURL_DISABLE_HTTP */ - -/* - * local variables: - * eval: (load-file "../curl-mode.el") - * end: - * vim600: fdm=marker - * vim: et sw=2 ts=2 sts=2 tw=78 - */ -- cgit v1.2.1 From ad6fca28f903423f3593e36a6737b90527abd9ce Mon Sep 17 00:00:00 2001 From: Sterling Hughes Date: Mon, 31 Mar 2003 15:59:17 +0000 Subject: testing, ignore this commit --- lib/cookie.c | 1 + 1 file changed, 1 insertion(+) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 931b56f39..7cc167584 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -77,6 +77,7 @@ Example set of cookies: 13-Jun-1988 03:04:55 GMT; domain=.fidelity.com; path=/; secure ****/ + #include "setup.h" #ifndef CURL_DISABLE_HTTP -- cgit v1.2.1 From efd836d971c63b481545594ab31da7eadaff66f2 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 30 Apr 2003 17:03:43 +0000 Subject: Many cookie fixes: o Save domains in jars like Mozilla does. It means all domains set in Set-Cookie: headers are dot-prefixed. o Save and use the 'tailmatch' field in the Mozilla/Netscape cookie jars (the second column). o Reject cookies using illegal domains in the Set-Cookie: line. Concerns both domains with too few dots or domains that are outside the currently operating server host's domain. o Set the path part by default to the one used in the request, if none was set in the Set-Cookie line. --- lib/cookie.c | 192 ++++++++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 136 insertions(+), 56 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 7cc167584..2bd41bc3b 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -111,6 +111,17 @@ free_cookiemess(struct Cookie *co) free(co); } +static bool tailmatch(const char *little, const char *bigone) +{ + unsigned int littlelen = strlen(little); + unsigned int biglen = strlen(bigone); + + if(littlelen > biglen) + return FALSE; + + return strequal(little, bigone+biglen-littlelen); +} + /**************************************************************************** * * Curl_cookie_add() @@ -123,7 +134,10 @@ struct Cookie * Curl_cookie_add(struct CookieInfo *c, bool httpheader, /* TRUE if HTTP header-style line */ char *lineptr, /* first character of the line */ - char *domain) /* default domain */ + char *domain, /* default domain */ + char *path) /* full path used when this cookie is set, + used to get default path for the cookie + unless set */ { struct Cookie *clist; char what[MAX_COOKIE_LINE]; @@ -134,6 +148,7 @@ Curl_cookie_add(struct CookieInfo *c, struct Cookie *lastc=NULL; time_t now = time(NULL); bool replace_old = FALSE; + bool badcookie = FALSE; /* cookies are good by default. mmmmm yummy */ /* First, alloc and init a new struct for it */ co = (struct Cookie *)malloc(sizeof(struct Cookie)); @@ -186,8 +201,58 @@ Curl_cookie_add(struct CookieInfo *c, co->path=strdup(whatptr); } else if(strequal("domain", name)) { - co->domain=strdup(whatptr); - co->field1= (whatptr[0]=='.')?2:1; + /* note that this name may or may not have a preceeding dot, but + we don't care about that, we treat the names the same anyway */ + + char *ptr=whatptr; + int dotcount=1; + unsigned int i; + + static const char *seventhree[]= { + "com", "edu", "net", "org", "gov", "mil", "int" + }; + + /* Count the dots, we need to make sure that there are THREE dots + in the normal domains, or TWO in the seventhree-domains. */ + + if('.' == whatptr[0]) + /* don't count the initial dot, assume it */ + ptr++; + + do { + ptr = strchr(ptr, '.'); + if(ptr) { + ptr++; + dotcount++; + } + } while(ptr); + + for(i=0; + idomain=strdup(whatptr); + co->tailmatch=TRUE; /* we always do that if the domain name was + given */ + } + else + /* we did not get a tailmatch and then the attempted set domain + is not a domain to which the current host belongs. Mark as + bad. */ + badcookie=TRUE; + } } else if(strequal("version", name)) { co->version=strdup(whatptr); @@ -249,8 +314,11 @@ Curl_cookie_add(struct CookieInfo *c, semiptr=strchr(ptr, '\0'); } while(semiptr); - if(NULL == co->name) { - /* we didn't get a cookie name, this is an illegal line, bail out */ + if(badcookie || (NULL == co->name)) { + /* we didn't get a cookie name or a bad one, + this is an illegal line, bail out */ + if(co->expirestr) + free(co->expirestr); if(co->domain) free(co->domain); if(co->path) @@ -264,8 +332,20 @@ Curl_cookie_add(struct CookieInfo *c, } if(NULL == co->domain) - /* no domain given in the header line, set the default now */ + /* no domain was given in the header line, set the default now */ co->domain=domain?strdup(domain):NULL; + if((NULL == co->path) && path) { + /* no path was given in the header line, set the default now */ + char *endslash = strrchr(path, '/'); + if(endslash) { + int pathlen = endslash-path+1; /* include the ending slash */ + co->path=malloc(pathlen+1); /* one extra for the zero byte */ + if(co->path) { + memcpy(co->path, path, pathlen); + co->path[pathlen]=0; /* zero terminate */ + } + } + } } else { /* This line is NOT a HTTP header style line, we do offer support for @@ -297,7 +377,8 @@ Curl_cookie_add(struct CookieInfo *c, /* Now loop through the fields and init the struct we already have allocated */ - for(ptr=firstptr, fields=0; ptr; ptr=strtok_r(NULL, "\t", &tok_buf), fields++) { + for(ptr=firstptr, fields=0; ptr; + ptr=strtok_r(NULL, "\t", &tok_buf), fields++) { switch(fields) { case 0: co->domain = strdup(ptr); @@ -312,10 +393,8 @@ Curl_cookie_add(struct CookieInfo *c, As far as I can see, it is set to true when the cookie says .domain.com and to false when the domain is complete www.domain.com - - We don't currently take advantage of this knowledge. */ - co->field1=strequal(ptr, "TRUE")+1; /* store information */ + co->tailmatch=strequal(ptr, "TRUE"); /* store information */ break; case 2: /* It turns out, that sometimes the file format allows the path @@ -375,10 +454,11 @@ Curl_cookie_add(struct CookieInfo *c, if(clist->domain && co->domain) { if(strequal(clist->domain, co->domain) || - (clist->domain[0]=='.' && - strequal(&(clist->domain[1]), co->domain)) || - (co->domain[0]=='.' && - strequal(clist->domain, &(co->domain[1]))) ) + (co->tailmatch && /* only do the dot magic if tailmatching is OK */ + ((clist->domain[0]=='.' && + strequal(&(clist->domain[1]), co->domain)) || + (co->domain[0]=='.' && + strequal(clist->domain, &(co->domain[1]))))) ) /* The domains are identical, or at least identical if you skip the preceeding dot */ replace_old=TRUE; @@ -532,7 +612,7 @@ struct CookieInfo *Curl_cookie_init(char *file, while(*lineptr && isspace((int)*lineptr)) lineptr++; - Curl_cookie_add(c, headerline, lineptr, NULL); + Curl_cookie_add(c, headerline, lineptr, NULL, NULL); } if(fromfile) fclose(fp); @@ -561,9 +641,6 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c, struct Cookie *newco; struct Cookie *co; time_t now = time(NULL); - int hostlen=strlen(host); - int domlen; - struct Cookie *mainco=NULL; if(!c || !c->cookies) @@ -572,43 +649,42 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c, co = c->cookies; while(co) { - /* only process this cookie if it is not expired or had no expire - date AND that if the cookie requires we're secure we must only - continue if we are! */ + /* only process this cookie if it is not expired or had no expire + date AND that if the cookie requires we're secure we must only + continue if we are! */ if( (co->expires<=0 || (co->expires> now)) && (co->secure?secure:TRUE) ) { - - /* now check if the domain is correct */ - domlen=co->domain?strlen(co->domain):0; - if(!co->domain || - ((domlen<=hostlen) && - strequal(host+(hostlen-domlen), co->domain)) ) { - /* the right part of the host matches the domain stuff in the - cookie data */ - - /* now check the left part of the path with the cookies path - requirement */ - if(!co->path || - checkprefix(co->path, path) ) { - - /* and now, we know this is a match and we should create an - entry for the return-linked-list */ - - newco = (struct Cookie *)malloc(sizeof(struct Cookie)); - if(newco) { - /* first, copy the whole source cookie: */ - memcpy(newco, co, sizeof(struct Cookie)); - - /* then modify our next */ - newco->next = mainco; - - /* point the main to us */ - mainco = newco; - } - } - } - } - co = co->next; + + /* now check if the domain is correct */ + if(!co->domain || + (co->tailmatch && tailmatch(co->domain, host)) || + (!co->tailmatch && strequal(host, co->domain)) ) { + /* the right part of the host matches the domain stuff in the + cookie data */ + + /* now check the left part of the path with the cookies path + requirement */ + if(!co->path || + checkprefix(co->path, path) ) { + + /* and now, we know this is a match and we should create an + entry for the return-linked-list */ + + newco = (struct Cookie *)malloc(sizeof(struct Cookie)); + if(newco) { + /* first, copy the whole source cookie: */ + memcpy(newco, co, sizeof(struct Cookie)); + + /* then modify our next */ + newco->next = mainco; + + /* point the main to us */ + mainco = newco; + } + } + } + } + co = co->next; } return mainco; /* return the new list */ @@ -716,15 +792,19 @@ int Curl_cookie_output(struct CookieInfo *c, char *dumphere) while(co) { fprintf(out, - "%s\t" /* domain */ - "%s\t" /* field1 */ + "%s%s\t" /* domain */ + "%s\t" /* tailmatch */ "%s\t" /* path */ "%s\t" /* secure */ "%u\t" /* expires */ "%s\t" /* name */ "%s\n", /* value */ + + /* Make sure all domains are prefixed with a dot if they allow + tailmatching. This is Mozilla-style. */ + (co->tailmatch && co->domain && co->domain[0] != '.')? ".":"", co->domain?co->domain:"unknown", - co->field1==2?"TRUE":"FALSE", + co->tailmatch?"TRUE":"FALSE", co->path?co->path:"/", co->secure?"TRUE":"FALSE", (unsigned int)co->expires, -- cgit v1.2.1 From 465de793e8a6c7a6f546f1de84aaf5476c5e89e6 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 15 May 2003 22:28:19 +0000 Subject: Skip any preceeding dots from the domain name of cookies when we keep them in memory, only add it when we save the cookie. This makes all tailmatching and domain string matching internally a lot easier. This was also the reason for a remaining bug I introduced in my overhaul. --- lib/cookie.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 2bd41bc3b..b0206f623 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -234,24 +234,29 @@ Curl_cookie_add(struct CookieInfo *c, break; } } - if(dotcount < 3) + if(dotcount < 3) { /* Received and skipped a cookie with a domain using too few dots. */ badcookie=TRUE; /* mark this as a bad cookie */ + } else { /* Now, we make sure that our host is within the given domain, or the given domain is not valid and thus cannot be set. */ if(!domain || tailmatch(whatptr, domain)) { - co->domain=strdup(whatptr); + char *ptr=whatptr; + if(ptr[0] == '.') + ptr++; + co->domain=strdup(ptr); /* dont prefix with dots internally */ co->tailmatch=TRUE; /* we always do that if the domain name was given */ } - else + else { /* we did not get a tailmatch and then the attempted set domain is not a domain to which the current host belongs. Mark as bad. */ badcookie=TRUE; + } } } else if(strequal("version", name)) { @@ -381,6 +386,8 @@ Curl_cookie_add(struct CookieInfo *c, ptr=strtok_r(NULL, "\t", &tok_buf), fields++) { switch(fields) { case 0: + if(ptr[0]=='.') /* skip preceeding dots */ + ptr++; co->domain = strdup(ptr); break; case 1: @@ -453,14 +460,8 @@ Curl_cookie_add(struct CookieInfo *c, /* the names are identical */ if(clist->domain && co->domain) { - if(strequal(clist->domain, co->domain) || - (co->tailmatch && /* only do the dot magic if tailmatching is OK */ - ((clist->domain[0]=='.' && - strequal(&(clist->domain[1]), co->domain)) || - (co->domain[0]=='.' && - strequal(clist->domain, &(co->domain[1]))))) ) - /* The domains are identical, or at least identical if you skip the - preceeding dot */ + if(strequal(clist->domain, co->domain)) + /* The domains are identical */ replace_old=TRUE; } else if(!clist->domain && !co->domain) @@ -550,7 +551,6 @@ Curl_cookie_add(struct CookieInfo *c, } c->numcookies++; /* one more cookie in the jar */ - return co; } -- cgit v1.2.1 From 2bd71d70ff8b14649840e16b497acf0ca1e0e32f Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 26 Jun 2003 06:50:32 +0000 Subject: use CURLDEBUG instead of MALLOCDEBUG --- lib/cookie.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index b0206f623..c9883594c 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -92,7 +92,7 @@ Example set of cookies: #include "strtok.h" /* The last #include file should be: */ -#ifdef MALLOCDEBUG +#ifdef CURLDEBUG #include "memdebug.h" #endif -- cgit v1.2.1 From 98ee12bc356e2635858049ba5e69a62bb7e5e9c2 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 4 Aug 2003 23:05:57 +0000 Subject: Jan Sundin reported a case where curl ignored a cookie that browsers don't, which turned up to be due to the number of dots in the 'domain'. I've now made curl follow the the original netscape cookie spec less strict on that part. --- lib/cookie.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index c9883594c..03065f909 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -234,7 +234,13 @@ Curl_cookie_add(struct CookieInfo *c, break; } } - if(dotcount < 3) { + /* The original Netscape cookie spec defined that this domain name + MUST have three dots (or two if one of the seven holy TLDs), + but it seems that these kinds of cookies are in use "out there" + so we cannot be that strict. I've therefore lowered the check + to not allow less than two dots. */ + + if(dotcount < 2) { /* Received and skipped a cookie with a domain using too few dots. */ badcookie=TRUE; /* mark this as a bad cookie */ -- cgit v1.2.1 From 168703b7bf51743c3d8990fef9d2330194cfd459 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 11 Aug 2003 09:55:11 +0000 Subject: Added some infof() calls, that require the data pointer so now several cookie functions need that. I also fixed the cookie loader to properly load and deal with cookies without contents (or rather with a blank content). --- lib/cookie.c | 58 ++++++++++++++++++++++++++-------------------------------- 1 file changed, 26 insertions(+), 32 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 03065f909..dcd693a35 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -86,10 +86,12 @@ Example set of cookies: #include #include +#include "urldata.h" #include "cookie.h" #include "getdate.h" #include "strequal.h" #include "strtok.h" +#include "sendf.h" /* The last #include file should be: */ #ifdef CURLDEBUG @@ -131,7 +133,12 @@ static bool tailmatch(const char *little, const char *bigone) ***************************************************************************/ struct Cookie * -Curl_cookie_add(struct CookieInfo *c, +Curl_cookie_add(struct SessionHandle *data, + /* The 'data' pointer here may be NULL at times, and thus + must only be used very carefully for things that can deal + with data being NULL. Such as infof() and similar */ + + struct CookieInfo *c, bool httpheader, /* TRUE if HTTP header-style line */ char *lineptr, /* first character of the line */ char *domain, /* default domain */ @@ -244,6 +251,8 @@ Curl_cookie_add(struct CookieInfo *c, /* Received and skipped a cookie with a domain using too few dots. */ badcookie=TRUE; /* mark this as a bad cookie */ + infof(data, "skipped cookie with illegal dotcount domain: %s", + whatptr); } else { /* Now, we make sure that our host is within the given domain, @@ -262,6 +271,8 @@ Curl_cookie_add(struct CookieInfo *c, is not a domain to which the current host belongs. Mark as bad. */ badcookie=TRUE; + infof(data, "skipped cookie with bad tailmatch domain: %s", + whatptr); } } } @@ -437,13 +448,16 @@ Curl_cookie_add(struct CookieInfo *c, } } - if(7 != fields) { + if(6 == fields) { + /* we got a cookie with blank contents, fix it */ + co->value = strdup(""); + } + else if(7 != fields) { /* we did not find the sufficient number of fields to recognize this as a valid line, abort and go home */ free_cookiemess(co); return NULL; } - } if(!c->running && /* read from a file */ @@ -548,6 +562,12 @@ Curl_cookie_add(struct CookieInfo *c, clist = clist->next; } + if(c->running) + /* Only show this when NOT reading the cookies from a file */ + infof(data, "%s cookie %s=\"%s\" for domain %s, path %s, expire %d\n", + replace_old?"Replaced":"Added", co->name, co->value, + co->domain, co->path, co->expires); + if(!replace_old) { /* then make the last item point on this new one */ if(lastc) @@ -570,7 +590,8 @@ Curl_cookie_add(struct CookieInfo *c, * If 'newsession' is TRUE, discard all "session cookies" on read from file. * ****************************************************************************/ -struct CookieInfo *Curl_cookie_init(char *file, +struct CookieInfo *Curl_cookie_init(struct SessionHandle *data, + char *file, struct CookieInfo *inc, bool newsession) { @@ -618,7 +639,7 @@ struct CookieInfo *Curl_cookie_init(char *file, while(*lineptr && isspace((int)*lineptr)) lineptr++; - Curl_cookie_add(c, headerline, lineptr, NULL, NULL); + Curl_cookie_add(data, c, headerline, lineptr, NULL, NULL); } if(fromfile) fclose(fp); @@ -827,31 +848,4 @@ int Curl_cookie_output(struct CookieInfo *c, char *dumphere) return 0; } -#ifdef CURL_COOKIE_DEBUG - -/* - * On my Solaris box, this command line builds this test program: - * - * gcc -g -o cooktest -DCURL_COOKIE_DEBUG -DHAVE_CONFIG_H -I.. -I../include cookie.c strequal.o getdate.o memdebug.o mprintf.o strtok.o -lnsl -lsocket - * - */ - -int main(int argc, char **argv) -{ - struct CookieInfo *c=NULL; - if(argc>1) { - c = Curl_cookie_init(argv[1], c); - Curl_cookie_add(c, TRUE, "PERSONALIZE=none;expires=Monday, 13-Jun-1988 03:04:55 GMT; domain=.fidelity.com; path=/ftgw; secure"); - Curl_cookie_add(c, TRUE, "foobar=yes; domain=.haxx.se; path=/looser;"); - c = Curl_cookie_init(argv[1], c); - - Curl_cookie_output(c); - Curl_cookie_cleanup(c); - return 0; - } - return 1; -} - -#endif - #endif /* CURL_DISABLE_HTTP */ -- cgit v1.2.1 From 053f6c85efd0bf698f73343989474d672d0563a8 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 7 Jan 2004 09:19:33 +0000 Subject: updated year in the copyright string --- lib/cookie.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index dcd693a35..f6f842f66 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2003, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2004, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms -- cgit v1.2.1 From 4d17d6876e4b2f08380812c4ec113073b0a14639 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 29 Jan 2004 13:56:45 +0000 Subject: Dan Fandrich's cleanup patch to make pedantic compiler options cause less warnings. Minor edits by me. --- lib/cookie.