Ates Goral pointed out that libcurl's cookie parser did case insensitive (28611704) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP curl

CHANGES

+4 −0

Original line number	Diff line number	Diff line
		@@ -7,6 +7,10 @@
		Changelog

		Daniel (8 July 2006)
		- Ates Goral pointed out that libcurl's cookie parser did case insensitive
		string comparisons on the path which is incorrect and provided a patch that
		fixes this. I edited test case 8 to include details that test for this.

		- Ingmar Runge provided a source snippet that caused a crash. The reason for
		the crash was that libcurl internally was a bit confused about who owned the
		DNS cache at all times so if you created an easy handle that uses a shared

+3 −2

Original line number	Diff line number	Diff line
		@@ -18,6 +18,7 @@ This release includes the following changes:

		This release includes the following bugfixes:

		o cookie parser now compares paths case sensitive
		o an easy handle with shared DNS cache added to a multi handle caused a crash
		o couldn't override the Proxy-Connection: header for non-CONNECT requests
		o curl_multi_fdset() could wrongly return -1 as max_fd value
		@@ -25,7 +26,7 @@ This release includes the following bugfixes:
		Other curl-related news:

		o yassl 1.3.7 can now be used with libcurl as an optional TLS library for
		HTTPS/FTPS support
		HTTPS/FTPS support: http://www.yassl.com/
		o cURLpp 0.6.0 was released: http://rrette.com/curlpp.html
		o pycurl-7.15.4 was released: http://pycurl.sf.net

		@@ -37,6 +38,6 @@ This release would not have looked like this without help, code, reports and
		advice from friends like these:

		Dan Fandrich, Peter Silva, Arve Knudsen, Michael Wallner, Toshiyuki Maezawa,
		Ingmar Runge
		Ingmar Runge, Ates Goral

		Thanks! (and sorry if I forgot to mention someone)

+3 −1

Original line number	Diff line number	Diff line
		@@ -760,7 +760,9 @@ struct Cookie Curl_cookie_getlist(struct CookieInfo c,
		/* now check the left part of the path with the cookies path
		requirement */
		if(!co->path \|\|
		checkprefix(co->path, path) ) {
		/* not using checkprefix() because matching should be
		case-sensitive */
		!strncmp(co->path, path, strlen(co->path)) ) {

		/* and now, we know this is a match and we should create an
		entry for the return-linked-list */

+3 −1

Original line number	Diff line number	Diff line
		@@ -37,6 +37,8 @@ Funny-head: yesyes
		Set-Cookie: foobar=name; domain=127.0.0.1; path=/;
		Set-Cookie: mismatch=this; domain=127.0.0.1; path="/silly/";
		Set-Cookie: partmatch=present; domain=.0.0.1; path=/;
		Set-Cookie: cookie=yes; path=/we;
		Set-Cookie: nocookie=yes; path=/WE;

		</file>
		</client>
		@@ -50,7 +52,7 @@ Set-Cookie: partmatch=present; domain=.0.0.1; path=/;
		GET /we/want/8 HTTP/1.1
		Host: 127.0.0.1:%HTTPPORT
		Accept: /
		Cookie: partmatch=present; foobar=name
		Cookie: cookie=yes; partmatch=present; foobar=name

		</protocol>
		</verify>