* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
RECEIVING COOKIE INFORMATION
============================
-struct CookieInfo *Curl_cookie_init(struct SessionHandle *data,
+struct CookieInfo *Curl_cookie_init(struct Curl_easy *data,
const char *file, struct CookieInfo *inc, bool newsession);
Inits a cookie struct to store data in a local file. This is always
called before any cookies are set.
-struct Cookie *Curl_cookie_add(struct SessionHandle *data,
+struct Cookie *Curl_cookie_add(struct Curl_easy *data,
struct CookieInfo *c, bool httpheader, char *lineptr,
const char *domain, const char *path);
#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES)
-#define _MPRINTF_REPLACE
-#include <curl/mprintf.h>
+#ifdef USE_LIBPSL
+# include <libpsl.h>
+#endif
#include "urldata.h"
#include "cookie.h"
#include "strtok.h"
#include "sendf.h"
#include "slist.h"
-#include "curl_memory.h"
#include "share.h"
#include "strtoofft.h"
#include "rawstr.h"
#include "curl_memrchr.h"
#include "inet_pton.h"
-/* The last #include file should be: */
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
+#include "curl_memory.h"
#include "memdebug.h"
static void freecookie(struct Cookie *co)
{
- if(co->expirestr)
- free(co->expirestr);
- if(co->domain)
- free(co->domain);
- if(co->path)
- free(co->path);
- if(co->spath)
- free(co->spath);
- if(co->name)
- free(co->name);
- if(co->value)
- free(co->value);
- if(co->maxage)
- free(co->maxage);
- if(co->version)
- free(co->version);
-
+ free(co->expirestr);
+ free(co->domain);
+ free(co->path);
+ free(co->spath);
+ free(co->name);
+ free(co->value);
+ free(co->maxage);
+ free(co->version);
free(co);
}
return NULL;
/* some stupid site sends path attribute with '"'. */
+ len = strlen(new_path);
if(new_path[0] == '\"') {
- memmove((void *)new_path, (const void *)(new_path + 1), strlen(new_path));
+ memmove((void *)new_path, (const void *)(new_path + 1), len);
+ len--;
}
- if(new_path[strlen(new_path) - 1] == '\"') {
- new_path[strlen(new_path) - 1] = 0x0;
+ if(len && (new_path[len - 1] == '\"')) {
+ new_path[len - 1] = 0x0;
+ len--;
}
/* RFC6265 5.2.4 The Path Attribute */
}
/* convert /hoge/ to /hoge */
- len = strlen(new_path);
- if(1 < len && new_path[len - 1] == '/') {
+ if(len && new_path[len - 1] == '/') {
new_path[len - 1] = 0x0;
}
*
* NOTE: OOM or cookie parsing failures are ignored.
*/
-void Curl_cookie_loadfiles(struct SessionHandle *data)
+void Curl_cookie_loadfiles(struct Curl_easy *data)
{
struct curl_slist *list = data->change.cookielist;
if(list) {
*/
static void strstore(char **str, const char *newstr)
{
- if(*str)
- free(*str);
+ free(*str);
*str = strdup(newstr);
}
pv = NULL;
while(co) {
nx = co->next;
- if((co->expirestr || co->maxage) && co->expires < now) {
+ if(co->expires && co->expires < now) {
if(co == cookies->cookies) {
cookies->cookies = co->next;
}
***************************************************************************/
struct Cookie *
-Curl_cookie_add(struct SessionHandle *data,
+Curl_cookie_add(struct Curl_easy *data,
/* The 'data' pointer here may be NULL at times, and thus
must only be used very carefully for things that can deal
with data being NULL. Such as infof() and similar */
bool replace_old = FALSE;
bool badcookie = FALSE; /* cookies are good by default. mmmmm yummy */
+#ifdef USE_LIBPSL
+ const psl_ctx_t *psl;
+#endif
+
#ifdef CURL_DISABLE_VERBOSE_STRINGS
(void)data;
#endif
do {
/* we have a <what>=<this> pair or a stand-alone word here */
name[0]=what[0]=0; /* init the buffers */
- if(1 <= sscanf(ptr, "%" MAX_NAME_TXT "[^;\r\n =]=%"
+ if(1 <= sscanf(ptr, "%" MAX_NAME_TXT "[^;\r\n=] =%"
MAX_COOKIE_LINE_TXT "[^;\r\n]",
name, what)) {
/* Use strstore() below to properly deal with received cookie
bool done = FALSE;
bool sep;
size_t len=strlen(what);
- const char *endofn = &ptr[ strlen(name) ];
-
- /* skip trailing spaces in name */
- while(*endofn && ISBLANK(*endofn))
- endofn++;
+ size_t nlen = strlen(name);
+ const char *endofn = &ptr[ nlen ];
/* name ends with a '=' ? */
sep = (*endofn == '=')?TRUE:FALSE;
+ if(nlen) {
+ endofn--; /* move to the last character */
+ if(ISBLANK(*endofn)) {
+ /* skip trailing spaces in name */
+ while(*endofn && ISBLANK(*endofn) && nlen) {
+ endofn--;
+ nlen--;
+ }
+ name[nlen]=0; /* new end of name */
+ }
+ }
+
/* Strip off trailing whitespace from the 'what' */
while(len && ISBLANK(what[len-1])) {
what[len-1]=0;
while(*whatptr && ISBLANK(*whatptr))
whatptr++;
- if(!len) {
+ if(!co->name && sep) {
+ /* The very first name/value pair is the actual cookie name */
+ co->name = strdup(name);
+ co->value = strdup(whatptr);
+ if(!co->name || !co->value) {
+ badcookie = TRUE;
+ break;
+ }
+ }
+ else if(!len) {
/* this was a "<name>=" with no content, and we must allow
'secure' and 'httponly' specified this weirdly */
done = TRUE;
break;
}
}
- else if(!co->name) {
- co->name = strdup(name);
- co->value = strdup(whatptr);
- if(!co->name || !co->value) {
- badcookie = TRUE;
- break;
- }
- }
/*
else this is the second (or more) name we don't know
about! */
/* at first, remove expired cookies */
remove_expired(c);
+#ifdef USE_LIBPSL
+ /* Check if the domain is a Public Suffix and if yes, ignore the cookie.