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index f6f842f66..fa6194448 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -211,7 +211,7 @@ Curl_cookie_add(struct SessionHandle *data, /* note that this name may or may not have a preceeding dot, but we don't care about that, we treat the names the same anyway */ - char *ptr=whatptr; + const char *domptr=whatptr; int dotcount=1; unsigned int i; @@ -224,15 +224,15 @@ Curl_cookie_add(struct SessionHandle *data, if('.' == whatptr[0]) /* don't count the initial dot, assume it */ - ptr++; + domptr++; do { - ptr = strchr(ptr, '.'); - if(ptr) { - ptr++; + domptr = strchr(domptr, '.'); + if(domptr) { + domptr++; dotcount++; } - } while(ptr); + } while(domptr); for(i=0; idomain=strdup(ptr); /* dont prefix with dots internally */ + const char *tailptr=whatptr; + if(tailptr[0] == '.') + tailptr++; + co->domain=strdup(tailptr); /* don't prefix w/dots internally */ co->tailmatch=TRUE; /* we always do that if the domain name was given */ } -- cgit v1.2.1 From d571064b65195aa7c71200af549a95404a2f0ce1 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 26 Feb 2004 13:40:43 +0000 Subject: Clear up int/long/size_t/ssize_t usage a bit --- lib/cookie.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index fa6194448..7b9caf3c8 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -115,8 +115,8 @@ free_cookiemess(struct Cookie *co) static bool tailmatch(const char *little, const char *bigone) { - unsigned int littlelen = strlen(little); - unsigned int biglen = strlen(bigone); + size_t littlelen = strlen(little); + size_t biglen = strlen(bigone); if(littlelen > biglen) return FALSE; @@ -192,7 +192,7 @@ Curl_cookie_add(struct SessionHandle *data, char *whatptr; /* Strip off trailing whitespace from the 'what' */ - int len=strlen(what); + size_t len=strlen(what); while(len && isspace((int)what[len-1])) { what[len-1]=0; len--; @@ -360,7 +360,7 @@ Curl_cookie_add(struct SessionHandle *data, /* no path was given in the header line, set the default now */ char *endslash = strrchr(path, '/'); if(endslash) { - int pathlen = endslash-path+1; /* include the ending slash */ + size_t pathlen = endslash-path+1; /* include the ending slash */ co->path=malloc(pathlen+1); /* one extra for the zero byte */ if(co->path) { memcpy(co->path, path, pathlen); -- cgit v1.2.1 From 7d8cd5906c890f8e4c7ceae1b5f9e650fe81e08b Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 26 Feb 2004 14:52:16 +0000 Subject: use calloc instead of malloc and we won't have to memset() the struct --- lib/cookie.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 7b9caf3c8..d566df503 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -158,13 +158,10 @@ Curl_cookie_add(struct SessionHandle *data, bool badcookie = FALSE; /* cookies are good by default. mmmmm yummy */ /* First, alloc and init a new struct for it */ - co = (struct Cookie *)malloc(sizeof(struct Cookie)); + co = (struct Cookie *)calloc(sizeof(struct Cookie), 1); if(!co) return NULL; /* bail out if we're this low on memory */ - /* clear the whole struct first */ - memset(co, 0, sizeof(struct Cookie)); - if(httpheader) { /* This line was read off a HTTP-header */ char *sep; -- cgit v1.2.1 From 9948250723c091b50cc409c39436b9d7f422dbc0 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 10 Mar 2004 09:41:37 +0000 Subject: strequal() returns int so we typecast the return to bool when we store the result as bool --- lib/cookie.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index d566df503..097a7d03b 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -121,7 +121,7 @@ static bool tailmatch(const char *little, const char *bigone) if(littlelen > biglen) return FALSE; - return strequal(little, bigone+biglen-littlelen); + return (bool)strequal(little, bigone+biglen-littlelen); } /**************************************************************************** @@ -415,7 +415,7 @@ Curl_cookie_add(struct SessionHandle *data, As far as I can see, it is set to true when the cookie says .domain.com and to false when the domain is complete www.domain.com */ - co->tailmatch=strequal(ptr, "TRUE"); /* store information */ + co->tailmatch=(bool)strequal(ptr, "TRUE"); /* store information */ break; case 2: /* It turns out, that sometimes the file format allows the path @@ -431,7 +431,7 @@ Curl_cookie_add(struct SessionHandle *data, fields++; /* add a field and fall down to secure */ /* FALLTHROUGH */ case 3: - co->secure = strequal(ptr, "TRUE"); + co->secure = (bool)strequal(ptr, "TRUE"); break; case 4: co->expires = atoi(ptr); -- cgit v1.2.1 From 5dcab07c542b9365f59e859da578dfea0c6014b5 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 10 May 2004 14:04:06 +0000 Subject: if a malloc fails, clear up the memory and return failure --- lib/cookie.c | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 097a7d03b..41f14011f 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -705,6 +705,16 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c, /* point the main to us */ mainco = newco; } + else { + /* failure, clear up the allocated chain and return NULL */ + while(mainco) { + co = mainco->next; + free(mainco); + mainco = co; + } + + return NULL; + } } } } -- cgit v1.2.1 From bbafb2eb27954c34967f91c705e74cc0c186970d Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 11 May 2004 11:30:23 +0000 Subject: curl_global_init_mem() allows the memory functions to be replaced. memory.h is included everywhere for this. --- lib/cookie.c | 1 + 1 file changed, 1 insertion(+) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 41f14011f..4e5818c72 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -92,6 +92,7 @@ Example set of cookies: #include "strequal.h" #include "strtok.h" #include "sendf.h" +#include "memory.h" /* The last #include file should be: */ #ifdef CURLDEBUG -- cgit v1.2.1 From 34e8baab9abe3c884c9ba626938cf76371f3493b Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 12 May 2004 12:04:38 +0000 Subject: general cleanup to bail out nice and clean when a memory function fails to deliver --- lib/cookie.c | 167 ++++++++++++++++++++++++++++++++--------------------------- 1 file changed, 92 insertions(+), 75 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 4e5818c72..693b5f98e 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -1,8 +1,8 @@ /*************************************************************************** - * _ _ ____ _ - * Project ___| | | | _ \| | - * / __| | | | |_) | | - * | (__| |_| | _ <| |___ + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * * Copyright (C) 1998 - 2004, Daniel Stenberg, , et al. @@ -10,7 +10,7 @@ * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms * are also available at http://curl.haxx.se/docs/copyright.html. - * + * * You may opt to use, copy, modify, merge, publish, distribute and/or sell * copies of the Software, and permit persons to whom the Software is * furnished to do so, under the terms of the COPYING file. @@ -28,7 +28,7 @@ RECEIVING COOKIE INFORMATION ============================ struct CookieInfo *cookie_init(char *file); - + Inits a cookie struct to store data in a local file. This is always called before any cookies are set. @@ -58,9 +58,9 @@ struct Cookies *cookie_getlist(struct CookieInfo *cookie, It shall only return cookies that haven't expired. - + Example set of cookies: - + Set-cookie: PRODUCTINFO=webxpress; domain=.fidelity.com; path=/; secure Set-cookie: PERSONALIZE=none;expires=Monday, 13-Jun-1988 03:04:55 GMT; domain=.fidelity.com; path=/ftgw; secure @@ -99,9 +99,10 @@ Example set of cookies: #include "memdebug.h" #endif -static void -free_cookiemess(struct Cookie *co) +static void freecookie(struct Cookie *co) { + if(co->expirestr) + free(co->expirestr); if(co->domain) free(co->domain); if(co->path) @@ -138,7 +139,7 @@ Curl_cookie_add(struct SessionHandle *data, /* The 'data' pointer here may be NULL at times, and thus must only be used very carefully for things that can deal with data being NULL. Such as infof() and similar */ - + struct CookieInfo *c, bool httpheader, /* TRUE if HTTP header-style line */ char *lineptr, /* first character of the line */ @@ -204,6 +205,10 @@ Curl_cookie_add(struct SessionHandle *data, if(strequal("path", name)) { co->path=strdup(whatptr); + if(!co->path) { + badcookie = TRUE; /* out of memory bad */ + break; + } } else if(strequal("domain", name)) { /* note that this name may or may not have a preceeding dot, but @@ -244,7 +249,7 @@ Curl_cookie_add(struct SessionHandle *data, but it seems that these kinds of cookies are in use "out there" so we cannot be that strict. I've therefore lowered the check to not allow less than two dots. */ - + if(dotcount < 2) { /* Received and skipped a cookie with a domain using too few dots. */ @@ -260,7 +265,12 @@ Curl_cookie_add(struct SessionHandle *data, const char *tailptr=whatptr; if(tailptr[0] == '.') tailptr++; - co->domain=strdup(tailptr); /* don't prefix w/dots internally */ + co->domain=strdup(tailptr); /* don't prefix w/dots + internally */ + if(!co->domain) { + badcookie = TRUE; + break; + } co->tailmatch=TRUE; /* we always do that if the domain name was given */ } @@ -276,6 +286,10 @@ Curl_cookie_add(struct SessionHandle *data, } else if(strequal("version", name)) { co->version=strdup(whatptr); + if(!co->version) { + badcookie = TRUE; + break; + } } else if(strequal("max-age", name)) { /* Defined in RFC2109: @@ -288,16 +302,28 @@ Curl_cookie_add(struct SessionHandle *data, */ co->maxage = strdup(whatptr); + if(!co->maxage) { + badcookie = TRUE; + break; + } co->expires = atoi((*co->maxage=='\"')?&co->maxage[1]:&co->maxage[0]) + now; } else if(strequal("expires", name)) { co->expirestr=strdup(whatptr); + if(!co->expirestr) { + badcookie = TRUE; + break; + } co->expires = curl_getdate(what, &now); } else if(!co->name) { co->name = strdup(name); co->value = strdup(whatptr); + if(!co->name || !co->value) { + badcookie = TRUE; + break; + } } /* else this is the second (or more) name we don't know @@ -334,28 +360,17 @@ Curl_cookie_add(struct SessionHandle *data, semiptr=strchr(ptr, '\0'); } while(semiptr); - if(badcookie || (NULL == co->name)) { - /* we didn't get a cookie name or a bad one, - this is an illegal line, bail out */ - if(co->expirestr) - free(co->expirestr); - if(co->domain) - free(co->domain); - if(co->path) - free(co->path); - if(co->name) - free(co->name); - if(co->value) - free(co->value); - free(co); - return NULL; + if(!badcookie && !co->domain) { + if(domain) { + /* no domain was given in the header line, set the default */ + co->domain=strdup(domain); + if(!co->domain) + badcookie = TRUE; + } } - if(NULL == co->domain) - /* no domain was given in the header line, set the default now */ - co->domain=domain?strdup(domain):NULL; - if((NULL == co->path) && path) { - /* no path was given in the header line, set the default now */ + if(!badcookie && !co->path && path) { + /* no path was given in the header line, set the default */ char *endslash = strrchr(path, '/'); if(endslash) { size_t pathlen = endslash-path+1; /* include the ending slash */ @@ -364,8 +379,18 @@ Curl_cookie_add(struct SessionHandle *data, memcpy(co->path, path, pathlen); co->path[pathlen]=0; /* zero terminate */ } + else + badcookie = TRUE; } } + + if(badcookie || !co->name) { + /* we didn't get a cookie name or a bad one, + this is an illegal line, bail out */ + freecookie(co); + return NULL; + } + } else { /* This line is NOT a HTTP header style line, we do offer support for @@ -387,7 +412,7 @@ Curl_cookie_add(struct SessionHandle *data, if(ptr) *ptr=0; /* clear it */ - firstptr=strtok_r(lineptr, "\t", &tok_buf); /* first tokenize it on the TAB */ + firstptr=strtok_r(lineptr, "\t", &tok_buf); /* tokenize it on the TAB */ /* Here's a quick check to eliminate normal HTTP-headers from this */ if(!firstptr || strchr(firstptr, ':')) { @@ -397,13 +422,15 @@ Curl_cookie_add(struct SessionHandle *data, /* Now loop through the fields and init the struct we already have allocated */ - for(ptr=firstptr, fields=0; ptr; + for(ptr=firstptr, fields=0; ptr && !badcookie; ptr=strtok_r(NULL, "\t", &tok_buf), fields++) { switch(fields) { case 0: if(ptr[0]=='.') /* skip preceeding dots */ ptr++; co->domain = strdup(ptr); + if(!co->domain) + badcookie = TRUE; break; case 1: /* This field got its explanation on the 23rd of May 2001 by @@ -425,10 +452,14 @@ Curl_cookie_add(struct SessionHandle *data, if (strcmp("TRUE", ptr) && strcmp("FALSE", ptr)) { /* only if the path doesn't look like a boolean option! */ co->path = strdup(ptr); + if(!co->path) + badcookie = TRUE; break; } /* this doesn't look like a path, make one up! */ co->path = strdup("/"); + if(!co->path) + badcookie = TRUE; fields++; /* add a field and fall down to secure */ /* FALLTHROUGH */ case 3: @@ -439,29 +470,40 @@ Curl_cookie_add(struct SessionHandle *data, break; case 5: co->name = strdup(ptr); + if(!co->name) + badcookie = TRUE; break; case 6: co->value = strdup(ptr); + if(!co->value) + badcookie = TRUE; break; } } - if(6 == fields) { /* we got a cookie with blank contents, fix it */ co->value = strdup(""); + if(!co->value) + badcookie = TRUE; + else + fields++; } - else if(7 != fields) { - /* we did not find the sufficient number of fields to recognize this - as a valid line, abort and go home */ - free_cookiemess(co); + + if(!badcookie && (7 != fields)) + /* we did not find the sufficient number of fields */ + badcookie = TRUE; + + if(badcookie) { + freecookie(co); return NULL; } + } if(!c->running && /* read from a file */ c->newsession && /* clean session cookies */ !co->expires) { /* this is a session cookie since it doesn't expire! */ - free_cookiemess(co); + freecookie(co); return NULL; } @@ -499,7 +541,7 @@ Curl_cookie_add(struct SessionHandle *data, replace_old = TRUE; else replace_old = FALSE; - + } if(replace_old && !co->livecookie && clist->livecookie) { @@ -509,16 +551,7 @@ Curl_cookie_add(struct SessionHandle *data, live cookies stay alive */ /* Free the newcomer and get out of here! */ - if(co->domain) - free(co->domain); - if(co->path) - free(co->path); - if(co->name) - free(co->name); - if(co->value) - free(co->value); - - free(co); + freecookie(co); return NULL; } @@ -597,7 +630,7 @@ struct CookieInfo *Curl_cookie_init(struct SessionHandle *data, struct CookieInfo *c; FILE *fp; bool fromfile=TRUE; - + if(NULL == inc) { /* we didn't get a struct, create one */ c = (struct CookieInfo *)malloc(sizeof(struct CookieInfo)); @@ -679,14 +712,14 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c, continue if we are! */ if( (co->expires<=0 || (co->expires> now)) && (co->secure?secure:TRUE) ) { - + /* now check if the domain is correct */ if(!co->domain || (co->tailmatch && tailmatch(co->domain, host)) || (!co->tailmatch && strequal(host, co->domain)) ) { /* the right part of the host matches the domain stuff in the cookie data */ - + /* now check the left part of the path with the cookies path requirement */ if(!co->path || @@ -694,7 +727,7 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c, /* and now, we know this is a match and we should create an entry for the return-linked-list */ - + newco = (struct Cookie *)malloc(sizeof(struct Cookie)); if(newco) { /* first, copy the whole source cookie: */ @@ -702,7 +735,7 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c, /* then modify our next */ newco->next = mainco; - + /* point the main to us */ mainco = newco; } @@ -764,24 +797,8 @@ void Curl_cookie_cleanup(struct CookieInfo *c) co = c->cookies; while(co) { - if(co->name) - free(co->name); - if(co->value) - free(co->value); - if(co->domain) - free(co->domain); - if(co->path) - free(co->path); - if(co->expirestr) - free(co->expirestr); - - if(co->version) - free(co->version); - if(co->maxage) - free(co->maxage); - next = co->next; - free(co); + freecookie(co); co = next; } free(c); /* free the base struct as well */ @@ -824,7 +841,7 @@ int Curl_cookie_output(struct CookieInfo *c, char *dumphere) "# This file was generated by libcurl! Edit at your own risk.\n\n", out); co = c->cookies; - + while(co) { fprintf(out, "%s%s\t" /* domain */ -- cgit v1.2.1 From 755f98e7687a1fc2a7ff363212803b39897897a0 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Fri, 21 May 2004 20:40:15 +0000 Subject: While talking to host a.b.c, libcurl did wrongly not accept cookies that were set to the domain .a.b.c (that is with a dot prefix). This is now fixed and test case 171 verifies it. --- lib/cookie.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 693b5f98e..d31bcd114 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -261,6 +261,9 @@ Curl_cookie_add(struct SessionHandle *data, /* Now, we make sure that our host is within the given domain, or the given domain is not valid and thus cannot be set. */ + if('.' == whatptr[0]) + whatptr++; /* ignore preceeding dot */ + if(!domain || tailmatch(whatptr, domain)) { const char *tailptr=whatptr; if(tailptr[0] == '.') -- cgit v1.2.1 From 35558e6bd7b7ee699a5701c970c5721e99d8023c Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 22 Jun 2004 21:15:51 +0000 Subject: David Cohen pointed out that RFC2109 says clients should allow cookies to contain least 4096 bytes while libcurl only allowed 2047. I raised the limit to 4999 now and made the used buffer get malloc()ed instead of simply allocated on stack as before. --- lib/cookie.