From 28611704d991dcc0358705937af83d291b7e1f30 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Sat, 8 Jul 2006 18:52:08 +0000 Subject: [PATCH] Ates Goral pointed out that libcurl's cookie parser did case insensitive string comparisons on the path which is incorrect and provided a patch that fixes this. I edited test case 8 to include details that test for this. --- CHANGES | 4 ++++ RELEASE-NOTES | 5 +++-- lib/cookie.c | 4 +++- tests/data/test8 | 4 +++- 4 files changed, 13 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index 574d513..a50f785 100644 --- a/CHANGES +++ b/CHANGES @@ -7,6 +7,10 @@ Changelog Daniel (8 July 2006) +- Ates Goral pointed out that libcurl's cookie parser did case insensitive + string comparisons on the path which is incorrect and provided a patch that + fixes this. I edited test case 8 to include details that test for this. + - Ingmar Runge provided a source snippet that caused a crash. The reason for the crash was that libcurl internally was a bit confused about who owned the DNS cache at all times so if you created an easy handle that uses a shared diff --git a/RELEASE-NOTES b/RELEASE-NOTES index d8c66cd..303ea8b 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -18,6 +18,7 @@ This release includes the following changes: This release includes the following bugfixes: + o cookie parser now compares paths case sensitive o an easy handle with shared DNS cache added to a multi handle caused a crash o couldn't override the Proxy-Connection: header for non-CONNECT requests o curl_multi_fdset() could wrongly return -1 as max_fd value @@ -25,7 +26,7 @@ This release includes the following bugfixes: Other curl-related news: o yassl 1.3.7 can now be used with libcurl as an optional TLS library for - HTTPS/FTPS support + HTTPS/FTPS support: http://www.yassl.com/ o cURLpp 0.6.0 was released: http://rrette.com/curlpp.html o pycurl-7.15.4 was released: http://pycurl.sf.net @@ -37,6 +38,6 @@ This release would not have looked like this without help, code, reports and advice from friends like these: Dan Fandrich, Peter Silva, Arve Knudsen, Michael Wallner, Toshiyuki Maezawa, - Ingmar Runge + Ingmar Runge, Ates Goral Thanks! (and sorry if I forgot to mention someone) diff --git a/lib/cookie.c b/lib/cookie.c index d934868..00f7b0f 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -760,7 +760,9 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c, /* now check the left part of the path with the cookies path requirement */ if(!co->path || - checkprefix(co->path, path) ) { + /* not using checkprefix() because matching should be + case-sensitive */ + !strncmp(co->path, path, strlen(co->path)) ) { /* and now, we know this is a match and we should create an entry for the return-linked-list */ diff --git a/tests/data/test8 b/tests/data/test8 index 683899a..50c5d4f 100644 --- a/tests/data/test8 +++ b/tests/data/test8 @@ -37,6 +37,8 @@ Funny-head: yesyes Set-Cookie: foobar=name; domain=127.0.0.1; path=/; Set-Cookie: mismatch=this; domain=127.0.0.1; path="/silly/"; Set-Cookie: partmatch=present; domain=.0.0.1; path=/; +Set-Cookie: cookie=yes; path=/we; +Set-Cookie: nocookie=yes; path=/WE; @@ -50,7 +52,7 @@ Set-Cookie: partmatch=present; domain=.0.0.1; path=/; GET /we/want/8 HTTP/1.1 Host: 127.0.0.1:%HTTPPORT Accept: */* -Cookie: partmatch=present; foobar=name +Cookie: cookie=yes; partmatch=present; foobar=name -- 2.7.4