Commit 1b55d270 authored by Patrick Monnerat's avatar Patrick Monnerat
Browse files

cookies: do not take cookie name as a parameter 

RFC 6265 section 4.2.1 does not set restrictions on cookie names.
This is a follow-up to commit 7f7fcd0d.
Also explicitly check proper syntax of cookie name/value pair.

New test 1155 checks that cookie names are not reserved words.

Reported-By: anshnd at github
Fixes #2564
Closes #2566
parent 9cacc246

lib/cookie.c

+7 −1
Original line number Diff line number Diff line
@@ -528,10 +528,16 @@ Curl_cookie_add(struct Curl_easy *data, 
        while(*whatptr && ISBLANK(*whatptr))

          whatptr++;



        if(!co->name && sep) {

        if(!co->name) {

          /* The very first name/value pair is the actual cookie name */

          if(!sep) {

            /* Bad name/value pair. */

            badcookie = TRUE;

            break;

          }

          co->name = strdup(name);

          co->value = strdup(whatptr);

          done = TRUE;

          if(!co->name || !co->value) {

            badcookie = TRUE;

            break;

tests/data/Makefile.inc

+1 −1
Original line number Diff line number Diff line
@@ -127,7 +127,7 @@ test1120 test1121 test1122 test1123 test1124 test1125 test1126 test1127 \ 
test1128 test1129 test1130 test1131 test1132 test1133 test1134 test1135 \

test1136 test1137 test1138 test1139 test1140 test1141 test1142 test1143 \

test1144 test1145 test1146 test1147 test1148 test1149 test1150 test1151 \

test1152 test1153 test1154 \

test1152 test1153 test1154 test1155 \

\

test1160 test1161 test1162 test1163 test1164 \

test1170 test1171 \

tests/data/test1155

0 → 100644
+54 −0
Original line number Diff line number Diff line 
<testcase>

<info>

<keywords>

HTTP

HTTP GET

cookies

</keywords>

</info>



# Server-side

<reply>



<data>

HTTP/1.1 200 OK

Date: Thu, 09 Nov 2010 14:49:00 GMT

Content-Length: 0

Set-Cookie: domain=value;secure;path=/



</data>

</reply>



# Client-side

<client>

<server>

http

</server>

 <name>

HTTP cookie with parameter word as name

 </name>

 <command>

http://%HOSTIP:%HTTPPORT/1155 -c log/cookies1155.txt

</command>

</client>



# Verify data after the test has been "shot"

<verify>

<strip>

^User-Agent:.*

</strip>

<protocol>

GET /1155 HTTP/1.1

Host: %HOSTIP:%HTTPPORT

Accept: */*



</protocol>

<file name="log/cookies1155.txt">

# Netscape HTTP Cookie File

# https://curl.haxx.se/docs/http-cookies.html

# This file was generated by libcurl! Edit at your own risk.



127.0.0.1	FALSE	/	TRUE	0	domain	value

</file>

</verify>

</testcase>