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index d31bcd114..66309d767 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -149,7 +149,7 @@ Curl_cookie_add(struct SessionHandle *data, unless set */ { struct Cookie *clist; - char what[MAX_COOKIE_LINE]; + char *what; char name[MAX_NAME]; char *ptr; char *semiptr; @@ -167,6 +167,13 @@ Curl_cookie_add(struct SessionHandle *data, if(httpheader) { /* This line was read off a HTTP-header */ char *sep; + + what = malloc(MAX_COOKIE_LINE); + if(!what) { + free(co); + return NULL; + } + semiptr=strchr(lineptr, ';'); /* first, find a semicolon */ while(*lineptr && isspace((int)*lineptr)) @@ -387,6 +394,8 @@ Curl_cookie_add(struct SessionHandle *data, } } + free(what); + if(badcookie || !co->name) { /* we didn't get a cookie name or a bad one, this is an illegal line, bail out */ -- cgit v1.2.1 From ce945bd2f08f808ce76ba1a8b0026a3bcd9d45fb Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 30 Jun 2004 12:05:07 +0000 Subject: 5K array on the stack is a big hefty, it is now allocated with malloc instead --- lib/cookie.c | 35 +++++++++++++++++++---------------- 1 file changed, 19 insertions(+), 16 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 66309d767..8d8d100f0 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -638,17 +638,15 @@ struct CookieInfo *Curl_cookie_init(struct SessionHandle *data, struct CookieInfo *inc, bool newsession) { - char line[MAX_COOKIE_LINE]; struct CookieInfo *c; FILE *fp; bool fromfile=TRUE; if(NULL == inc) { /* we didn't get a struct, create one */ - c = (struct CookieInfo *)malloc(sizeof(struct CookieInfo)); + c = (struct CookieInfo *)calloc(1, sizeof(struct CookieInfo)); if(!c) return NULL; /* failed to get memory */ - memset(c, 0, sizeof(struct CookieInfo)); c->filename = strdup(file?file:"none"); /* copy the name just in case */ } else { @@ -669,20 +667,25 @@ struct CookieInfo *Curl_cookie_init(struct SessionHandle *data, if(fp) { char *lineptr; bool headerline; - while(fgets(line, MAX_COOKIE_LINE, fp)) { - if(checkprefix("Set-Cookie:", line)) { - /* This is a cookie line, get it! */ - lineptr=&line[11]; - headerline=TRUE; - } - else { - lineptr=line; - headerline=FALSE; - } - while(*lineptr && isspace((int)*lineptr)) - lineptr++; - Curl_cookie_add(data, c, headerline, lineptr, NULL, NULL); + char *line = (char *)malloc(MAX_COOKIE_LINE); + if(line) { + while(fgets(line, MAX_COOKIE_LINE, fp)) { + if(checkprefix("Set-Cookie:", line)) { + /* This is a cookie line, get it! */ + lineptr=&line[11]; + headerline=TRUE; + } + else { + lineptr=line; + headerline=FALSE; + } + while(*lineptr && isspace((int)*lineptr)) + lineptr++; + + Curl_cookie_add(data, c, headerline, lineptr, NULL, NULL); + } + free(line); /* free the line buffer */ } if(fromfile) fclose(fp); -- cgit v1.2.1 From 0e03165467416b2637341ada829a9e16a003daa4 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 26 Jul 2004 15:42:07 +0000 Subject: Bertrand Demiddelaer fixed two missing newlines --- lib/cookie.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 8d8d100f0..da7ca1ba7 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -261,7 +261,7 @@ Curl_cookie_add(struct SessionHandle *data, /* Received and skipped a cookie with a domain using too few dots. */ badcookie=TRUE; /* mark this as a bad cookie */ - infof(data, "skipped cookie with illegal dotcount domain: %s", + infof(data, "skipped cookie with illegal dotcount domain: %s\n", whatptr); } else { @@ -289,7 +289,7 @@ Curl_cookie_add(struct SessionHandle *data, is not a domain to which the current host belongs. Mark as bad. */ badcookie=TRUE; - infof(data, "skipped cookie with bad tailmatch domain: %s", + infof(data, "skipped cookie with bad tailmatch domain: %s\n", whatptr); } } -- cgit v1.2.1 From de6ab3de22affd84eddd5ace857efb34a57aafc0 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 4 Aug 2004 12:26:27 +0000 Subject: Dylan Salisbury's fix to prevent us from accepting cookies from TLD only --- lib/cookie.c | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index da7ca1ba7..fe603c672 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -223,14 +223,9 @@ Curl_cookie_add(struct SessionHandle *data, const char *domptr=whatptr; int dotcount=1; - unsigned int i; - static const char *seventhree[]= { - "com", "edu", "net", "org", "gov", "mil", "int" - }; - - /* Count the dots, we need to make sure that there are THREE dots - in the normal domains, or TWO in the seventhree-domains. */ + /* Count the dots, we need to make sure that there are enough + of them. */ if('.' == whatptr[0]) /* don't count the initial dot, assume it */ @@ -244,13 +239,6 @@ Curl_cookie_add(struct SessionHandle *data, } } while(domptr); - for(i=0; - i Date: Mon, 13 Sep 2004 20:47:15 +0000 Subject: getdate.h is not required to include, it adds nothing new --- lib/cookie.c | 1 - 1 file changed, 1 deletion(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index fe603c672..b7a2237a3 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -88,7 +88,6 @@ Example set of cookies: #include "urldata.h" #include "cookie.h" -#include "getdate.h" #include "strequal.h" #include "strtok.h" #include "sendf.h" -- cgit v1.2.1 From be7ce435c036f893f6ce04c91d1cbec006a810e5 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Sun, 3 Oct 2004 21:02:01 +0000 Subject: Replaced the use of isspace() with our own version instead since we have most data as 'char *' and that makes us pass in negative values if there is 8bit data in the string. Changing to unsigned causes too much warnings or too many required typecasts to the normal string functions. --- lib/cookie.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index b7a2237a3..47ed95254 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -84,7 +84,6 @@ Example set of cookies: #include #include -#include #include "urldata.h" #include "cookie.h" @@ -98,6 +97,8 @@ Example set of cookies: #include "memdebug.h" #endif +#define my_isspace(x) ((x == ' ') || (x == '\t')) + static void freecookie(struct Cookie *co) { if(co->expirestr) @@ -175,7 +176,7 @@ Curl_cookie_add(struct SessionHandle *data, semiptr=strchr(lineptr, ';'); /* first, find a semicolon */ - while(*lineptr && isspace((int)*lineptr)) + while(*lineptr && my_isspace(*lineptr)) lineptr++; ptr = lineptr; @@ -198,14 +199,14 @@ Curl_cookie_add(struct SessionHandle *data, /* Strip off trailing whitespace from the 'what' */ size_t len=strlen(what); - while(len && isspace((int)what[len-1])) { + while(len && my_isspace(what[len-1])) { what[len-1]=0; len--; } /* Skip leading whitespace from the 'what' */ whatptr=what; - while(isspace((int)*whatptr)) { + while(my_isspace(*whatptr)) { whatptr++; } @@ -347,7 +348,7 @@ Curl_cookie_add(struct SessionHandle *data, } ptr=semiptr+1; - while(ptr && *ptr && isspace((int)*ptr)) + while(ptr && *ptr && my_isspace(*ptr)) ptr++; semiptr=strchr(ptr, ';'); /* now, find the next semicolon */ @@ -667,7 +668,7 @@ struct CookieInfo *Curl_cookie_init(struct SessionHandle *data, lineptr=line; headerline=FALSE; } - while(*lineptr && isspace((int)*lineptr)) + while(*lineptr && my_isspace(*lineptr)) lineptr++; Curl_cookie_add(data, c, headerline, lineptr, NULL, NULL); -- cgit v1.2.1 From 39af394a1c3ae1d8ac71ad263a7c524988702c2e Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 6 Oct 2004 07:50:18 +0000 Subject: removed tabs and trailing whitespace from source --- lib/cookie.c | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 47ed95254..528d88f65 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -29,20 +29,20 @@ RECEIVING COOKIE INFORMATION struct CookieInfo *cookie_init(char *file); - Inits a cookie struct to store data in a local file. This is always - called before any cookies are set. + Inits a cookie struct to store data in a local file. This is always + called before any cookies are set. int cookies_set(struct CookieInfo *cookie, char *cookie_line); - The 'cookie_line' parameter is a full "Set-cookie:" line as - received from a server. + The 'cookie_line' parameter is a full "Set-cookie:" line as + received from a server. - The function need to replace previously stored lines that this new - line superceeds. + The function need to replace previously stored lines that this new + line superceeds. - It may remove lines that are expired. + It may remove lines that are expired. - It should return an indication of success/error. + It should return an indication of success/error. SENDING COOKIE INFORMATION @@ -51,12 +51,12 @@ SENDING COOKIE INFORMATION struct Cookies *cookie_getlist(struct CookieInfo *cookie, char *host, char *path, bool secure); - For a given host and path, return a linked list of cookies that - the client should send to the server if used now. The secure - boolean informs the cookie if a secure connection is achieved or - not. + For a given host and path, return a linked list of cookies that + the client should send to the server if used now. The secure + boolean informs the cookie if a secure connection is achieved or + not. - It shall only return cookies that haven't expired. + It shall only return cookies that haven't expired. Example set of cookies: @@ -775,10 +775,10 @@ void Curl_cookie_freelist(struct Cookie *co) struct Cookie *next; if(co) { while(co) { - next = co->next; - free(co); /* we only free the struct since the "members" are all - just copied! */ - co = next; + next = co->next; + free(co); /* we only free the struct since the "members" are all + just copied! */ + co = next; } } } @@ -796,13 +796,13 @@ void Curl_cookie_cleanup(struct CookieInfo *c) struct Cookie *next; if(c) { if(c->filename) - free(c->filename); + free(c->filename); co = c->cookies; while(co) { - next = co->next; + next = co->next; freecookie(co); - co = next; + co = next; } free(c); /* free the base struct as well */ } -- cgit v1.2.1 From f40c9b83dfbeb1219f8944675d19404e917e1447 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Sat, 16 Oct 2004 13:54:40 +0000 Subject: libcurl leaked memory for cookies with the "max-age" field set. --- lib/cookie.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 528d88f65..f1750f6d8 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -111,6 +111,8 @@ static void freecookie(struct Cookie *co) free(co->name); if(co->value) free(co->value); + if(co->maxage) + free(co->maxage); free(co); } -- cgit v1.2.1 From ac269a8f68323db6b579f11f864035bc2691081d Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Sun, 5 Dec 2004 23:59:32 +0000 Subject: Dan Fandrich added the --disable-cookies option to configure to build libcurl without cookie support. This is mainly useful if you want to build a minimalistic libcurl with no cookies support at all. Like for embedded systems or similar. --- lib/cookie.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index f1750f6d8..ba4d295ab 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -80,7 +80,7 @@ Example set of cookies: #include "setup.h" -#ifndef CURL_DISABLE_HTTP +#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES) #include #include @@ -878,4 +878,4 @@ int Curl_cookie_output(struct CookieInfo *c, char *dumphere) return 0; } -#endif /* CURL_DISABLE_HTTP */ +#endif /* CURL_DISABLE_HTTP || CURL_DISABLE_COOKIES */ -- cgit v1.2.1 From 67abd4cd47cf0135c9ce0637f224624afad95c2f Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 22 Dec 2004 22:33:31 +0000 Subject: Rune Kleveland fixed a minor memory leak for received cookies with the (rare) version attribute set. --- lib/cookie.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index ba4d295ab..f6cfc29cf 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -113,6 +113,8 @@ static void freecookie(struct Cookie *co) free(co->value); if(co->maxage) free(co->maxage); + if(co->version) + free(co->version); free(co); } -- cgit v1.2.1 From 6f752c64bc18a9fdd0c0b2321faa230781280b8b Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Fri, 4 Mar 2005 00:26:50 +0000 Subject: Dave Dribin made it possible to set CURLOPT_COOKIEFILE to "" to activate the cookie "engine" without having to provide an empty or non-existing file. --- lib/cookie.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index f6cfc29cf..009bb9809 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -651,6 +651,10 @@ struct CookieInfo *Curl_cookie_init(struct SessionHandle *data, fp = stdin; fromfile=FALSE; } + else if(file && !*file) { + /* points to a "" string */ + fp = NULL; + } else fp = file?fopen(file, "r"):NULL; -- cgit v1.2.1 From ab4086bc244bf3267976e9f0193e5ed4430190d8 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 31 Mar 2005 07:02:02 +0000 Subject: Updated the copyright year since changes have been this year. --- lib/cookie.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 009bb9809..e608f72e1 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2004, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2005, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms -- cgit v1.2.1 From 6b1220b61d5ed2481dbf31714a68be6ef6eed3da Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 26 Apr 2005 13:08:49 +0000 Subject: Cory Nelson's work on nuking compiler warnings when building on x64 with VS2005. --- lib/cookie.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index e608f72e1..019c00b71 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -309,7 +309,7 @@ Curl_cookie_add(struct SessionHandle *data, break; } co->expires = - atoi((*co->maxage=='\"')?&co->maxage[1]:&co->maxage[0]) + now; + atoi((*co->maxage=='\"')?&co->maxage[1]:&co->maxage[0]) + (long)now; } else if(strequal("expires", name)) { co->expirestr=strdup(whatptr); @@ -317,7 +317,7 @@ Curl_cookie_add(struct SessionHandle *data, badcookie = TRUE; break; } - co->expires = curl_getdate(what, &now); + co->expires = (long)curl_getdate(what, &now); } else if(!co->name) { co->name = strdup(name); -- cgit v1.2.1 From 2236ba0d206fe9fef5d93889ee652feaa03fe089 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 27 Jul 2005 22:17:14 +0000 Subject: Peteris Krumins added CURLOPT_COOKIELIST and CURLINFO_COOKIELIST, which is a simple interface to extracting and setting cookies in libcurl's internal "cookie jar". See the new cookie_interface.c example code. --- lib/cookie.c | 90 ++++++++++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 70 insertions(+), 20 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 019c00b71..00ea0d635 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -85,6 +85,9 @@ Example set of cookies: #include #include +#define _MPRINTF_REPLACE /* without this on windows OS we get undefined reference to snprintf */ +#include + #include "urldata.h" #include "cookie.h" #include "strequal.h" @@ -816,6 +819,34 @@ void Curl_cookie_cleanup(struct CookieInfo *c) } } +/* get_netscape_format() + * + * Formats a string for Netscape output file, w/o a newline at the end. + * + * Function returns a char * to a formatted line. Has to be free()d +*/ +static char *get_netscape_format(const struct Cookie *co) +{ + return aprintf( + "%s%s\t" /* domain */ + "%s\t" /* tailmatch */ + "%s\t" /* path */ + "%s\t" /* secure */ + "%u\t" /* expires */ + "%s\t" /* name */ + "%s", /* value */ + /* Make sure all domains are prefixed with a dot if they allow + tailmatching. This is Mozilla-style. */ + (co->tailmatch && co->domain && co->domain[0] != '.')? ".":"", + co->domain?co->domain:"unknown", + co->tailmatch?"TRUE":"FALSE", + co->path?co->path:"/", + co->secure?"TRUE":"FALSE", + (unsigned int)co->expires, + co->name, + co->value?co->value:""); +} + /* * Curl_cookie_output() * @@ -847,6 +878,8 @@ int Curl_cookie_output(struct CookieInfo *c, char *dumphere) } if(c) { + char *format_ptr; + fputs("# Netscape HTTP Cookie File\n" "# http://www.netscape.com/newsref/std/cookie_spec.html\n" "# This file was generated by libcurl! Edit at your own risk.\n\n", @@ -854,26 +887,13 @@ int Curl_cookie_output(struct CookieInfo *c, char *dumphere) co = c->cookies; while(co) { - fprintf(out, - "%s%s\t" /* domain */ - "%s\t" /* tailmatch */ - "%s\t" /* path */ - "%s\t" /* secure */ - "%u\t" /* expires */ - "%s\t" /* name */ - "%s\n", /* value */ - - /* Make sure all domains are prefixed with a dot if they allow - tailmatching. This is Mozilla-style. */ - (co->tailmatch && co->domain && co->domain[0] != '.')? ".":"", - co->domain?co->domain:"unknown", - co->tailmatch?"TRUE":"FALSE", - co->path?co->path:"/", - co->secure?"TRUE":"FALSE", - (unsigned int)co->expires, - co->name, - co->value?co->value:""); - + format_ptr = get_netscape_format(co); + if (format_ptr == NULL) { + fprintf(out, "#\n# Fatal libcurl error\n"); + return 1; + } + fprintf(out, "%s\n", format_ptr); + free(format_ptr); co=co->next; } } @@ -884,4 +904,34 @@ int Curl_cookie_output(struct CookieInfo *c, char *dumphere) return 0; } +struct curl_slist *Curl_cookie_list(struct SessionHandle *data) +{ + struct curl_slist *list = NULL; + struct curl_slist *beg; + struct Cookie *c; + char *line; + + if (data->cookies == NULL) return NULL; + if (data->cookies->numcookies == 0) return NULL; + + c = data->cookies->cookies; + + beg = list; + while (c) { + /* fill the list with _all_ the cookies we know */ + line = get_netscape_format(c); + if (line == NULL) { + /* get_netscape_format returns null only if we run out of memory */ + + curl_slist_free_all(beg); /* free some memory */ + return NULL; + } + list = curl_slist_append(list, line); + free(line); + c = c->next; + } + + return list; +} + #endif /* CURL_DISABLE_HTTP || CURL_DISABLE_COOKIES */ -- cgit v1.2.1 From 1c388a52a5bb87844700b9eaf3ddf0a1f2647afe Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 28 Jul 2005 21:49:58 +0000 Subject: curl standard indent/format --- lib/cookie.c | 43 ++++++++++++++++++++++--------------------- 1 file changed, 22 insertions(+), 21 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 00ea0d635..0328f20d8 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -906,32 +906,33 @@ int Curl_cookie_output(struct CookieInfo *c, char *dumphere) struct curl_slist *Curl_cookie_list(struct SessionHandle *data) { - struct curl_slist *list = NULL; - struct curl_slist *beg; - struct Cookie *c; - char *line; + struct curl_slist *list = NULL; + struct curl_slist *beg; + struct Cookie *c; + char *line; - if (data->cookies == NULL) return NULL; - if (data->cookies->numcookies == 0) return NULL; + if ((data->cookies == NULL) || + (data->cookies->numcookies == 0)) + return NULL; - c = data->cookies->cookies; + c = data->cookies->cookies; - beg = list; - while (c) { - /* fill the list with _all_ the cookies we know */ - line = get_netscape_format(c); - if (line == NULL) { - /* get_netscape_format returns null only if we run out of memory */ + beg = list; + while (c) { + /* fill the list with _all_ the cookies we know */ + line = get_netscape_format(c); + if (line == NULL) { + /* get_netscape_format returns null only if we run out of memory */ - curl_slist_free_all(beg); /* free some memory */ - return NULL; - } - list = curl_slist_append(list, line); - free(line); - c = c->next; - } + curl_slist_free_all(beg); /* free some memory */ + return NULL; + } + list = curl_slist_append(list, line); + free(line); + c = c->next; + } - return list; + return list; } #endif /* CURL_DISABLE_HTTP || CURL_DISABLE_COOKIES */ -- cgit v1.2.1 From a676c18502d5ec3128db11accf04d6de3f9be949 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 17 Aug 2005 08:55:43 +0000 Subject: - Jeff Pohlmeyer found out that if you ask libcurl to load a cookiefile (with CURLOPT_COOKIEFILE), add a cookie (with CURLOPT_COOKIELIST), tell it to write the result to a given cookie jar and then never actually call curl_easy_perform() - the given file(s) to read was never read but the output file was written and thus it caused a "funny" result. - While doing some tests for the bug above, I noticed that Firefox generates large numbers (for the expire time) in the cookies.txt file and libcurl didn't treat them properly. Now it does. --- lib/cookie.c | 29 ++++++++++++++++++++++++++--- 1 file changed, 26 insertions(+), 3 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 0328f20d8..0f6d681db 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -94,6 +94,8 @@ Example set of cookies: #include "strtok.h" #include "sendf.h" #include "memory.h" +#include "share.h" +#include "strtoofft.h" /* The last #include file should be: */ #ifdef CURLDEBUG @@ -133,6 +135,27 @@ static bool tailmatch(const char *little, const char *bigone) return (bool)strequal(little, bigone+biglen-littlelen); } +/* + * Load cookies from all given cookie files (CURLOPT_COOKIEFILE). + */ +void Curl_cookie_loadfiles(struct SessionHandle *data) +{ + struct curl_slist *list = data->change.cookielist; + if(list) { + Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE); + while(list) { + data->cookies = Curl_cookie_init(data, + list->data, + data->cookies, + data->set.cookiesession); + list = list->next; + } + Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE); + curl_slist_free_all(data->change.cookielist); /* clean up list */ + data->change.cookielist = NULL; /* don't do this again! */ + } +} + /**************************************************************************** * * Curl_cookie_add() @@ -473,7 +496,7 @@ Curl_cookie_add(struct SessionHandle *data, co->secure = (bool)strequal(ptr, "TRUE"); break; case 4: - co->expires = atoi(ptr); + co->expires = curlx_strtoofft(ptr, NULL, 10); break; case 5: co->name = strdup(ptr); @@ -832,7 +855,7 @@ static char *get_netscape_format(const struct Cookie *co) "%s\t" /* tailmatch */ "%s\t" /* path */ "%s\t" /* secure */ - "%u\t" /* expires */ + "%" FORMAT_OFF_T "\t" /* expires */ "%s\t" /* name */ "%s", /* value */ /* Make sure all domains are prefixed with a dot if they allow @@ -842,7 +865,7 @@ static char *get_netscape_format(const struct Cookie *co) co->tailmatch?"TRUE":"FALSE", co->path?co->path:"/", co->secure?"TRUE":"FALSE", - (unsigned int)co->expires, + co->expires, co->name, co->value?co->value:""); } -- cgit v1.2.1 From 90e1a6905af29782c3bc7f106754d0908c074348 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 17 Aug 2005 09:11:27 +0000 Subject: remove the typecast to long from time_t, since we now store it as curl_off_t --- lib/cookie.