+ This needs a libpsl compiled with builtin data. */
+ if(domain && co->domain && !isip(co->domain)) {
+ if(((psl = psl_builtin()) != NULL)
+ && !psl_is_cookie_domain_acceptable(psl, domain, co->domain)) {
+ infof(data,
+ "cookie '%s' dropped, domain '%s' must not set cookies for '%s'\n",
+ co->name, domain, co->domain);
+ freecookie(co);
+ return NULL;
+ }
+ }
+#endif
+
clist = c->cookies;
replace_old = FALSE;
while(clist) {
/* then free all the old pointers */
free(clist->name);
- if(clist->value)
- free(clist->value);
- if(clist->domain)
- free(clist->domain);
- if(clist->path)
- free(clist->path);
- if(clist->spath)
- free(clist->spath);
- if(clist->expirestr)
- free(clist->expirestr);
-
- if(clist->version)
- free(clist->version);
- if(clist->maxage)
- free(clist->maxage);
+ free(clist->value);
+ free(clist->domain);
+ free(clist->path);
+ free(clist->spath);
+ free(clist->expirestr);
+ free(clist->version);
+ free(clist->maxage);
*clist = *co; /* then store all the new data */
*
* Returns NULL on out of memory. Invalid cookies are ignored.
****************************************************************************/
-struct CookieInfo *Curl_cookie_init(struct SessionHandle *data,
+struct CookieInfo *Curl_cookie_init(struct Curl_easy *data,
const char *file,
struct CookieInfo *inc,
bool newsession)
fp = NULL;
}
else
- fp = file?fopen(file, "r"):NULL;
+ fp = file?fopen(file, FOPEN_READTEXT):NULL;
c->newsession = newsession; /* new session? */
return c;
fail:
- Curl_safefree(line);
+ free(line);
if(!inc)
/* Only clean up if we allocated it here, as the original could still be in
* use by a share handle */
void Curl_cookie_cleanup(struct CookieInfo *c)
{
if(c) {
- if(c->filename)
- free(c->filename);
+ free(c->filename);
Curl_cookie_freelist(c->cookies, TRUE);
free(c); /* free the base struct as well */
}
struct Cookie *co;
FILE *out;
bool use_stdout=FALSE;
+ char *format_ptr;
if((NULL == c) || (0 == c->numcookies))
/* If there are no known cookies, we don't write or even create any
use_stdout=TRUE;
}
else {
- out = fopen(dumphere, "w");
+ out = fopen(dumphere, FOPEN_WRITETEXT);
if(!out)
return 1; /* failure */
}
- if(c) {
- char *format_ptr;
-
- fputs("# Netscape HTTP Cookie File\n"
- "# http://curl.haxx.se/docs/http-cookies.html\n"
- "# This file was generated by libcurl! Edit at your own risk.\n\n",
- out);
- co = c->cookies;
-
- while(co) {
- format_ptr = get_netscape_format(co);
- if(format_ptr == NULL) {
- fprintf(out, "#\n# Fatal libcurl error\n");
- if(!use_stdout)
- fclose(out);
- return 1;
- }
- fprintf(out, "%s\n", format_ptr);
- free(format_ptr);
- co=co->next;
+ fputs("# Netscape HTTP Cookie File\n"
+ "# https://curl.haxx.se/docs/http-cookies.html\n"
+ "# This file was generated by libcurl! Edit at your own risk.\n\n",
+ out);
+
+ for(co = c->cookies; co; co = co->next) {
+ if(!co->domain)
+ continue;
+ format_ptr = get_netscape_format(co);
+ if(format_ptr == NULL) {
+ fprintf(out, "#\n# Fatal libcurl error\n");
+ if(!use_stdout)
+ fclose(out);
+ return 1;
}
+ fprintf(out, "%s\n", format_ptr);
+ free(format_ptr);
}
if(!use_stdout)
return 0;
}
-struct curl_slist *Curl_cookie_list(struct SessionHandle *data)
+struct curl_slist *Curl_cookie_list(struct Curl_easy *data)
{
struct curl_slist *list = NULL;
struct curl_slist *beg;
(data->cookies->numcookies == 0))
return NULL;
- c = data->cookies->cookies;
-
- while(c) {
- /* fill the list with _all_ the cookies we know */
+ for(c = data->cookies->cookies; c; c = c->next) {
+ if(!c->domain)
+ continue;
line = get_netscape_format(c);
if(!line) {
curl_slist_free_all(list);
return NULL;
}
list = beg;
- c = c->next;
}
return list;
}
-void Curl_flush_cookies(struct SessionHandle *data, int cleanup)
+void Curl_flush_cookies(struct Curl_easy *data, int cleanup)
{
if(data->set.str[STRING_COOKIEJAR]) {
if(data->change.cookielist) {