- Jeff Pohlmeyer found out that if you ask libcurl to load a cookiefile (with (a676c185) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP curl

CHANGES

+11 −0

Original line number	Diff line number	Diff line
		@@ -7,6 +7,17 @@
		Changelog


		Daniel (17 August 2005)
		- Jeff Pohlmeyer found out that if you ask libcurl to load a cookiefile (with
		CURLOPT_COOKIEFILE), add a cookie (with CURLOPT_COOKIELIST), tell it to
		write the result to a given cookie jar and then never actually call
		curl_easy_perform() - the given file(s) to read was never read but the
		output file was written and thus it caused a "funny" result.

		- While doing some tests for the bug above, I noticed that Firefox generates
		large numbers (for the expire time) in the cookies.txt file and libcurl
		didn't treat them properly. Now it does.

		Daniel (15 August 2005)
		- Added more verbose "warning" messages to the curl client for cases where it
		fails to open/read files etc to help users diagnose why it doesn't do what

RELEASE-NOTES

+1 −1

Original line number	Diff line number	Diff line
		@@ -59,6 +59,6 @@ advice from friends like these:
		John McGowan, Georg Wicherski, Andres Garcia, Eric Cooper, Todd Kulesza,
		Tupone Alfredo, Gisle Vanem, David Shaw, Andrew Bushnell, Dan Fandrich,
		Adrian Schuur, Diego Casorran, Peteris Krumins, Jon Grubbs, Christopher
		R. Palmer, Mario Schroeder, Richard Clayton, James Bursa
		R. Palmer, Mario Schroeder, Richard Clayton, James Bursa, Jeff Pohlmeyer

		Thanks! (and sorry if I forgot to mention someone)

lib/cookie.c

+26 −3

Original line number	Diff line number	Diff line
		@@ -94,6 +94,8 @@ Example set of cookies:
		#include "strtok.h"
		#include "sendf.h"
		#include "memory.h"
		#include "share.h"
		#include "strtoofft.h"

		/* The last #include file should be: */
		#ifdef CURLDEBUG
		@@ -133,6 +135,27 @@ static bool tailmatch(const char little, const char bigone)
		return (bool)strequal(little, bigone+biglen-littlelen);
		}

		/*
		* Load cookies from all given cookie files (CURLOPT_COOKIEFILE).
		*/
		void Curl_cookie_loadfiles(struct SessionHandle *data)
		{
		struct curl_slist *list = data->change.cookielist;
		if(list) {
		Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE);
		while(list) {
		data->cookies = Curl_cookie_init(data,
		list->data,
		data->cookies,
		data->set.cookiesession);
		list = list->next;
		}
		Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE);
		curl_slist_free_all(data->change.cookielist); /* clean up list */
		data->change.cookielist = NULL; /* don't do this again! */
		}
		}

		/****************************************************************************
		*
		* Curl_cookie_add()
		@@ -473,7 +496,7 @@ Curl_cookie_add(struct SessionHandle *data,
		co->secure = (bool)strequal(ptr, "TRUE");
		break;
		case 4:
		co->expires = atoi(ptr);
		co->expires = curlx_strtoofft(ptr, NULL, 10);
		break;
		case 5:
		co->name = strdup(ptr);
		@@ -832,7 +855,7 @@ static char get_netscape_format(const struct Cookie co)
		"%s\t" /* tailmatch */
		"%s\t" /* path */
		"%s\t" /* secure */
		"%u\t" /* expires */
		"%" FORMAT_OFF_T "\t" /* expires */
		"%s\t" /* name */
		"%s", /* value */
		/* Make sure all domains are prefixed with a dot if they allow
		@@ -842,7 +865,7 @@ static char get_netscape_format(const struct Cookie co)
		co->tailmatch?"TRUE":"FALSE",
		co->path?co->path:"/",
		co->secure?"TRUE":"FALSE",
		(unsigned int)co->expires,
		co->expires,
		co->name,
		co->value?co->value:"");
		}

lib/cookie.h

+3 −1

Original line number	Diff line number	Diff line
		@@ -38,7 +38,7 @@ struct Cookie {
		char value; / name = <this> */
		char path; / path = <this> */
		char domain; / domain = <this> */
		long expires; /* expires = <this> */
		curl_off_t expires; /* expires = <this> */
		char expirestr; / the plain text version */
		bool tailmatch; /* weather we do tail-matchning of the domain name */

		@@ -94,8 +94,10 @@ int Curl_cookie_output(struct CookieInfo , char );

		#if defined(CURL_DISABLE_HTTP) \|\| defined(CURL_DISABLE_COOKIES)
		#define Curl_cookie_list(x) NULL
		#define Curl_cookie_loadfiles(x)
		#else
		struct curl_slist Curl_cookie_list(struct SessionHandle data);
		void Curl_cookie_loadfiles(struct SessionHandle *data);
		#endif

		#endif

lib/transfer.c

+3 −19

Original line number	Diff line number	Diff line
		@@ -1641,25 +1641,9 @@ CURLcode Curl_pretransfer(struct SessionHandle *data)
		data->state.authhost.want = data->set.httpauth;
		data->state.authproxy.want = data->set.proxyauth;

		#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES)
		/* If there was a list of cookie files to read and we haven't done it before,
		do it now! */
		if(data->change.cookielist) {
		struct curl_slist *list = data->change.cookielist;
		Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE);
		while(list) {
		data->cookies = Curl_cookie_init(data,
		list->data,
		data->cookies,
		data->set.cookiesession);
		list = list->next;
		}
		Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE);
		curl_slist_free_all(data->change.cookielist); /* clean up list */
		data->change.cookielist = NULL; /* don't do this again! */
		}
		#endif /* CURL_DISABLE_HTTP */

		/* If there is a list of cookie files to read, do it now! */
		if(data->change.cookielist)
		Curl_cookie_loadfiles(data);

		/* Allow data->set.use_port to set which port to use. This needs to be
		* disabled for example when we follow Location: headers to URLs using

Admin message