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 0f6d681db..a8519c4e3 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -343,7 +343,7 @@ Curl_cookie_add(struct SessionHandle *data, badcookie = TRUE; break; } - co->expires = (long)curl_getdate(what, &now); + co->expires = curl_getdate(what, &now); } else if(!co->name) { co->name = strdup(name); -- cgit v1.2.1 From 606562aa7ea28ee0fdd5bf2cd6febada9594ad19 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 24 May 2006 22:46:38 +0000 Subject: Michael Wallner provided a patch that allows "SESS" to be set with CURLOPT_COOKIELIST, which then makes all session cookies get cleared. (slightly edited by me, and the re-indent in cookie.c was also done by me) --- lib/cookie.c | 254 +++++++++++++++++++++++++++++++++++------------------------ 1 file changed, 153 insertions(+), 101 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index a8519c4e3..d934868ca 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2005, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2006, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -733,68 +733,81 @@ struct CookieInfo *Curl_cookie_init(struct SessionHandle *data, struct Cookie *Curl_cookie_getlist(struct CookieInfo *c, char *host, char *path, bool secure) { - struct Cookie *newco; - struct Cookie *co; - time_t now = time(NULL); - struct Cookie *mainco=NULL; - - if(!c || !c->cookies) - return NULL; /* no cookie struct or no cookies in the struct */ - - co = c->cookies; - - while(co) { - /* only process this cookie if it is not expired or had no expire - date AND that if the cookie requires we're secure we must only - continue if we are! */ - if( (co->expires<=0 || (co->expires> now)) && - (co->secure?secure:TRUE) ) { - - /* now check if the domain is correct */ - if(!co->domain || - (co->tailmatch && tailmatch(co->domain, host)) || - (!co->tailmatch && strequal(host, co->domain)) ) { - /* the right part of the host matches the domain stuff in the - cookie data */ - - /* now check the left part of the path with the cookies path - requirement */ - if(!co->path || - checkprefix(co->path, path) ) { - - /* and now, we know this is a match and we should create an - entry for the return-linked-list */ - - newco = (struct Cookie *)malloc(sizeof(struct Cookie)); - if(newco) { - /* first, copy the whole source cookie: */ - memcpy(newco, co, sizeof(struct Cookie)); - - /* then modify our next */ - newco->next = mainco; - - /* point the main to us */ - mainco = newco; - } - else { - /* failure, clear up the allocated chain and return NULL */ - while(mainco) { - co = mainco->next; - free(mainco); - mainco = co; - } - - return NULL; - } - } - } - } - co = co->next; - } - - return mainco; /* return the new list */ + struct Cookie *newco; + struct Cookie *co; + time_t now = time(NULL); + struct Cookie *mainco=NULL; + + if(!c || !c->cookies) + return NULL; /* no cookie struct or no cookies in the struct */ + + co = c->cookies; + + while(co) { + /* only process this cookie if it is not expired or had no expire + date AND that if the cookie requires we're secure we must only + continue if we are! */ + if( (co->expires<=0 || (co->expires> now)) && + (co->secure?secure:TRUE) ) { + + /* now check if the domain is correct */ + if(!co->domain || + (co->tailmatch && tailmatch(co->domain, host)) || + (!co->tailmatch && strequal(host, co->domain)) ) { + /* the right part of the host matches the domain stuff in the + cookie data */ + + /* now check the left part of the path with the cookies path + requirement */ + if(!co->path || + checkprefix(co->path, path) ) { + + /* and now, we know this is a match and we should create an + entry for the return-linked-list */ + + newco = (struct Cookie *)malloc(sizeof(struct Cookie)); + if(newco) { + /* first, copy the whole source cookie: */ + memcpy(newco, co, sizeof(struct Cookie)); + + /* then modify our next */ + newco->next = mainco; + + /* point the main to us */ + mainco = newco; + } + else { + /* failure, clear up the allocated chain and return NULL */ + while(mainco) { + co = mainco->next; + free(mainco); + mainco = co; + } + + return NULL; + } + } + } + } + co = co->next; + } + + return mainco; /* return the new list */ } +/***************************************************************************** + * + * Curl_cookie_clearall() + * + * Clear all existing cookies and reset the counter. + * + ****************************************************************************/ +void Curl_cookie_clearall(struct CookieInfo *cookies) +{ + Curl_cookie_freelist(cookies->cookies); + cookies->cookies = NULL; + cookies->numcookies = 0; +} /***************************************************************************** * @@ -806,17 +819,56 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c, void Curl_cookie_freelist(struct Cookie *co) { - struct Cookie *next; - if(co) { - while(co) { - next = co->next; - free(co); /* we only free the struct since the "members" are all + struct Cookie *next; + if(co) { + while(co) { + next = co->next; + free(co); /* we only free the struct since the "members" are all just copied! */ - co = next; - } - } + co = next; + } + } +} + + +/***************************************************************************** + * + * Curl_cookie_clearsess() + * + * Free all session cookies in the cookies list. + * + ****************************************************************************/ +void Curl_cookie_clearsess(struct CookieInfo *cookies) +{ + struct Cookie *first, *curr, *next, *prev = NULL; + + if(!cookies->cookies) + return; + + first = curr = prev = cookies->cookies; + + for(; curr; curr = next) { + next = curr->next; + if(!curr->expires) { + if(first == curr) + first = next; + + if(prev == curr) + prev = next; + else + prev->next = next; + + free(curr); + cookies->numcookies--; + } + else + prev = curr; + } + + cookies->cookies = first; } + /***************************************************************************** * * Curl_cookie_cleanup() @@ -826,20 +878,20 @@ void Curl_cookie_freelist(struct Cookie *co) ****************************************************************************/ void Curl_cookie_cleanup(struct CookieInfo *c) { - struct Cookie *co; - struct Cookie *next; - if(c) { - if(c->filename) - free(c->filename); - co = c->cookies; - - while(co) { - next = co->next; - freecookie(co); - co = next; - } - free(c); /* free the base struct as well */ - } + struct Cookie *co; + struct Cookie *next; + if(c) { + if(c->filename) + free(c->filename); + co = c->cookies; + + while(co) { + next = co->next; + freecookie(co); + co = next; + } + free(c); /* free the base struct as well */ + } } /* get_netscape_format() @@ -850,24 +902,24 @@ void Curl_cookie_cleanup(struct CookieInfo *c) */ static char *get_netscape_format(const struct Cookie *co) { - return aprintf( - "%s%s\t" /* domain */ - "%s\t" /* tailmatch */ - "%s\t" /* path */ - "%s\t" /* secure */ - "%" FORMAT_OFF_T "\t" /* expires */ - "%s\t" /* name */ - "%s", /* value */ - /* Make sure all domains are prefixed with a dot if they allow - tailmatching. This is Mozilla-style. */ - (co->tailmatch && co->domain && co->domain[0] != '.')? ".":"", - co->domain?co->domain:"unknown", - co->tailmatch?"TRUE":"FALSE", - co->path?co->path:"/", - co->secure?"TRUE":"FALSE", - co->expires, - co->name, - co->value?co->value:""); + return aprintf( + "%s%s\t" /* domain */ + "%s\t" /* tailmatch */ + "%s\t" /* path */ + "%s\t" /* secure */ + "%" FORMAT_OFF_T "\t" /* expires */ + "%s\t" /* name */ + "%s", /* value */ + /* Make sure all domains are prefixed with a dot if they allow + tailmatching. This is Mozilla-style. */ + (co->tailmatch && co->domain && co->domain[0] != '.')? ".":"", + co->domain?co->domain:"unknown", + co->tailmatch?"TRUE":"FALSE", + co->path?co->path:"/", + co->secure?"TRUE":"FALSE", + co->expires, + co->name, + co->value?co->value:""); } /* -- cgit v1.2.1 From 28611704d991dcc0358705937af83d291b7e1f30 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Sat, 8 Jul 2006 18:52:08 +0000 Subject: Ates Goral pointed out that libcurl's cookie parser did case insensitive string comparisons on the path which is incorrect and provided a patch that fixes this. I edited test case 8 to include details that test for this. --- lib/cookie.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index d934868ca..00f7b0fa7 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -760,7 +760,9 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c, /* now check the left part of the path with the cookies path requirement */ if(!co->path || - checkprefix(co->path, path) ) { + /* not using checkprefix() because matching should be + case-sensitive */ + !strncmp(co->path, path, strlen(co->path)) ) { /* and now, we know this is a match and we should create an entry for the return-linked-list */ -- cgit v1.2.1 From 68e9f7570839383e90451082a447733c988d9c9b Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 27 Sep 2006 21:00:45 +0000 Subject: As reported in bug: #1566077 the former URL mentioned in the generated cookie jar has died and we now instead point out our own version of that --- lib/cookie.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 00f7b0fa7..0cd79d36e 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -958,7 +958,7 @@ int Curl_cookie_output(struct CookieInfo *c, char *dumphere) char *format_ptr; fputs("# Netscape HTTP Cookie File\n" - "# http://www.netscape.com/newsref/std/cookie_spec.html\n" + "# http://curlm.haxx.se/rfc/cookie_spec.html\n" "# This file was generated by libcurl! Edit at your own risk.\n\n", out); co = c->cookies; -- cgit v1.2.1 From 277df1c6b1dcb89ad3bfc63b2da48adb427865a1 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Sat, 13 Jan 2007 23:32:14 +0000 Subject: make Curl_cookie_clearall() survive getting called with a NULL pointer --- lib/cookie.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 0cd79d36e..2856ad882 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2006, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2007, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -806,9 +806,11 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c, ****************************************************************************/ void Curl_cookie_clearall(struct CookieInfo *cookies) { - Curl_cookie_freelist(cookies->cookies); - cookies->cookies = NULL; - cookies->numcookies = 0; + if(cookies) { + Curl_cookie_freelist(cookies->cookies); + cookies->cookies = NULL; + cookies->numcookies = 0; + } } /***************************************************************************** -- cgit v1.2.1 From 6d05a33ed92b76a1166bca069382f5d03302153c Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Tue, 13 Feb 2007 17:47:27 +0000 Subject: use our own ISBLANK macro --- lib/cookie.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 2856ad882..41a366d2d 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -102,7 +102,6 @@ Example set of cookies: #include "memdebug.h" #endif -#define my_isspace(x) ((x == ' ') || (x == '\t')) static void freecookie(struct Cookie *co) { @@ -206,7 +205,7 @@ Curl_cookie_add(struct SessionHandle *data, semiptr=strchr(lineptr, ';'); /* first, find a semicolon */ - while(*lineptr && my_isspace(*lineptr)) + while(*lineptr && ISBLANK(*lineptr)) lineptr++; ptr = lineptr; @@ -229,14 +228,14 @@ Curl_cookie_add(struct SessionHandle *data, /* Strip off trailing whitespace from the 'what' */ size_t len=strlen(what); - while(len && my_isspace(what[len-1])) { + while(len && ISBLANK(what[len-1])) { what[len-1]=0; len--; } /* Skip leading whitespace from the 'what' */ whatptr=what; - while(my_isspace(*whatptr)) { + while(*whatptr && ISBLANK(*whatptr)) { whatptr++; } @@ -378,7 +377,7 @@ Curl_cookie_add(struct SessionHandle *data, } ptr=semiptr+1; - while(ptr && *ptr && my_isspace(*ptr)) + while(ptr && *ptr && ISBLANK(*ptr)) ptr++; semiptr=strchr(ptr, ';'); /* now, find the next semicolon */ @@ -702,7 +701,7 @@ struct CookieInfo *Curl_cookie_init(struct SessionHandle *data, lineptr=line; headerline=FALSE; } - while(*lineptr && my_isspace(*lineptr)) + while(*lineptr && ISBLANK(*lineptr)) lineptr++; Curl_cookie_add(data, c, headerline, lineptr, NULL, NULL); -- cgit v1.2.1 From 5c3f36b4b49961eca00c4d4cdf82dec64286f79b Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Wed, 14 Feb 2007 04:45:30 +0000 Subject: compiler warning fix --- lib/cookie.c | 1 + 1 file changed, 1 insertion(+) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 41a366d2d..913ffabeb 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -84,6 +84,7 @@ Example set of cookies: #include #include +#include #define _MPRINTF_REPLACE /* without this on windows OS we get undefined reference to snprintf */ #include -- cgit v1.2.1 From fbcf86b83ee2a49b5627cc45545777f2a3fc488a Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Wed, 14 Feb 2007 13:31:37 +0000 Subject: avoid using funtion isblank() and just use our ISBLANK macro to provide this functionality on all platforms --- lib/cookie.c | 1 - 1 file changed, 1 deletion(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 913ffabeb..41a366d2d 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -84,7 +84,6 @@ Example set of cookies: #include #include -#include #define _MPRINTF_REPLACE /* without this on windows OS we get undefined reference to snprintf */ #include -- cgit v1.2.1 From f08ac8683418e2d241f12661521f003eef902720 Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Sun, 25 Mar 2007 02:30:58 +0000 Subject: fix compiler warning --- lib/cookie.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 41a366d2d..4a33845ab 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -188,6 +188,10 @@ Curl_cookie_add(struct SessionHandle *data, bool replace_old = FALSE; bool badcookie = FALSE; /* cookies are good by default. mmmmm yummy */ +#ifdef CURL_DISABLE_VERBOSE_STRINGS + (void)data; +#endif + /* First, alloc and init a new struct for it */ co = (struct Cookie *)calloc(sizeof(struct Cookie), 1); if(!co) -- cgit v1.2.1 From 7e74349b86386f0fb33e7323f70b10300d64eaf3 Mon Sep 17 00:00:00 2001 From: Dan Fandrich Date: Wed, 4 Apr 2007 22:49:12 +0000 Subject: Fixed file handle leak in OOM condition. --- lib/cookie.c | 1 + 1 file changed, 1 insertion(+) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 4a33845ab..e64bc49e9 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -972,6 +972,7 @@ int Curl_cookie_output(struct CookieInfo *c, char *dumphere) format_ptr = get_netscape_format(co); if (format_ptr == NULL) { fprintf(out, "#\n# Fatal libcurl error\n"); + fclose(out); return 1; } fprintf(out, "%s\n", format_ptr); -- cgit v1.2.1 From d9e89e170f0b00de8f4b36bd20a5b5ad4110366c Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Sat, 7 Apr 2007 04:51:35 +0000 Subject: fix out of memory handling issue --- lib/cookie.