Changelog
+Daniel Stenberg (25 Oct 2009)
+- Dima Barsky made the curl cookie parser accept cookies even with blank or
+ unparsable expiry dates and then treat them as session cookies - previously
+ libcurl would reject cookies with a date format it couldn't parse. Research
+ shows that the major browser treat such cookies as session cookies. I
+ modified test 8 and 31 to verify this.
+
Daniel Stenberg (21 Oct 2009)
- Attempt to use pkg-config for finding out libssh2 installation details
during configure.
o GSS negotiate infinite loop on bad credentials
o memory leak in SCP/SFTP connections
o use pkg-config to find out libssh2 installation details in configure
+ o unparsable cookie expire dates make cookies get treated as session coookies
This release includes the following known bugs:
Michal Marek, Eric Wong, Guenter Knauf, Peter Sylvester, Daniel Johnson,
Claes Jakobsson, Sven Anders, Chris Mumford, John P. McCaskey,
Constantine Sapuntzakis, Michael Stillwell, Tom Mueller, Dan Fandrich,
- Kevin Baughman, John Dennis, Ray Dassen, Johan van Selst
+ Kevin Baughman, John Dennis, Ray Dassen, Johan van Selst, Dima Barsky
Thanks! (and sorry if I forgot to mention someone)
badcookie = TRUE;
break;
}
- /* Note that we store -1 in 'expires' here if the date couldn't
- get parsed for whatever reason. This will have the effect that
- the cookie won't match. */
+ /* Note that if the date couldn't get parsed for whatever reason,
+ the cookie will be treated as a session cookie */
co->expires = curl_getdate(what, &now);
/* Session cookies have expires set to 0 so if we get that back
non-session cookie */
if (co->expires == 0)
co->expires = 1;
+ else if( co->expires < 0 )
+ co->expires = 0;
}
else if(!co->name) {
co->name = strdup(name);
Set-Cookie: test=yes; domain=foo.com; expires=Sat Feb 2 11:56:27 GMT 2030\r
Set-Cookie: test2=yes; domain=se; expires=Sat Feb 2 11:56:27 GMT 2030\r
Set-Cookie: magic=yessir; path=/silly/; HttpOnly\r
+Set-Cookie: blexp=yesyes; domain=.0.0.1; domain=.0.0.1; expiry=totally bad;
\r
boo
</data>
.127.0.0.1 TRUE / FALSE 0 partmatch present
127.0.0.1 FALSE /we/want/ FALSE 2054030187 nodomain value
#HttpOnly_127.0.0.1 FALSE /silly/ FALSE 0 magic yessir
+.0.0.1 TRUE /we/want/ FALSE 0 blexp yesyes
</file>
</verify>
</testcase>
Set-Cookie: duplicate=test; domain=.0.0.1; domain=.0.0.1; path=/donkey;
Set-Cookie: cookie=yes; path=/we;
Set-Cookie: nocookie=yes; path=/WE;
+Set-Cookie: blexp=yesyes; domain=.0.0.1; domain=.0.0.1; expiry=totally bad;
</file>
</client>
GET /we/want/8 HTTP/1.1\r
Host: %HOSTIP:%HTTPPORT\r
Accept: */*\r
-Cookie: cookie=yes; partmatch=present; foobar=name\r
+Cookie: blexp=yesyes; cookie=yes; partmatch=present; foobar=name\r
\r
</protocol>
</verify>
projects / platform / upstream / curl.git / commitdiff