cookie: accept "high byte" cookie content

Regression from 597ee915c4c6da132dbd1735345 (not shipped in a release) Reported-by: Carlos Henrique Lima Melara Assisted-by: Scott Talbert Added such a cookie to test 31. Fixes #16692 Closes #16703
2025-04-24 16:40:32 +08:00 · 2025-03-13 08:22:11 +01:00 · 2025-03-13 08:22:11 +01:00 · 5a26b901d4
commit 5a26b901d4
parent 51d8213579
2 changed files with 4 additions and 1 deletions
--- a/lib/cookie.c
+++ b/lib/cookie.c
@ -434,8 +434,9 @@ static bool bad_domain(const char *domain, size_t len)
  fine. The prime reason for filtering out control bytes is that some HTTP
  servers return 400 for requests that contain such.
 */
-static bool invalid_octets(const char *p)
+static bool invalid_octets(const char *ptr)
 {
+  const unsigned char *p = (const unsigned char *)ptr;
  /* Reject all bytes \x01 - \x1f (*except* \x09, TAB) + \x7f */
  while(*p) {
    if(((*p != 9) && (*p < 0x20)) || (*p == 0x7f))
--- a/tests/data/test31
+++ b/tests/data/test31
@ -68,6 +68,7 @@ Set-Cookie: withspaces=  yes  within and around    ;
 Set-Cookie: withspaces2 =before equals;
 Set-Cookie: prespace=  yes before;
 Set-Cookie: securewithspace=after    ; secure =
+Set-Cookie: Â³Ã\x92Ã\x9aÃ\x8dÃ\x97=%96%A6g%9Ay%B0%A5g%A7tm%7C%95%9A

 boo
 </data>
@ -110,6 +111,7 @@ Accept: */*
 # https://curl.se/docs/http-cookies.html
 # This file was generated by libcurl! Edit at your own risk.

+test31.curl	FALSE	/we/want/	FALSE	0	Â³Ã\x92Ã\x9aÃ\x8dÃ\x97	%96%A6g%9Ay%B0%A5g%A7tm%7C%95%9A
 test31.curl	FALSE	/we/want/	FALSE	0	prespace	yes before
 test31.curl	FALSE	/we/want/	FALSE	0	withspaces2	before equals
 test31.curl	FALSE	/we/want/	FALSE	0	withspaces	yes  within and around