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index e64bc49e9..d25eb69c3 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -1005,13 +1005,18 @@ struct curl_slist *Curl_cookie_list(struct SessionHandle *data) /* fill the list with _all_ the cookies we know */ line = get_netscape_format(c); if (line == NULL) { - /* get_netscape_format returns null only if we run out of memory */ - - curl_slist_free_all(beg); /* free some memory */ + curl_slist_free_all(beg); return NULL; } list = curl_slist_append(list, line); free(line); + if (list == NULL) { + curl_slist_free_all(beg); + return NULL; + } + else if (beg == NULL) { + beg = list; + } c = c->next; } -- cgit v1.2.1 From 1b66c1da6c6cf6e33bedbc01c93f5d4c48de4e55 Mon Sep 17 00:00:00 2001 From: Dan Fandrich Date: Wed, 29 Aug 2007 05:36:53 +0000 Subject: Added lots of consts --- lib/cookie.c | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index d25eb69c3..2036c79d8 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -172,16 +172,13 @@ Curl_cookie_add(struct SessionHandle *data, struct CookieInfo *c, bool httpheader, /* TRUE if HTTP header-style line */ char *lineptr, /* first character of the line */ - char *domain, /* default domain */ - char *path) /* full path used when this cookie is set, + const char *domain, /* default domain */ + const char *path) /* full path used when this cookie is set, used to get default path for the cookie unless set */ { struct Cookie *clist; - char *what; char name[MAX_NAME]; - char *ptr; - char *semiptr; struct Cookie *co; struct Cookie *lastc=NULL; time_t now = time(NULL); @@ -199,7 +196,10 @@ Curl_cookie_add(struct SessionHandle *data, if(httpheader) { /* This line was read off a HTTP-header */ - char *sep; + const char *ptr; + const char *sep; + const char *semiptr; + char *what; what = malloc(MAX_COOKIE_LINE); if(!what) { @@ -228,7 +228,7 @@ Curl_cookie_add(struct SessionHandle *data, name, what)) { /* this is a = pair */ - char *whatptr; + const char *whatptr; /* Strip off trailing whitespace from the 'what' */ size_t len=strlen(what); @@ -428,6 +428,7 @@ Curl_cookie_add(struct SessionHandle *data, else { /* This line is NOT a HTTP header style line, we do offer support for reading the odd netscape cookies-file format here */ + char *ptr; char *firstptr; char *tok_buf; int fields; @@ -655,7 +656,7 @@ Curl_cookie_add(struct SessionHandle *data, * ****************************************************************************/ struct CookieInfo *Curl_cookie_init(struct SessionHandle *data, - char *file, + const char *file, struct CookieInfo *inc, bool newsession) { @@ -734,7 +735,8 @@ struct CookieInfo *Curl_cookie_init(struct SessionHandle *data, ****************************************************************************/ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c, - char *host, char *path, bool secure) + const char *host, const char *path, + bool secure) { struct Cookie *newco; struct Cookie *co; @@ -937,7 +939,7 @@ static char *get_netscape_format(const struct Cookie *co) * * The function returns non-zero on write failure. */ -int Curl_cookie_output(struct CookieInfo *c, char *dumphere) +int Curl_cookie_output(struct CookieInfo *c, const char *dumphere) { struct Cookie *co; FILE *out; -- cgit v1.2.1 From cbd1a77ec24e397d05f20c6de106625676343c9d Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 7 Nov 2007 09:21:35 +0000 Subject: if () => if() while () => while() and some other minor re-indentings --- lib/cookie.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 2036c79d8..4fb477cbe 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -483,7 +483,7 @@ Curl_cookie_add(struct SessionHandle *data, /* It turns out, that sometimes the file format allows the path field to remain not filled in, we try to detect this and work around it! Andrés García made us aware of this... */ - if (strcmp("TRUE", ptr) && strcmp("FALSE", ptr)) { + if(strcmp("TRUE", ptr) && strcmp("FALSE", ptr)) { /* only if the path doesn't look like a boolean option! */ co->path = strdup(ptr); if(!co->path) @@ -972,7 +972,7 @@ int Curl_cookie_output(struct CookieInfo *c, const char *dumphere) while(co) { format_ptr = get_netscape_format(co); - if (format_ptr == NULL) { + if(format_ptr == NULL) { fprintf(out, "#\n# Fatal libcurl error\n"); fclose(out); return 1; @@ -996,27 +996,27 @@ struct curl_slist *Curl_cookie_list(struct SessionHandle *data) struct Cookie *c; char *line; - if ((data->cookies == NULL) || + if((data->cookies == NULL) || (data->cookies->numcookies == 0)) return NULL; c = data->cookies->cookies; beg = list; - while (c) { + while(c) { /* fill the list with _all_ the cookies we know */ line = get_netscape_format(c); - if (line == NULL) { + if(line == NULL) { curl_slist_free_all(beg); return NULL; } list = curl_slist_append(list, line); free(line); - if (list == NULL) { + if(list == NULL) { curl_slist_free_all(beg); return NULL; } - else if (beg == NULL) { + else if(beg == NULL) { beg = list; } c = c->next; -- cgit v1.2.1 From c914e6ea5dad4dc6281b189a9b1f20bc77c223c8 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 23 Jan 2008 22:22:12 +0000 Subject: "Igor" pointed out that CURLOPT_COOKIELIST set to "ALL" leaked memory, and so did "SESS". Fixed now. --- lib/cookie.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 4fb477cbe..3e6c8a1cd 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2007, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2008, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -812,7 +812,7 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c, void Curl_cookie_clearall(struct CookieInfo *cookies) { if(cookies) { - Curl_cookie_freelist(cookies->cookies); + Curl_cookie_freelist(cookies->cookies, TRUE); cookies->cookies = NULL; cookies->numcookies = 0; } @@ -824,16 +824,22 @@ void Curl_cookie_clearall(struct CookieInfo *cookies) * * Free a list of cookies previously returned by Curl_cookie_getlist(); * + * The 'cookiestoo' argument tells this function whether to just free the + * list or actually also free all cookies within the list as well. + * ****************************************************************************/ -void Curl_cookie_freelist(struct Cookie *co) +void Curl_cookie_freelist(struct Cookie *co, bool cookiestoo) { struct Cookie *next; if(co) { while(co) { next = co->next; - free(co); /* we only free the struct since the "members" are all - just copied! */ + if(cookiestoo) + freecookie(co); + else + free(co); /* we only free the struct since the "members" are all just + pointed out in the main cookie list! */ co = next; } } @@ -867,7 +873,7 @@ void Curl_cookie_clearsess(struct CookieInfo *cookies) else prev->next = next; - free(curr); + freecookie(curr); cookies->numcookies--; } else -- cgit v1.2.1 From a62e155ca4d9e1db640d897bfbabbd4bf865b777 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 31 Jan 2008 12:21:57 +0000 Subject: - Niklas Angebrand made the cookie support in libcurl properly deal with the "HttpOnly" feature introduced by Microsoft and apparently also supported by Firefox: http://msdn2.microsoft.com/en-us/library/ms533046.aspx . HttpOnly is now supported when received from servers in HTTP headers, when written to cookie jars and when read from existing cookie jars. --- lib/cookie.c | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 3e6c8a1cd..f2dabd8e2 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -367,8 +367,12 @@ Curl_cookie_add(struct SessionHandle *data, else { if(sscanf(ptr, "%" MAX_COOKIE_LINE_TXT "[^;\r\n]", what)) { - if(strequal("secure", what)) + if(strequal("secure", what)) { co->secure = TRUE; + } + else if (strequal("httponly", what)) { + co->httponly = TRUE; + } /* else, unsupported keyword without assign! */ @@ -433,6 +437,19 @@ Curl_cookie_add(struct SessionHandle *data, char *tok_buf; int fields; + /* IE introduced HTTP-only cookies to prevent XSS attacks. Cookies + marked with httpOnly after the domain name are not accessible + from javascripts, but since curl does not operate at javascript + level, we include them anyway. In Firefox's cookie files, these + lines are preceeded with #HttpOnly_ and then everything is + as usual, so we skip 10 characters of the line.. + */ + if (strncmp(lineptr, "#HttpOnly_", 10) == 0) { + lineptr += 10; + co->httponly = TRUE; + } + + if(lineptr[0]=='#') { /* don't even try the comments */ free(co); @@ -918,6 +935,7 @@ void Curl_cookie_cleanup(struct CookieInfo *c) static char *get_netscape_format(const struct Cookie *co) { return aprintf( + "%s" /* httponly preamble */ "%s%s\t" /* domain */ "%s\t" /* tailmatch */ "%s\t" /* path */ @@ -925,6 +943,7 @@ static char *get_netscape_format(const struct Cookie *co) "%" FORMAT_OFF_T "\t" /* expires */ "%s\t" /* name */ "%s", /* value */ + co->httponly?"#HttpOnly_":"", /* Make sure all domains are prefixed with a dot if they allow tailmatching. This is Mozilla-style. */ (co->tailmatch && co->domain && co->domain[0] != '.')? ".":"", -- cgit v1.2.1 From 66fb9ca5f6de6eb74c2c3ade7ee651a299247749 Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Fri, 15 Aug 2008 02:58:15 +0000 Subject: For congruency sake with the naming of other CURL_XXXXXX_CURL_OFF_T macros, the names of the curl_off_t formatting string directives now become CURL_FORMAT_CURL_OFF_T and CURL_FORMAT_CURL_OFF_TU. CURL_FMT_OFF_T -> CURL_FORMAT_CURL_OFF_T CURL_FMT_OFF_TU -> CURL_FORMAT_CURL_OFF_TU Remove the use of an internal name for the curl_off_t formatting string directives and use the common one available from the inside and outside of the library. FORMAT_OFF_T -> CURL_FORMAT_CURL_OFF_T FORMAT_OFF_TU -> CURL_FORMAT_CURL_OFF_TU --- lib/cookie.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index f2dabd8e2..f0463be4a 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -940,7 +940,7 @@ static char *get_netscape_format(const struct Cookie *co) "%s\t" /* tailmatch */ "%s\t" /* path */ "%s\t" /* secure */ - "%" FORMAT_OFF_T "\t" /* expires */ + "%" CURL_FORMAT_CURL_OFF_T "\t" /* expires */ "%s\t" /* name */ "%s", /* value */ co->httponly?"#HttpOnly_":"", -- cgit v1.2.1 From ad638da2c29a61babb50fdced0333393416a199a Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Sat, 16 Aug 2008 01:33:59 +0000 Subject: Library internal only C preprocessor macros FORMAT_OFF_T and FORMAT_OFF_TU remain in use as internal curl_off_t print formatting strings for the internal *printf functions which still cannot handle print formatting string directives such as "I64d", "I64u", and others available on MSVC, MinGW, Intel's ICC, and other DOS/Windows compilers. This reverts previous commit part which did: FORMAT_OFF_T -> CURL_FORMAT_CURL_OFF_T FORMAT_OFF_TU -> CURL_FORMAT_CURL_OFF_TU --- lib/cookie.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index f0463be4a..f2dabd8e2 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -940,7 +940,7 @@ static char *get_netscape_format(const struct Cookie *co) "%s\t" /* tailmatch */ "%s\t" /* path */ "%s\t" /* secure */ - "%" CURL_FORMAT_CURL_OFF_T "\t" /* expires */ + "%" FORMAT_OFF_T "\t" /* expires */ "%s\t" /* name */ "%s", /* value */ co->httponly?"#HttpOnly_":"", -- cgit v1.2.1 From e138ae5ec968798abf6e110bfcb51ef69bb7ac9a Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 28 Aug 2008 11:35:54 +0000 Subject: - I'm abandoning the system with the web site mirrors (but keeping download files bing mirrored) and thus I've changed the URL in the cookiejar header to no longer use curlm.haxx.se but instead use the main site curl.haxx.se --- lib/cookie.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index f2dabd8e2..93d088d75 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -990,7 +990,7 @@ int Curl_cookie_output(struct CookieInfo *c, const char *dumphere) char *format_ptr; fputs("# Netscape HTTP Cookie File\n" - "# http://curlm.haxx.se/rfc/cookie_spec.html\n" + "# http://curl.haxx.se/rfc/cookie_spec.html\n" "# This file was generated by libcurl! Edit at your own risk.\n\n", out); co = c->cookies; -- cgit v1.2.1 From a622fd90b4c563a4fced20c5b88cb57537e809b0 Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Sat, 6 Sep 2008 04:47:14 +0000 Subject: remove unnecessary typecasting of calloc() --- lib/cookie.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 93d088d75..fada612dd 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -190,7 +190,7 @@ Curl_cookie_add(struct SessionHandle *data, #endif /* First, alloc and init a new struct for it */ - co = (struct Cookie *)calloc(sizeof(struct Cookie), 1); + co = calloc(sizeof(struct Cookie), 1); if(!co) return NULL; /* bail out if we're this low on memory */ @@ -683,7 +683,7 @@ struct CookieInfo *Curl_cookie_init(struct SessionHandle *data, if(NULL == inc) { /* we didn't get a struct, create one */ - c = (struct CookieInfo *)calloc(1, sizeof(struct CookieInfo)); + c = calloc(1, sizeof(struct CookieInfo)); if(!c) return NULL; /* failed to get memory */ c->filename = strdup(file?file:"none"); /* copy the name just in case */ -- cgit v1.2.1 From 59e378f48fed849e8e41f0bc6a10bf7a1732ae8a Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Sat, 6 Sep 2008 05:29:05 +0000 Subject: remove unnecessary typecasting of malloc() --- lib/cookie.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index fada612dd..59df3b64f 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -711,7 +711,7 @@ struct CookieInfo *Curl_cookie_init(struct SessionHandle *data, char *lineptr; bool headerline; - char *line = (char *)malloc(MAX_COOKIE_LINE); + char *line = malloc(MAX_COOKIE_LINE); if(line) { while(fgets(line, MAX_COOKIE_LINE, fp)) { if(checkprefix("Set-Cookie:", line)) { @@ -789,7 +789,7 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c, /* and now, we know this is a match and we should create an entry for the return-linked-list */ - newco = (struct Cookie *)malloc(sizeof(struct Cookie)); + newco = malloc(sizeof(struct Cookie)); if(newco) { /* first, copy the whole source cookie: */ memcpy(newco, co, sizeof(struct Cookie)); -- cgit v1.2.1 From f72a26d340fb675e03d21d7a86dbb5803cd18831 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 8 Sep 2008 11:36:19 +0000 Subject: - Stefan Krause pointed out that libcurl would wrongly send away cookies to sites in cases where the cookie clearly has a very old expiry date. The condition was simply that libcurl's date parser would fail to convert the date and it would then count as a (timed-based) match. Starting now, a missed date due to an unsupported date format or date range will now cause the cookie to not match. --- lib/cookie.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 59df3b64f..ed541a12f 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -338,7 +338,8 @@ Curl_cookie_add(struct SessionHandle *data, break; } co->expires = - atoi((*co->maxage=='\"')?&co->maxage[1]:&co->maxage[0]) + (long)now; + atoi((*co->maxage=='\"')?&co->maxage[1]:&co->maxage[0]) + + (long)now; } else if(strequal("expires", name)) { co->expirestr=strdup(whatptr); @@ -346,6 +347,9 @@ Curl_cookie_add(struct SessionHandle *data, badcookie = TRUE; break; } + /* Note that we store -1 in 'expires' here if the date couldn't + get parsed for whatever reason. This will have the effect that + the cookie won't match. */ co->expires = curl_getdate(what, &now); } else if(!co->name) { @@ -437,10 +441,10 @@ Curl_cookie_add(struct SessionHandle *data, char *tok_buf; int fields; - /* IE introduced HTTP-only cookies to prevent XSS attacks. Cookies - marked with httpOnly after the domain name are not accessible - from javascripts, but since curl does not operate at javascript - level, we include them anyway. In Firefox's cookie files, these + /* IE introduced HTTP-only cookies to prevent XSS attacks. Cookies + marked with httpOnly after the domain name are not accessible + from javascripts, but since curl does not operate at javascript + level, we include them anyway. In Firefox's cookie files, these lines are preceeded with #HttpOnly_ and then everything is as usual, so we skip 10 characters of the line.. */ @@ -753,7 +757,7 @@ struct CookieInfo *Curl_cookie_init(struct SessionHandle *data, struct Cookie *Curl_cookie_getlist(struct CookieInfo *c, const char *host, const char *path, - bool secure) + bool secure) { struct Cookie *newco; struct Cookie *co; @@ -769,7 +773,7 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c, /* only process this cookie if it is not expired or had no expire date AND that if the cookie requires we're secure we must only continue if we are! */ - if( (co->expires<=0 || (co->expires> now)) && + if( (!co->expires || (co->expires > now)) && (co->secure?secure:TRUE) ) { /* now check if the domain is correct */ -- cgit v1.2.1 From 18be9882f7ed8eaac5052e096c3868906385c1f6 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 13 Oct 2008 21:03:12 +0000 Subject: Removed superfluous check of clist->name, as in this code path that pointer has already been dereferenced so it is bound to be valid. Pointed out to us by coverity.com --- lib/cookie.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index ed541a12f..982bed063 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -614,8 +614,7 @@ Curl_cookie_add(struct SessionHandle *data, co->next = clist->next; /* get the next-pointer first */ /* then free all the old pointers */ - if(clist->name) - free(clist->name); + free(clist->name); if(clist->value) free(clist->value); if(clist->domain) -- cgit v1.2.1 From a579d6706436615845f57692921e0891fb6e3719 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 15 Oct 2008 21:43:48 +0000 Subject: - Pascal Terjan filed bug #2154627 (http://curl.haxx.se/bug/view.cgi?id=2154627) which pointed out that libcurl uses strcasecmp() in multiple places where it causes failures when the Turkish locale is used. This is because 'i' and 'I' isn't the same letter so strcasecmp() on those letters are different in Turkish than in English (or just about all other languages). I thus introduced a totally new internal function in libcurl (called Curl_ascii_equal) for doing case insentive comparisons for english-(ascii?) style strings that thus will make "file" and "FILE" match even if the Turkish locale is selected. --- lib/cookie.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 982bed063..2886c18a2 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -243,14 +243,14 @@ Curl_cookie_add(struct SessionHandle *data, whatptr++; } - if(strequal("path", name)) { + if(Curl_ascii_equal("path", name)) { co->path=strdup(whatptr); if(!co->path) { badcookie = TRUE; /* out of memory bad */ break; } } - else if(strequal("domain", name)) { + else if(Curl_ascii_equal("domain", name)) { /* note that this name may or may not have a preceeding dot, but we don't care about that, we treat the names the same anyway */ @@ -315,14 +315,14 @@ Curl_cookie_add(struct SessionHandle *data, } } } - else if(strequal("version", name)) { + else if(Curl_ascii_equal("version", name)) { co->version=strdup(whatptr); if(!co->version) { badcookie = TRUE; break; } } - else if(strequal("max-age", name)) { + else if(Curl_ascii_equal("max-age", name)) { /* Defined in RFC2109: Optional. The Max-Age attribute defines the lifetime of the @@ -341,7 +341,7 @@ Curl_cookie_add(struct SessionHandle *data, atoi((*co->maxage=='\"')?&co->maxage[1]:&co->maxage[0]) + (long)now; } - else if(strequal("expires", name)) { + else if(Curl_ascii_equal("expires", name)) { co->expirestr=strdup(whatptr); if(!co->expirestr) { badcookie = TRUE; @@ -371,10 +371,10 @@ Curl_cookie_add(struct SessionHandle *data, else { if(sscanf(ptr, "%" MAX_COOKIE_LINE_TXT "[^;\r\n]", what)) { - if(strequal("secure", what)) { + if(Curl_ascii_equal("secure", what)) { co->secure = TRUE; } - else if (strequal("httponly", what)) { + else if (Curl_ascii_equal("httponly", what)) { co->httponly = TRUE; } /* else, @@ -498,7 +498,7 @@ Curl_cookie_add(struct SessionHandle *data, As far as I can see, it is set to true when the cookie says .domain.com and to false when the domain is complete www.domain.com */ - co->tailmatch=(bool)strequal(ptr, "TRUE"); /* store information */ + co->tailmatch=(bool)Curl_ascii_equal(ptr, "TRUE"); /* store information */ break; case 2: /* It turns out, that sometimes the file format allows the path @@ -518,7 +518,7 @@ Curl_cookie_add(struct SessionHandle *data, fields++; /* add a field and fall down to secure */ /* FALLTHROUGH */ case 3: - co->secure = (bool)strequal(ptr, "TRUE"); + co->secure = (bool)Curl_ascii_equal(ptr, "TRUE"); break; case 4: co->expires = curlx_strtoofft(ptr, NULL, 10); @@ -571,11 +571,11 @@ Curl_cookie_add(struct SessionHandle *data, clist = c->cookies; replace_old = FALSE; while(clist) { - if(strequal(clist->name, co->name)) { + if(Curl_ascii_equal(clist->name, co->name)) { /* the names are identical */ if(clist->domain && co->domain) { - if(strequal(clist->domain, co->domain)) + if(Curl_ascii_equal(clist->domain, co->domain)) /* The domains are identical */ replace_old=TRUE; } @@ -586,7 +586,7 @@ Curl_cookie_add(struct SessionHandle *data, /* the domains were identical */ if(clist->path && co->path) { - if(strequal(clist->path, co->path)) { + if(Curl_ascii_equal(clist->path, co->path)) { replace_old = TRUE; } else @@ -778,7 +778,7 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c, /* now check if the domain is correct */ if(!co->domain || (co->tailmatch && tailmatch(co->domain, host)) || - (!co->tailmatch && strequal(host, co->domain)) ) { + (!co->tailmatch && Curl_ascii_equal(host, co->domain)) ) { /* the right part of the host matches the domain stuff in the cookie data */ -- cgit v1.2.1 From 9d16b4081ed011c11f9876ae2685076e92113593 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 16 Oct 2008 08:23:48 +0000 Subject: Renamed Curl_ascii_equal to Curl_raw_equal and bugfixed the my_toupper function used in strequal.c so now all test cases run fine for me again. --- lib/cookie.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 2886c18a2..f2de8eaf9 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -243,14 +243,14 @@ Curl_cookie_add(struct SessionHandle *data, whatptr++; } - if(Curl_ascii_equal("path", name)) { + if(Curl_raw_equal("path", name)) { co->path=strdup(whatptr); if(!co->path) { badcookie = TRUE; /* out of memory bad */ break; } } - else if(Curl_ascii_equal("domain", name)) { + else if(Curl_raw_equal("domain", name)) { /* note that this name may or may not have a preceeding dot, but we don't care about that, we treat the names the same anyway */ @@ -315,14 +315,14 @@ Curl_cookie_add(struct SessionHandle *data, } } } - else if(Curl_ascii_equal("version", name)) { + else if(Curl_raw_equal("version", name)) { co->version=strdup(whatptr); if(!co->version) { badcookie = TRUE; break; } } - else if(Curl_ascii_equal("max-age", name)) { + else if(Curl_raw_equal("max-age", name)) { /* Defined in RFC2109: Optional. The Max-Age attribute defines the lifetime of the @@ -341,7 +341,7 @@ Curl_cookie_add(struct SessionHandle *data, atoi((*co->maxage=='\"')?&co->maxage[1]:&co->maxage[0]) + (long)now; } - else if(Curl_ascii_equal("expires", name)) { + else if(Curl_raw_equal("expires", name)) { co->expirestr=strdup(whatptr); if(!co->expirestr) { badcookie = TRUE; @@ -371,10 +371,10 @@ Curl_cookie_add(struct SessionHandle *data, else { if(sscanf(ptr, "%" MAX_COOKIE_LINE_TXT "[^;\r\n]", what)) { - if(Curl_ascii_equal("secure", what)) { + if(Curl_raw_equal("secure", what)) { co->secure = TRUE; } - else if (Curl_ascii_equal("httponly", what)) { + else if (Curl_raw_equal("httponly", what)) { co->httponly = TRUE; } /* else, @@ -498,7 +498,7 @@ Curl_cookie_add(struct SessionHandle *data, As far as I can see, it is set to true when the cookie says .domain.com and to false when the domain is complete www.domain.com */ - co->tailmatch=(bool)Curl_ascii_equal(ptr, "TRUE"); /* store information */ + co->tailmatch=(bool)Curl_raw_equal(ptr, "TRUE"); /* store information */ break; case 2: /* It turns out, that sometimes the file format allows the path @@ -518,7 +518,7 @@ Curl_cookie_add(struct SessionHandle *data, fields++; /* add a field and fall down to secure */ /* FALLTHROUGH */ case 3: - co->secure = (bool)Curl_ascii_equal(ptr, "TRUE"); + co->secure = (bool)Curl_raw_equal(ptr, "TRUE"); break; case 4: co->expires = curlx_strtoofft(ptr, NULL, 10); @@ -571,11 +571,11 @@ Curl_cookie_add(struct SessionHandle *data, clist = c->cookies; replace_old = FALSE; while(clist) { - if(Curl_ascii_equal(clist->name, co->name)) { + if(Curl_raw_equal(clist->name, co->name)) { /* the names are identical */ if(clist->domain && co->domain) { - if(Curl_ascii_equal(clist->domain, co->domain)) + if(Curl_raw_equal(clist->domain, co->domain)) /* The domains are identical */ replace_old=TRUE; } @@ -586,7 +586,7 @@ Curl_cookie_add(struct SessionHandle *data, /* the domains were identical */ if(clist->path && co->path) { - if(Curl_ascii_equal(clist->path, co->path)) { + if(Curl_raw_equal(clist->path, co->path)) { replace_old = TRUE; } else @@ -778,7 +778,7 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c, /* now check if the domain is correct */ if(!co->domain || (co->tailmatch && tailmatch(co->domain, host)) || - (!co->tailmatch && Curl_ascii_equal(host, co->domain)) ) { + (!co->tailmatch && Curl_raw_equal(host, co->domain)) ) { /* the right part of the host matches the domain stuff in the cookie data */ -- cgit v1.2.1 From bab5183820dbd2e0ea9ee4f0442844291d05c90e Mon Sep 17 00:00:00 2001 From: Dan Fandrich Date: Thu, 23 Oct 2008 01:20:57 +0000 Subject: Created Curl_raw_nequal() which does a C-locale string case comparison. Changed checkprefix() to use it and those instances of strnequal() that compare host names or other protocol strings that are defined to be independent of case in the C locale. This should fix a few more Turkish locale problems. --- lib/cookie.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index f2de8eaf9..fed4a44f6 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -131,7 +131,7 @@ static bool tailmatch(const char *little, const char *bigone) if(littlelen > biglen) return FALSE; - return (bool)strequal(little, bigone+biglen-littlelen); + return (bool)Curl_raw_equal(little, bigone+biglen-littlelen); } /* -- cgit v1.2.1 From b701ea36a723b2d7700e23ae53e2c3145dfe7bda Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 23 Oct 2008 11:49:19 +0000 Subject: moved the Curl_raw_ functions into the new lib/rawstr.c file for easier curlx_ inclusion by the curl tool without colliding with the curl_strequal functions. --- lib/cookie.c | 1 + 1 file changed, 1 insertion(+) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index fed4a44f6..b117f2f8b 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -96,6 +96,7 @@ Example set of cookies: #include "memory.h" #include "share.h" #include "strtoofft.h" +#include "rawstr.h" /* The last #include file should be: */ #ifdef CURLDEBUG -- cgit v1.2.1 From 58ebde9502cbab9215be7f0d72f08e552b7af876 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 3 Dec 2008 15:08:09 +0000 Subject: - Pawel Kierski pointed out a mistake in the cookie code that could lead to a bad fclose() after a fatal error had occured. (http://curl.haxx.se/bug/view.cgi?id=2382219) --- lib/cookie.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index b117f2f8b..4db1a5621 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -1003,7 +1003,8 @@ int Curl_cookie_output(struct CookieInfo *c, const char *dumphere) format_ptr = get_netscape_format(co); if(format_ptr == NULL) { fprintf(out, "#\n# Fatal libcurl error\n"); - fclose(out); + if(!use_stdout) + fclose(out); return 1; } fprintf(out, "%s\n", format_ptr); -- cgit v1.2.1 From a19e02be5e3fc41aee1ecee73a26d363e186e36e Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 13 Jan 2009 22:21:14 +0000 Subject: - Michael Wallner fixed a NULL pointer deref when calling curl_easy_setup(curl, CURLOPT_COOKIELIST, "SESS") on a CURL handle with no cookies data. --- lib/cookie.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 4db1a5621..4f768f2db 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2008, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2009, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -878,7 +878,7 @@ void Curl_cookie_clearsess(struct CookieInfo *cookies) { struct Cookie *first, *curr, *next, *prev = NULL; - if(!cookies->cookies) + if(!cookies->cookies || !cookies->cookies) return; first = curr = prev = cookies->cookies; -- cgit v1.2.1 From 5e74c58b7309a147d2df7c2dc00c8bb8b90ae27e Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 15 Jan 2009 08:32:58 +0000 Subject: - Tim Ansell fixed a compiler warning in lib/cookie.c --- lib/cookie.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 4f768f2db..bc2f09b22 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -439,7 +439,7 @@ Curl_cookie_add(struct SessionHandle *data, reading the odd netscape cookies-file format here */ char *ptr; char *firstptr; - char *tok_buf; + char *tok_buf=NULL; int fields; /* IE introduced HTTP-only cookies to prevent XSS attacks. Cookies @@ -454,7 +454,6 @@ Curl_cookie_add(struct SessionHandle *data, co->httponly = TRUE; } - if(lineptr[0]=='#') { /* don't even try the comments */ free(co); -- cgit v1.2.1 From 33a3753c3f41d546ebf3350685eb7201d25783f4 Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Tue, 21 Apr 2009 11:46:16 +0000 Subject: libcurl's memory.h renamed to curl_memory.h --- lib/cookie.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index bc2f09b22..6a8813062 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -93,7 +93,7 @@ Example set of cookies: #include "strequal.h" #include "strtok.h" #include "sendf.h" -#include "memory.h" +#include "curl_memory.h" #include "share.h" #include "strtoofft.h" #include "rawstr.h" -- cgit v1.2.1 From 1cf6c15ab43ce41fa99e3776d0c23ed4f66196a8 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 25 May 2009 12:23:22 +0000 Subject: - bug report #2796358 (http://curl.haxx.se/bug/view.cgi?id=2796358) pointed out that the cookie parser would leak memory when it parses cookies that are received with domain, path etc set multiple times in the same header. While such a cookie is questionable, they occur in the wild and libcurl no longer leaks memory for them. I added such a header to test case 8. --- lib/cookie.c | 29 ++++++++++++++++++++++------- 1 file changed, 22 insertions(+), 7 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 6a8813062..241f7ff3f 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -156,6 +156,19 @@ void Curl_cookie_loadfiles(struct SessionHandle *data) } } +/* + * strstore() makes a strdup() on the 'newstr' and if '*str' is non-NULL + * that will be freed before the allocated string is stored there. + * + * It is meant to easily replace strdup() + */ +static void strstore(char **str, const char *newstr) +{ + if(*str) + free(*str); + *str = strdup(newstr); +} + /**************************************************************************** * * Curl_cookie_add() @@ -227,7 +240,9 @@ Curl_cookie_add(struct SessionHandle *data, if(1 <= sscanf(ptr, "%" MAX_NAME_TXT "[^;=]=%" MAX_COOKIE_LINE_TXT "[^;\r\n]", name, what)) { - /* this is a = pair */ + /* this is a = pair. We use strstore() below to properly + deal with received cookie headers that have the same string + property set more than once, and then we use the last one. */ const char *whatptr; @@ -245,7 +260,7 @@ Curl_cookie_add(struct SessionHandle *data, } if(Curl_raw_equal("path", name)) { - co->path=strdup(whatptr); + strstore(&co->path, whatptr); if(!co->path) { badcookie = TRUE; /* out of memory bad */ break; @@ -297,8 +312,8 @@ Curl_cookie_add(struct SessionHandle *data, const char *tailptr=whatptr; if(tailptr[0] == '.') tailptr++; - co->domain=strdup(tailptr); /* don't prefix w/dots - internally */ + strstore(&co->domain, tailptr); /* don't prefix w/dots + internally */ if(!co->domain) { badcookie = TRUE; break; @@ -317,7 +332,7 @@ Curl_cookie_add(struct SessionHandle *data, } } else if(Curl_raw_equal("version", name)) { - co->version=strdup(whatptr); + strstore(&co->version, whatptr); if(!co->version) { badcookie = TRUE; break; @@ -333,7 +348,7 @@ Curl_cookie_add(struct SessionHandle *data, cookie should be discarded immediately. */ - co->maxage = strdup(whatptr); + strstore(&co->maxage, whatptr); if(!co->maxage) { badcookie = TRUE; break; @@ -343,7 +358,7 @@ Curl_cookie_add(struct SessionHandle *data, (long)now; } else if(Curl_raw_equal("expires", name)) { - co->expirestr=strdup(whatptr); + strstore(&co->expirestr, whatptr); if(!co->expirestr) { badcookie = TRUE; break; -- cgit v1.2.1 From 352177090f710fd155d22a79d11f621482c09640 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 10 Jun 2009 21:26:11 +0000 Subject: - Fabian Keil ran clang on the (lib)curl code, found a bunch of warnings and contributed a range of patches to fix them. --- lib/cookie.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 241f7ff3f..32ea705e4 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -405,7 +405,7 @@ Curl_cookie_add(struct SessionHandle *data, } ptr=semiptr+1; - while(ptr && *ptr && ISBLANK(*ptr)) + while(*ptr && ISBLANK(*ptr)) ptr++; semiptr=strchr(ptr, ';'); /* now, find the next semicolon */ -- cgit v1.2.1 From 5931cf77f42c145640ed1b6c344ac790017aac1b Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Mon, 15 Jun 2009 02:29:49 +0000 Subject: DEBUGBUILD / CURLDEBUG decoupling follow-up --- lib/cookie.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 32ea705e4..16b2fdd72 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -99,9 +99,7 @@ Example set of cookies: #include "rawstr.h" /* The last #include file should be: */ -#ifdef CURLDEBUG #include "memdebug.h" -#endif static void freecookie(struct Cookie *co) -- cgit v1.2.1 From 7ff4b4f2b5871900d27f5640f71c41858727fc77 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 10 Sep 2009 21:06:50 +0000 Subject: - Claes Jakobsson fixed a problem with cookie expiry dates at exctly the epoch start second "Thu Jan 1 00:00:00 GMT 1970" as the date parser then returns 0 which internally then is treated as a session cookie. That particular date is now made to get the value of 1. --- lib/cookie.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 16b2fdd72..5188f6b0a 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -365,6 +365,12 @@ Curl_cookie_add(struct SessionHandle *data, get parsed for whatever reason. This will have the effect that the cookie won't match. */ co->expires = curl_getdate(what, &now); + + /* Session cookies have expires set to 0 so if we get that back + from the date parser let's add a second to make it a + non-session cookie */ + if (co->expires == 0) + co->expires = 1; } else if(!co->name) { co->name = strdup(name); -- cgit v1.2.1 From af9ce990f0a418a22f171f89da9bc58f4637e9ee Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Fri, 25 Sep 2009 20:26:44 +0000 Subject: minor whitespace edit --- lib/cookie.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 5188f6b0a..b79d1b07b 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -365,12 +365,12 @@ Curl_cookie_add(struct SessionHandle *data, get parsed for whatever reason. This will have the effect that the cookie won't match. */ co->expires = curl_getdate(what, &now); - + /* Session cookies have expires set to 0 so if we get that back - from the date parser let's add a second to make it a + from the date parser let's add a second to make it a non-session cookie */ if (co->expires == 0) - co->expires = 1; + co->expires = 1; } else if(!co->name) { co->name = strdup(name); -- cgit v1.2.1 From 4f47fc4e14cf6e782bffa8804218acc99828bf42 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Sat, 26 Sep 2009 20:51:51 +0000 Subject: - John P. McCaskey posted a bug report that showed how libcurl did wrong when saving received cookies with no given path, if the path in the request had a query part. That is means a question mark (?) and characters on the right side of that. I wrote test case 1105 and fixed this problem. --- lib/cookie.c | 36 ++++++++++++++++++++++++++++++++---- 1 file changed, 32 insertions(+), 4 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index b79d1b07b..13941857c 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -167,6 +167,24 @@ static void strstore(char **str, const char *newstr) *str = strdup(newstr); } + +/* + * The memrchr() function is like the memchr() function, except that it + * searches backwards from the end of the n bytes pointed to by s instead of + * forwards from the front. + * + * Exists in glibc but is not widely available on other systems. + */ +static void *memrchr(const char *s, int c, size_t n) +{ + while(n--) { + if(s[n] == c) + return &s[n]; + } + return NULL; +} + + /**************************************************************************** * * Curl_cookie_add() @@ -186,8 +204,8 @@ Curl_cookie_add(struct SessionHandle *data, char *lineptr, /* first character of the line */ const char *domain, /* default domain */ const char *path) /* full path used when this cookie is set, - used to get default path for the cookie - unless set */ + used to get default path for the cookie + unless set */ { struct Cookie *clist; char name[MAX_NAME]; @@ -429,8 +447,18 @@ Curl_cookie_add(struct SessionHandle *data, } if(!badcookie && !co->path && path) { - /* no path was given in the header line, set the default */ - char *endslash = strrchr(path, '/'); + /* No path was given in the header line, set the default. + Note that the passed-in path to this function MAY have a '?' and + following part that MUST not be stored as part of the path. */ + char *queryp = strchr(path, '?'); + + /* queryp is where the interesting part of the path ends, so now we + want to the find the last */ + char *endslash; + if(!queryp) + endslash = strrchr(path, '/'); + else + endslash = memrchr(path, '/', queryp - path); if(endslash) { size_t pathlen = endslash-path+1; /* include the ending slash */ co->path=malloc(pathlen+1); /* one extra for the zero byte */ -- cgit v1.2.1 From 7d22ce5573952dec6e3fa724d5e6f071cf8947ff Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Mon, 28 Sep 2009 16:05:20 +0000 Subject: libcurl private function Curl_memrchr() now in curl_memrchr.c and curl_memrchr.h --- lib/cookie.c | 18 +----------------- 1 file changed, 1 insertion(+), 17 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 13941857c..6b19ab166 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -97,6 +97,7 @@ Example set of cookies: #include "share.h" #include "strtoofft.h" #include "rawstr.h" +#include "curl_memrchr.h" /* The last #include file should be: */ #include "memdebug.h" @@ -168,23 +169,6 @@ static void strstore(char **str, const char *newstr) } -/* - * The memrchr() function is like the memchr() function, except that it - * searches backwards from the end of the n bytes pointed to by s instead of - * forwards from the front. - * - * Exists in glibc but is not widely available on other systems. - */ -static void *memrchr(const char *s, int c, size_t n) -{ - while(n--) { - if(s[n] == c) - return &s[n]; - } - return NULL; -} - - /**************************************************************************** * * Curl_cookie_add() -- cgit v1.2.1 From 5b11e3883cfc58c470f0dd241d5efac391bd8e53 Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Mon, 28 Sep 2009 17:01:23 +0000 Subject: fix compiler warning: conversion from "long" to "size_t" may lose sign --- lib/cookie.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 6b19ab166..d121c0b29 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -442,9 +442,9 @@ Curl_cookie_add(struct SessionHandle *data, if(!queryp) endslash = strrchr(path, '/'); else - endslash = memrchr(path, '/', queryp - path); + endslash = memrchr(path, '/', (size_t)(queryp - path)); if(endslash) { - size_t pathlen = endslash-path+1; /* include the ending slash */ + size_t pathlen = (size_t)(endslash-path+1); /* include ending slash */ co->path=malloc(pathlen+1); /* one extra for the zero byte */ if(co->path) { memcpy(co->path, path, pathlen); -- cgit v1.2.1 From 448d2b5f491067f110e96c4a60342d0c34dd7010 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Sun, 25 Oct 2009 18:15:14 +0000 Subject: - Dima Barsky made the curl cookie parser accept cookies even with blank or unparsable expiry dates and then treat them as session cookies - previously libcurl would reject cookies with a date format it couldn't parse. Research shows that the major browser treat such cookies as session cookies. I modified test 8 and 31 to verify this. --- lib/cookie.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index d121c0b29..89f90f1d3 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -363,9 +363,8 @@ Curl_cookie_add(struct SessionHandle *data, badcookie = TRUE; break; } - /* Note that we store -1 in 'expires' here if the date couldn't - get parsed for whatever reason. This will have the effect that - the cookie won't match. */ + /* Note that if the date couldn't get parsed for whatever reason, + the cookie will be treated as a session cookie */ co->expires = curl_getdate(what, &now); /* Session cookies have expires set to 0 so if we get that back @@ -373,6 +372,8 @@ Curl_cookie_add(struct SessionHandle *data, non-session cookie */ if (co->expires == 0) co->expires = 1; + else if( co->expires < 0 ) + co->expires = 0; } else if(!co->name) { co->name = strdup(name); -- cgit v1.2.1 From 59939313f8452a9d817c178425c2ba3b91798ea9 Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Wed, 18 Nov 2009 10:33:54 +0000 Subject: Make usage of calloc()'s arguments consistent with rest of code base --- lib/cookie.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 89f90f1d3..b76394cfa 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -204,7 +204,7 @@ Curl_cookie_add(struct SessionHandle *data, #endif /* First, alloc and init a new struct for it */ - co = calloc(sizeof(struct Cookie), 1); + co = calloc(1, sizeof(struct Cookie)); if(!co) return NULL; /* bail out if we're this low on memory */ -- cgit v1.2.1 From 240fa29e94c63f4b86ac2715b706277415c863b4 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Sat, 19 Dec 2009 19:20:26 +0000 Subject: fixed a precaution check in the cookie code, pointed out by Julien Chaffraix --- lib/cookie.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index b76394cfa..7be8fc3c5 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -909,7 +909,7 @@ void Curl_cookie_clearsess(struct CookieInfo *cookies) { struct Cookie *first, *curr, *next, *prev = NULL; - if(!cookies->cookies || !cookies->cookies) + if(!cookies || !cookies->cookies) return; first = curr = prev = cookies->cookies; -- cgit v1.2.1 From 877dad1e24876030a7dd8738648f0f0245b6331a Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 19 Jan 2010 23:19:59 +0000 Subject: - As was pointed out on the http-state mailing list, the order of cookies in a HTTP Cookie: header _needs_ to be sorted on the path length in the cases where two cookies using the same name are set more than once using (overlapping) paths. Realizing this, identically named cookies must be sorted correctly. But detecting only identically named cookies and take care of them individually is harder than just to blindly and unconditionally sort all cookies based on their path lengths. All major browsers also already do this, so this makes our behavior one step closer to them in the cookie area. Test case 8 was the only one that broke due to this change and I updated it accordingly. --- lib/cookie.c | 48 +++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 47 insertions(+), 1 deletion(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 7be8fc3c5..3a3edd516 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2009, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2010, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -774,6 +774,18 @@ struct CookieInfo *Curl_cookie_init(struct SessionHandle *data, return c; } +/* sort this so that the longest path gets before the shorter path */ +static int cookie_sort(const void *p1, const void *p2) +{ + struct Cookie *c1 = *(struct Cookie **)p1; + struct Cookie *c2 = *(struct Cookie **)p2; + + size_t l1 = c1->path?strlen(c1->path):0; + size_t l2 = c2->path?strlen(c2->path):0; + + return l2 - l1; +} + /***************************************************************************** * * Curl_cookie_getlist() @@ -794,6 +806,7 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c, struct Cookie *co; time_t now = time(NULL); struct Cookie *mainco=NULL; + int matches=0; if(!c || !c->cookies) return NULL; /* no cookie struct or no cookies in the struct */ @@ -834,8 +847,11 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c, /* point the main to us */ mainco = newco; + + matches++; } else { + fail: /* failure, clear up the allocated chain and return NULL */ while(mainco) { co = mainco->next; @@ -851,6 +867,36 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c, co = co->next; } + if(matches) { + /* Now we need to make sure that if there is a name appearing more than + once, the longest specified path version comes first. To make this + the swiftest way, we just sort them all based on path length. */ + struct Cookie **array; + int i; + + /* alloc an array and store all cookie pointers */ + array = (struct Cookie **)malloc(sizeof(struct Cookie *) * matches); + if(!array) + goto fail; + + co = mainco; + + for(i=0; co; co = co->next) + array[i++] = co; + + /* now sort the cookie pointers in path lenth order */ + qsort(array, matches, sizeof(struct Cookie *), cookie_sort); + + /* remake the linked list order according to the new order */ + + mainco = array[0]; /* start here */ + for(i=0; inext = array[i+1]; + array[matches-1]->next = NULL; /* terminate the list */ + + free(array); /* remove the temporary data again */ + } + return mainco; /* return the new list */ } -- cgit v1.2.1 From bbefdf88fdd9c0a2c36966960b360a5a7e9bf764 Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Wed, 27 Jan 2010 03:43:34 +0000 Subject: fix compiler warning --- lib/cookie.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 3a3edd516..e117b0869 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -783,7 +783,7 @@ static int cookie_sort(const void *p1, const void *p2) size_t l1 = c1->path?strlen(c1->path):0; size_t l2 = c2->path?strlen(c2->path):0; - return l2 - l1; + return (int)(l2 - l1); } /***************************************************************************** @@ -806,7 +806,7 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c, struct Cookie *co; time_t now = time(NULL); struct Cookie *mainco=NULL; - int matches=0; + size_t matches = 0; if(!c || !c->cookies) return NULL; /* no cookie struct or no cookies in the struct */ @@ -872,7 +872,7 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c, once, the longest specified path version comes first. To make this the swiftest way, we just sort them all based on path length. */ struct Cookie **array; - int i; + size_t i; /* alloc an array and store all cookie pointers */ array = (struct Cookie **)malloc(sizeof(struct Cookie *) * matches); -- cgit v1.2.1 From d65cf7889b4ce669876f9e05442fd09f6fe40e37 Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Thu, 28 Jan 2010 15:34:18 +0000 Subject: fix printf-style format strings --- lib/cookie.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index e117b0869..ca08d5fb2 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -681,7 +681,8 @@ Curl_cookie_add(struct SessionHandle *data, if(c->running) /* Only show this when NOT reading the cookies from a file */ - infof(data, "%s cookie %s=\"%s\" for domain %s, path %s, expire %d\n", + infof(data, "%s cookie %s=\"%s\" for domain %s, path %s, " + "expire %" FORMAT_OFF_T "\n", replace_old?"Replaced":"Added", co->name, co->value, co->domain, co->path, co->expires); -- cgit v1.2.1 From 87428e07ca17a99fb2409ec39213b7badbe967ea Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Fri, 26 Feb 2010 01:47:21 +0000 Subject: fix compiler warning --- lib/cookie.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index ca08d5fb2..cbf513d05 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -784,7 +784,7 @@ static int cookie_sort(const void *p1, const void *p2) size_t l1 = c1->path?strlen(c1->path):0; size_t l2 = c2->path?strlen(c2->path):0; - return (int)(l2 - l1); + return (l2 > l1) ? 1 : (l2 < l1) ? -1 : 0 ; } /***************************************************************************** -- cgit v1.2.1 From 2309b4e330b96bc2e1f8e36b6184015e59544037 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 24 Mar 2010 11:02:54 +0100 Subject: remove the CVSish $Id$ lines --- lib/cookie.c | 1 - 1 file changed, 1 deletion(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index cbf513d05..21617adce 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -18,7 +18,6 @@ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY * KIND, either express or implied. * - * $Id$ ***************************************************************************/ /*** -- cgit v1.2.1 From 5db0a412ff6972e51ccddaf1e8d6a27c8de4990f Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Sun, 28 Nov 2010 23:11:14 +0100 Subject: atoi: remove atoi usage --- lib/cookie.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 21617adce..c6460a100 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -353,8 +353,8 @@ Curl_cookie_add(struct SessionHandle *data, break; } co->expires = - atoi((*co->maxage=='\"')?&co->maxage[1]:&co->maxage[0]) + - (long)now; + strtol((*co->maxage=='\"')?&co->maxage[1]:&co->maxage[0],NULL,10) + + (long)now; } else if(Curl_raw_equal("expires", name)) { strstore(&co->expirestr, whatptr); -- cgit v1.2.1 From 49465fffdb37b91ee5a0ad2601ea9657e5cd8915 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 23 Dec 2010 22:52:32 +0100 Subject: cookies: tricked dotcounter fixed Providing multiple dots in a series in the domain field (domain=..com) could trick the cookie engine to wrongly accept the cookie believing it to be fine. Since the tailmatching would then match all .com sites, the cookie would then be sent to all of them. The code now requires at least one letter between each dot for them to be counted. Edited test case 61 to verify this. --- lib/cookie.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index c6460a100..d40cbb8f8 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -270,6 +270,7 @@ Curl_cookie_add(struct SessionHandle *data, we don't care about that, we treat the names the same anyway */ const char *domptr=whatptr; + const char *nextptr; int dotcount=1; /* Count the dots, we need to make sure that there are enough @@ -280,12 +281,13 @@ Curl_cookie_add(struct SessionHandle *data, domptr++; do { - domptr = strchr(domptr, '.'); - if(domptr) { - domptr++; - dotcount++; + nextptr = strchr(domptr, '.'); + if(nextptr) { + if(domptr != nextptr) + dotcount++; + domptr = nextptr+1; } - } while(domptr); + } while(nextptr); /* The original Netscape cookie spec defined that this domain name MUST have three dots (or two if one of the seven holy TLDs), -- cgit v1.2.1 From 9d1e914a56e8a4030d8917875eaedaddf5cff97c Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 4 Apr 2011 15:46:42 +0200 Subject: disable cookies: remove ifdefs, move code 1 - make sure to #define macros for cookie functions in the cookie header when cookies are disabled to avoid having to use #ifdefs in code using those functions. 2 - move cookie-specific code to cookie.c and use the functio conditionally as mentioned in (1). net result: 6 #if lines removed, and 9 lines of code less --- lib/cookie.c | 33 ++++++++++++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index d40cbb8f8..4140d94b8 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2010, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2011, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -1134,4 +1134,35 @@ struct curl_slist *Curl_cookie_list(struct SessionHandle *data) return list; } +void Curl_flush_cookies(struct SessionHandle *data, int cleanup) +{ + if(data->set.str[STRING_COOKIEJAR]) { + if(data->change.cookielist) { + /* If there is a list of cookie files to read, do it first so that + we have all the told files read before we write the new jar. + Curl_cookie_loadfiles() LOCKS and UNLOCKS the share itself! */ + Curl_cookie_loadfiles(data); + } + + Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE); + + /* if we have a destination file for all the cookies to get dumped to */ + if(Curl_cookie_output(data->cookies, data->set.str[STRING_COOKIEJAR])) + infof(data, "WARNING: failed to save cookies in %s\n", + data->set.str[STRING_COOKIEJAR]); + } + else { + if(cleanup && data->change.cookielist) + /* since nothing is written, we can just free the list of cookie file + names */ + curl_slist_free_all(data->change.cookielist); /* clean up list */ + Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE); + } + + if(cleanup && (!data->share || (data->cookies != data->share->cookies))) { + Curl_cookie_cleanup(data->cookies); + } + Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE); +} + #endif /* CURL_DISABLE_HTTP || CURL_DISABLE_COOKIES */ -- cgit v1.2.1 From 1702a2c08d3a0ed5945f34e6cd38436611f65164 Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Tue, 19 Apr 2011 15:54:13 +0200 Subject: Fix a couple of spelling errors in lib/ Found with codespell. --- lib/cookie.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 4140d94b8..e81b9e36e 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -266,7 +266,7 @@ Curl_cookie_add(struct SessionHandle *data, } } else if(Curl_raw_equal("domain", name)) { - /* note that this name may or may not have a preceeding dot, but + /* note that this name may or may not have a preceding dot, but we don't care about that, we treat the names the same anyway */ const char *domptr=whatptr; @@ -307,7 +307,7 @@ Curl_cookie_add(struct SessionHandle *data, or the given domain is not valid and thus cannot be set. */ if('.' == whatptr[0]) - whatptr++; /* ignore preceeding dot */ + whatptr++; /* ignore preceding dot */ if(!domain || tailmatch(whatptr, domain)) { const char *tailptr=whatptr; @@ -479,7 +479,7 @@ Curl_cookie_add(struct SessionHandle *data, marked with httpOnly after the domain name are not accessible from javascripts, but since curl does not operate at javascript level, we include them anyway. In Firefox's cookie files, these - lines are preceeded with #HttpOnly_ and then everything is + lines are preceded with #HttpOnly_ and then everything is as usual, so we skip 10 characters of the line.. */ if (strncmp(lineptr, "#HttpOnly_", 10) == 0) { @@ -514,7 +514,7 @@ Curl_cookie_add(struct SessionHandle *data, ptr=strtok_r(NULL, "\t", &tok_buf), fields++) { switch(fields) { case 0: - if(ptr[0]=='.') /* skip preceeding dots */ + if(ptr[0]=='.') /* skip preceding dots */ ptr++; co->domain = strdup(ptr); if(!co->domain) -- cgit v1.2.1 From b903186fa0189ff241d756d25d07fdfe9885ae49 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 20 Apr 2011 15:17:42 +0200 Subject: source cleanup: unify look, style and indent levels By the use of a the new lib/checksrc.pl script that checks that our basic source style rules are followed. --- lib/cookie.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index e81b9e36e..cad34acfd 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -84,7 +84,7 @@ Example set of cookies: #include #include -#define _MPRINTF_REPLACE /* without this on windows OS we get undefined reference to snprintf */ +#define _MPRINTF_REPLACE #include #include "urldata.h" @@ -371,7 +371,7 @@ Curl_cookie_add(struct SessionHandle *data, /* Session cookies have expires set to 0 so if we get that back from the date parser let's add a second to make it a non-session cookie */ - if (co->expires == 0) + if(co->expires == 0) co->expires = 1; else if( co->expires < 0 ) co->expires = 0; @@ -398,7 +398,7 @@ Curl_cookie_add(struct SessionHandle *data, if(Curl_raw_equal("secure", what)) { co->secure = TRUE; } - else if (Curl_raw_equal("httponly", what)) { + else if(Curl_raw_equal("httponly", what)) { co->httponly = TRUE; } /* else, @@ -482,7 +482,7 @@ Curl_cookie_add(struct SessionHandle *data, lines are preceded with #HttpOnly_ and then everything is as usual, so we skip 10 characters of the line.. */ - if (strncmp(lineptr, "#HttpOnly_", 10) == 0) { + if(strncmp(lineptr, "#HttpOnly_", 10) == 0) { lineptr += 10; co->httponly = TRUE; } @@ -531,7 +531,7 @@ Curl_cookie_add(struct SessionHandle *data, As far as I can see, it is set to true when the cookie says .domain.com and to false when the domain is complete www.domain.com */ - co->tailmatch=(bool)Curl_raw_equal(ptr, "TRUE"); /* store information */ + co->tailmatch=(bool)Curl_raw_equal(ptr, "TRUE"); break; case 2: /* It turns out, that sometimes the file format allows the path -- cgit v1.2.1 From 889d1e973fb718a77c5000141d724ce03863af23 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Fri, 22 Apr 2011 23:01:30 +0200 Subject: whitespace cleanup: no space first in conditionals "if(a)" is our style, not "if( a )" --- lib/cookie.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index cad34acfd..7928be7dc 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -373,8 +373,8 @@ Curl_cookie_add(struct SessionHandle *data, non-session cookie */ if(co->expires == 0) co->expires = 1; - else if( co->expires < 0 ) - co->expires = 0; + else if(co->expires < 0) + co->expires = 0; } else if(!co->name) { co->name = strdup(name); @@ -819,8 +819,8 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c, /* only process this cookie if it is not expired or had no expire date AND that if the cookie requires we're secure we must only continue if we are! */ - if( (!co->expires || (co->expires > now)) && - (co->secure?secure:TRUE) ) { + if((!co->expires || (co->expires > now)) && + (co->secure?secure:TRUE)) { /* now check if the domain is correct */ if(!co->domain || -- cgit v1.2.1 From 65a9fa59dcb442a23a8e01cdd1ee86d03f0b6957 Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Thu, 2 Jun 2011 19:42:24 +0200 Subject: Remove unnecessary typecast --- lib/cookie.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 7928be7dc..301beaee7 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -877,7 +877,7 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c, size_t i; /* alloc an array and store all cookie pointers */ - array = (struct Cookie **)malloc(sizeof(struct Cookie *) * matches); + array = malloc(sizeof(struct Cookie *) * matches); if(!array) goto fail; -- cgit v1.2.1 From 9776f3445d96238d8490d1d81c915014517c585b Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Fri, 3 Jun 2011 20:02:07 +0200 Subject: cookie_output: made private --- lib/cookie.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 301beaee7..7657da06e 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -101,7 +101,6 @@ Example set of cookies: /* The last #include file should be: */ #include "memdebug.h" - static void freecookie(struct Cookie *co) { if(co->expirestr) @@ -1040,14 +1039,14 @@ static char *get_netscape_format(const struct Cookie *co) } /* - * Curl_cookie_output() + * cookie_output() * * Writes all internally known cookies to the specified file. Specify * "-" as file name to write to stdout. * * The function returns non-zero on write failure. */ -int Curl_cookie_output(struct CookieInfo *c, const char *dumphere) +static int cookie_output(struct CookieInfo *c, const char *dumphere) { struct Cookie *co; FILE *out; @@ -1147,7 +1146,7 @@ void Curl_flush_cookies(struct SessionHandle *data, int cleanup) Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE); /* if we have a destination file for all the cookies to get dumped to */ - if(Curl_cookie_output(data->cookies, data->set.str[STRING_COOKIEJAR])) + if(cookie_output(data->cookies, data->set.str[STRING_COOKIEJAR])) infof(data, "WARNING: failed to save cookies in %s\n", data->set.str[STRING_COOKIEJAR]); } -- cgit v1.2.1 From f1586cb4775681810afd8e6626e7842d459f3b85 Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Tue, 26 Jul 2011 17:23:27 +0200 Subject: stdio.h, stdlib.h, string.h, stdarg.h and ctype.h inclusion done in setup_once.h --- lib/cookie.c | 3 --- 1 file changed, 3 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 7657da06e..86d264c45 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -81,9 +81,6 @@ Example set of cookies: #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES) -#include -#include - #define _MPRINTF_REPLACE #include -- cgit v1.2.1 From 7c21c1c4f981a947f9f91ff685f898d0306589f7 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 9 Aug 2011 14:02:05 +0200 Subject: cookie parser: handle 'secure=' There are two keywords in cookie headers that don't follow the regular name=value style: secure and httponly. Still we must support that they are written like 'secure=' and then treat them as if they were written 'secure'. Test case 31 was much extended by Rob Ward to test this. Bug: http://curl.haxx.se/bug/view.cgi?id=3349227 Reported by: "gnombat" --- lib/cookie.c | 322 +++++++++++++++++++++++++++++------------------------------ 1 file changed, 161 insertions(+), 161 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 86d264c45..0553efb98 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -206,7 +206,6 @@ Curl_cookie_add(struct SessionHandle *data, if(httpheader) { /* This line was read off a HTTP-header */ const char *ptr; - const char *sep; const char *semiptr; char *what; @@ -223,185 +222,186 @@ Curl_cookie_add(struct SessionHandle *data, ptr = lineptr; do { - /* we have a = pair or a 'secure' word here */ - sep = strchr(ptr, '='); - if(sep && (!semiptr || (semiptr>sep)) ) { - /* - * There is a = sign and if there was a semicolon too, which make sure - * that the semicolon comes _after_ the equal sign. - */ - - name[0]=what[0]=0; /* init the buffers */ - if(1 <= sscanf(ptr, "%" MAX_NAME_TXT "[^;=]=%" - MAX_COOKIE_LINE_TXT "[^;\r\n]", - name, what)) { - /* this is a = pair. We use strstore() below to properly - deal with received cookie headers that have the same string - property set more than once, and then we use the last one. */ - - const char *whatptr; - - /* Strip off trailing whitespace from the 'what' */ - size_t len=strlen(what); - while(len && ISBLANK(what[len-1])) { - what[len-1]=0; - len--; - } + /* we have a = pair or a stand-alone word here */ + name[0]=what[0]=0; /* init the buffers */ + if(1 <= sscanf(ptr, "%" MAX_NAME_TXT "[^;\r\n =]=%" + MAX_COOKIE_LINE_TXT "[^;\r\n]", + name, what)) { + /* Use strstore() below to properly deal with received cookie + headers that have the same string property set more than once, + and then we use the last one. */ + const char *whatptr; + bool done = FALSE; + bool sep; + size_t len=strlen(what); + const char *endofn = &ptr[ strlen(name) ]; + + /* skip trailing spaces in name */ + while(*endofn && ISBLANK(*endofn)) + endofn++; + + /* name ends with a '=' ? */ + sep = *endofn == '='?TRUE:FALSE; + + /* Strip off trailing whitespace from the 'what' */ + while(len && ISBLANK(what[len-1])) { + what[len-1]=0; + len--; + } - /* Skip leading whitespace from the 'what' */ - whatptr=what; - while(*whatptr && ISBLANK(*whatptr)) { - whatptr++; - } + /* Skip leading whitespace from the 'what' */ + whatptr=what; + while(*whatptr && ISBLANK(*whatptr)) + whatptr++; - if(Curl_raw_equal("path", name)) { - strstore(&co->path, whatptr); - if(!co->path) { - badcookie = TRUE; /* out of memory bad */ - break; + if(!len) { + /* this was a "=" with no content, and we must allow + 'secure' and 'httponly' specified this weirdly */ + done = TRUE; + if(Curl_raw_equal("secure", name)) + co->secure = TRUE; + else if(Curl_raw_equal("httponly", name)) + co->httponly = TRUE; + else if(sep) + /* there was a '=' so we're not done parsing this field */ + done = FALSE; + } + if(done) + ; + else if(Curl_raw_equal("path", name)) { + strstore(&co->path, whatptr); + if(!co->path) { + badcookie = TRUE; /* out of memory bad */ + break; + } + } + else if(Curl_raw_equal("domain", name)) { + /* note that this name may or may not have a preceding dot, but + we don't care about that, we treat the names the same anyway */ + + const char *domptr=whatptr; + const char *nextptr; + int dotcount=1; + + /* Count the dots, we need to make sure that there are enough + of them. */ + + if('.' == whatptr[0]) + /* don't count the initial dot, assume it */ + domptr++; + + do { + nextptr = strchr(domptr, '.'); + if(nextptr) { + if(domptr != nextptr) + dotcount++; + domptr = nextptr+1; } + } while(nextptr); + + /* The original Netscape cookie spec defined that this domain name + MUST have three dots (or two if one of the seven holy TLDs), + but it seems that these kinds of cookies are in use "out there" + so we cannot be that strict. I've therefore lowered the check + to not allow less than two dots. */ + + if(dotcount < 2) { + /* Received and skipped a cookie with a domain using too few + dots. */ + badcookie=TRUE; /* mark this as a bad cookie */ + infof(data, "skipped cookie with illegal dotcount domain: %s\n", + whatptr); } - else if(Curl_raw_equal("domain", name)) { - /* note that this name may or may not have a preceding dot, but - we don't care about that, we treat the names the same anyway */ - - const char *domptr=whatptr; - const char *nextptr; - int dotcount=1; - - /* Count the dots, we need to make sure that there are enough - of them. */ + else { + /* Now, we make sure that our host is within the given domain, + or the given domain is not valid and thus cannot be set. */ if('.' == whatptr[0]) - /* don't count the initial dot, assume it */ - domptr++; - - do { - nextptr = strchr(domptr, '.'); - if(nextptr) { - if(domptr != nextptr) - dotcount++; - domptr = nextptr+1; + whatptr++; /* ignore preceding dot */ + + if(!domain || tailmatch(whatptr, domain)) { + const char *tailptr=whatptr; + if(tailptr[0] == '.') + tailptr++; + strstore(&co->domain, tailptr); /* don't prefix w/dots + internally */ + if(!co->domain) { + badcookie = TRUE; + break; } - } while(nextptr); - - /* The original Netscape cookie spec defined that this domain name - MUST have three dots (or two if one of the seven holy TLDs), - but it seems that these kinds of cookies are in use "out there" - so we cannot be that strict. I've therefore lowered the check - to not allow less than two dots. */ - - if(dotcount < 2) { - /* Received and skipped a cookie with a domain using too few - dots. */ - badcookie=TRUE; /* mark this as a bad cookie */ - infof(data, "skipped cookie with illegal dotcount domain: %s\n", - whatptr); + co->tailmatch=TRUE; /* we always do that if the domain name was + given */ } else { - /* Now, we make sure that our host is within the given domain, - or the given domain is not valid and thus cannot be set. */ - - if('.' == whatptr[0]) - whatptr++; /* ignore preceding dot */ - - if(!domain || tailmatch(whatptr, domain)) { - const char *tailptr=whatptr; - if(tailptr[0] == '.') - tailptr++; - strstore(&co->domain, tailptr); /* don't prefix w/dots - internally */ - if(!co->domain) { - badcookie = TRUE; - break; - } - co->tailmatch=TRUE; /* we always do that if the domain name was - given */ - } - else { - /* we did not get a tailmatch and then the attempted set domain - is not a domain to which the current host belongs. Mark as - bad. */ - badcookie=TRUE; - infof(data, "skipped cookie with bad tailmatch domain: %s\n", - whatptr); - } - } - } - else if(Curl_raw_equal("version", name)) { - strstore(&co->version, whatptr); - if(!co->version) { - badcookie = TRUE; - break; + /* we did not get a tailmatch and then the attempted set domain + is not a domain to which the current host belongs. Mark as + bad. */ + badcookie=TRUE; + infof(data, "skipped cookie with bad tailmatch domain: %s\n", + whatptr); } } - else if(Curl_raw_equal("max-age", name)) { - /* Defined in RFC2109: - - Optional. The Max-Age attribute defines the lifetime of the - cookie, in seconds. The delta-seconds value is a decimal non- - negative integer. After delta-seconds seconds elapse, the - client should discard the cookie. A value of zero means the - cookie should be discarded immediately. - - */ - strstore(&co->maxage, whatptr); - if(!co->maxage) { - badcookie = TRUE; - break; - } - co->expires = - strtol((*co->maxage=='\"')?&co->maxage[1]:&co->maxage[0],NULL,10) - + (long)now; + } + else if(Curl_raw_equal("version", name)) { + strstore(&co->version, whatptr); + if(!co->version) { + badcookie = TRUE; + break; } - else if(Curl_raw_equal("expires", name)) { - strstore(&co->expirestr, whatptr); - if(!co->expirestr) { - badcookie = TRUE; - break; - } - /* Note that if the date couldn't get parsed for whatever reason, - the cookie will be treated as a session cookie */ - co->expires = curl_getdate(what, &now); - - /* Session cookies have expires set to 0 so if we get that back - from the date parser let's add a second to make it a - non-session cookie */ - if(co->expires == 0) - co->expires = 1; - else if(co->expires < 0) - co->expires = 0; + } + else if(Curl_raw_equal("max-age", name)) { + /* Defined in RFC2109: + + Optional. The Max-Age attribute defines the lifetime of the + cookie, in seconds. The delta-seconds value is a decimal non- + negative integer. After delta-seconds seconds elapse, the + client should discard the cookie. A value of zero means the + cookie should be discarded immediately. + + */ + strstore(&co->maxage, whatptr); + if(!co->maxage) { + badcookie = TRUE; + break; } - else if(!co->name) { - co->name = strdup(name); - co->value = strdup(whatptr); - if(!co->name || !co->value) { - badcookie = TRUE; - break; - } + co->expires = + strtol((*co->maxage=='\"')?&co->maxage[1]:&co->maxage[0],NULL,10) + + (long)now; + } + else if(Curl_raw_equal("expires", name)) { + strstore(&co->expirestr, whatptr); + if(!co->expirestr) { + badcookie = TRUE; + break; } - /* - else this is the second (or more) name we don't know - about! */ + /* Note that if the date couldn't get parsed for whatever reason, + the cookie will be treated as a session cookie */ + co->expires = curl_getdate(what, &now); + + /* Session cookies have expires set to 0 so if we get that back + from the date parser let's add a second to make it a + non-session cookie */ + if(co->expires == 0) + co->expires = 1; + else if(co->expires < 0) + co->expires = 0; } - else { - /* this is an "illegal" = pair */ + else if(!co->name) { + co->name = strdup(name); + co->value = strdup(whatptr); + if(!co->name || !co->value) { + badcookie = TRUE; + break; + } } + /* + else this is the second (or more) name we don't know + about! */ } else { - if(sscanf(ptr, "%" MAX_COOKIE_LINE_TXT "[^;\r\n]", - what)) { - if(Curl_raw_equal("secure", what)) { - co->secure = TRUE; - } - else if(Curl_raw_equal("httponly", what)) { - co->httponly = TRUE; - } - /* else, - unsupported keyword without assign! */ - - } + /* this is an "illegal" = pair */ } + if(!semiptr || !*semiptr) { /* we already know there are no more cookies */ semiptr = NULL; -- cgit v1.2.1 From a50210710ab6fd772e2762ed36602c15adfb49e1 Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Mon, 5 Sep 2011 20:46:09 +0200 Subject: fix bool variables checking and assignment --- lib/cookie.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 0553efb98..52a2ccb05 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -126,7 +126,7 @@ static bool tailmatch(const char *little, const char *bigone) if(littlelen > biglen) return FALSE; - return (bool)Curl_raw_equal(little, bigone+biglen-littlelen); + return Curl_raw_equal(little, bigone+biglen-littlelen) ? TRUE : FALSE; } /* @@ -241,7 +241,7 @@ Curl_cookie_add(struct SessionHandle *data, endofn++; /* name ends with a '=' ? */ - sep = *endofn == '='?TRUE:FALSE; + sep = (*endofn == '=')?TRUE:FALSE; /* Strip off trailing whitespace from the 'what' */ while(len && ISBLANK(what[len-1])) { @@ -527,7 +527,7 @@ Curl_cookie_add(struct SessionHandle *data, As far as I can see, it is set to true when the cookie says .domain.com and to false when the domain is complete www.domain.com */ - co->tailmatch=(bool)Curl_raw_equal(ptr, "TRUE"); + co->tailmatch = Curl_raw_equal(ptr, "TRUE")?TRUE:FALSE; break; case 2: /* It turns out, that sometimes the file format allows the path @@ -547,7 +547,7 @@ Curl_cookie_add(struct SessionHandle *data, fields++; /* add a field and fall down to secure */ /* FALLTHROUGH */ case 3: - co->secure = (bool)Curl_raw_equal(ptr, "TRUE"); + co->secure = Curl_raw_equal(ptr, "TRUE")?TRUE:FALSE; break; case 4: co->expires = curlx_strtoofft(ptr, NULL, 10); -- cgit v1.2.1 From 17f48fe87979f159e2d8769d678641c60f4c0eed Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Fri, 7 Oct 2011 20:50:57 +0200 Subject: libcurl: some OOM handling fixes --- lib/cookie.c | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 52a2ccb05..fc684ca1b 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -1107,23 +1107,20 @@ struct curl_slist *Curl_cookie_list(struct SessionHandle *data) c = data->cookies->cookies; - beg = list; while(c) { /* fill the list with _all_ the cookies we know */ line = get_netscape_format(c); - if(line == NULL) { - curl_slist_free_all(beg); + if(!line) { + curl_slist_free_all(list); return NULL; } - list = curl_slist_append(list, line); + beg = curl_slist_append(list, line); free(line); - if(list == NULL) { - curl_slist_free_all(beg); + if(!beg) { + curl_slist_free_all(list); return NULL; } - else if(beg == NULL) { - beg = list; - } + list = beg; c = c->next; } @@ -1148,10 +1145,12 @@ void Curl_flush_cookies(struct SessionHandle *data, int cleanup) data->set.str[STRING_COOKIEJAR]); } else { - if(cleanup && data->change.cookielist) + if(cleanup && data->change.cookielist) { /* since nothing is written, we can just free the list of cookie file names */ curl_slist_free_all(data->change.cookielist); /* clean up list */ + data->change.cookielist = NULL; + } Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE); } -- cgit v1.2.1 From 584dc8b8af862f7f47a3a9f02f874ac0bd0076be Mon Sep 17 00:00:00 2001 From: Yang Tse Date: Tue, 11 Oct 2011 19:41:30 +0200 Subject: OOM handling/cleanup slight adjustments --- lib/cookie.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index fc684ca1b..41ccdbe34 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -144,9 +144,9 @@ void Curl_cookie_loadfiles(struct SessionHandle *data) data->set.cookiesession); list = list->next; } - Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE); curl_slist_free_all(data->change.cookielist); /* clean up list */ data->change.cookielist = NULL; /* don't do this again! */ + Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE); } } -- cgit v1.2.1 From c75ece44423b0eb4f0fdac13c6760d17c4200ade Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 3 Jul 2012 11:27:45 +0200 Subject: cookies: change the URL in the cookie jar file header --- lib/cookie.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 41ccdbe34..9eaf5657f 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2011, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2012, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -1069,7 +1069,7 @@ static int cookie_output(struct CookieInfo *c, const char *dumphere) char *format_ptr; fputs("# Netscape HTTP Cookie File\n" - "# http://curl.haxx.se/rfc/cookie_spec.html\n" + "# http://curl.haxx.se/docs/http-cookies.html\n" "# This file was generated by libcurl! Edit at your own risk.\n\n", out); co = c->cookies; -- cgit v1.2.1 From 904346bf88d7970b941b80a5438934da333570dd Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 9 Jul 2012 15:25:34 +0200 Subject: cookie: fixed typo in comment --- lib/cookie.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/cookie.c') diff --git a/lib/cookie.c b/lib/cookie.c index 9eaf5657f..644b33a25 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -882,7 +882,7 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c, for(i=0; co; co = co->next) array[i++] = co; - /* now sort the cookie pointers in path lenth order */ + /* now sort the cookie pointers in path length order */ qsort(array, matches, sizeof(struct Cookie *), cookie_sort); /* remake the linked list order according to the new order */ -- cgit v1.2.1