Commit Graph

156 Commits

Author SHA1 Message Date
Daniel Stenberg
7ff4b4f2b5 - Claes Jakobsson fixed a problem with cookie expiry dates at exctly the epoch
start second "Thu Jan 1 00:00:00 GMT 1970" as the date parser then returns 0
  which internally then is treated as a session cookie. That particular date
  is now made to get the value of 1.
2009-09-10 21:06:50 +00:00
Yang Tse
5931cf77f4 DEBUGBUILD / CURLDEBUG decoupling follow-up 2009-06-15 02:29:49 +00:00
Daniel Stenberg
352177090f - Fabian Keil ran clang on the (lib)curl code, found a bunch of warnings and
contributed a range of patches to fix them.
2009-06-10 21:26:11 +00:00
Daniel Stenberg
1cf6c15ab4 - bug report #2796358 (http://curl.haxx.se/bug/view.cgi?id=2796358) pointed
out that the cookie parser would leak memory when it parses cookies that are
  received with domain, path etc set multiple times in the same header. While
  such a cookie is questionable, they occur in the wild and libcurl no longer
  leaks memory for them. I added such a header to test case 8.
2009-05-25 12:23:22 +00:00
Yang Tse
33a3753c3f libcurl's memory.h renamed to curl_memory.h 2009-04-21 11:46:16 +00:00
Daniel Stenberg
5e74c58b73 - Tim Ansell fixed a compiler warning in lib/cookie.c 2009-01-15 08:32:58 +00:00
Daniel Stenberg
a19e02be5e - Michael Wallner fixed a NULL pointer deref when calling
curl_easy_setup(curl, CURLOPT_COOKIELIST, "SESS") on a CURL handle with no
  cookies data.
2009-01-13 22:21:14 +00:00
Daniel Stenberg
58ebde9502 - Pawel Kierski pointed out a mistake in the cookie code that could lead to a
bad fclose() after a fatal error had occured.
  (http://curl.haxx.se/bug/view.cgi?id=2382219)
2008-12-03 15:08:09 +00:00
Daniel Stenberg
b701ea36a7 moved the Curl_raw_ functions into the new lib/rawstr.c file for easier curlx_
inclusion by the curl tool without colliding with the curl_strequal functions.
2008-10-23 11:49:19 +00:00
Dan Fandrich
bab5183820 Created Curl_raw_nequal() which does a C-locale string case comparison.
Changed checkprefix() to use it and those instances of strnequal() that
compare host names or other protocol strings that are defined to be
independent of case in the C locale.  This should fix a few more
Turkish locale problems.
2008-10-23 01:20:57 +00:00
Daniel Stenberg
9d16b4081e Renamed Curl_ascii_equal to Curl_raw_equal and bugfixed the my_toupper function
used in strequal.c so now all test cases run fine for me again.
2008-10-16 08:23:48 +00:00
Daniel Stenberg
a579d67064 - Pascal Terjan filed bug #2154627
(http://curl.haxx.se/bug/view.cgi?id=2154627) which pointed out that libcurl
  uses strcasecmp() in multiple places where it causes failures when the
  Turkish locale is used. This is because 'i' and 'I' isn't the same letter so
  strcasecmp() on those letters are different in Turkish than in English (or
  just about all other languages). I thus introduced a totally new internal
  function in libcurl (called Curl_ascii_equal) for doing case insentive
  comparisons for english-(ascii?) style strings that thus will make "file"
  and "FILE" match even if the Turkish locale is selected.
2008-10-15 21:43:48 +00:00
Daniel Stenberg
18be9882f7 Removed superfluous check of clist->name, as in this code path that pointer
has already been dereferenced so it is bound to be valid. Pointed out to us
by coverity.com
2008-10-13 21:03:12 +00:00
Daniel Stenberg
f72a26d340 - Stefan Krause pointed out that libcurl would wrongly send away cookies to
sites in cases where the cookie clearly has a very old expiry date. The
  condition was simply that libcurl's date parser would fail to convert the
  date and it would then count as a (timed-based) match. Starting now, a
  missed date due to an unsupported date format or date range will now cause
  the cookie to not match.
2008-09-08 11:36:19 +00:00
Yang Tse
59e378f48f remove unnecessary typecasting of malloc() 2008-09-06 05:29:05 +00:00
Yang Tse
a622fd90b4 remove unnecessary typecasting of calloc() 2008-09-06 04:47:14 +00:00
Daniel Stenberg
e138ae5ec9 - I'm abandoning the system with the web site mirrors (but keeping download
files bing mirrored) and thus I've changed the URL in the cookiejar header
  to no longer use curlm.haxx.se but instead use the main site curl.haxx.se
2008-08-28 11:35:54 +00:00
Yang Tse
ad638da2c2 Library internal only C preprocessor macros FORMAT_OFF_T and FORMAT_OFF_TU
remain in use as internal curl_off_t print formatting strings for the internal
*printf functions which still cannot handle print formatting string directives
such as "I64d", "I64u", and others available on MSVC, MinGW, Intel's ICC, and
other DOS/Windows compilers.

This reverts previous commit part which did:

FORMAT_OFF_T  -> CURL_FORMAT_CURL_OFF_T
FORMAT_OFF_TU -> CURL_FORMAT_CURL_OFF_TU
2008-08-16 01:33:59 +00:00
Yang Tse
66fb9ca5f6 For congruency sake with the naming of other CURL_XXXXXX_CURL_OFF_T macros,
the names of the curl_off_t formatting string directives now become
CURL_FORMAT_CURL_OFF_T and CURL_FORMAT_CURL_OFF_TU.

CURL_FMT_OFF_T  -> CURL_FORMAT_CURL_OFF_T
CURL_FMT_OFF_TU -> CURL_FORMAT_CURL_OFF_TU

Remove the use of an internal name for the curl_off_t formatting string directives
and use the common one available from the inside and outside of the library.

FORMAT_OFF_T  -> CURL_FORMAT_CURL_OFF_T
FORMAT_OFF_TU -> CURL_FORMAT_CURL_OFF_TU
2008-08-15 02:58:15 +00:00
Daniel Stenberg
a62e155ca4 - Niklas Angebrand made the cookie support in libcurl properly deal with the
"HttpOnly" feature introduced by Microsoft and apparently also supported by
  Firefox: http://msdn2.microsoft.com/en-us/library/ms533046.aspx . HttpOnly
  is now supported when received from servers in HTTP headers, when written to
  cookie jars and when read from existing cookie jars.
2008-01-31 12:21:57 +00:00
Daniel Stenberg
c914e6ea5d "Igor" pointed out that CURLOPT_COOKIELIST set to "ALL" leaked memory, and so
did "SESS". Fixed now.
2008-01-23 22:22:12 +00:00
Daniel Stenberg
cbd1a77ec2 if () => if()
while () => while()
and some other minor re-indentings
2007-11-07 09:21:35 +00:00
Dan Fandrich
1b66c1da6c Added lots of consts 2007-08-29 05:36:53 +00:00
Yang Tse
d9e89e170f fix out of memory handling issue 2007-04-07 04:51:35 +00:00
Dan Fandrich
7e74349b86 Fixed file handle leak in OOM condition. 2007-04-04 22:49:12 +00:00
Yang Tse
f08ac86834 fix compiler warning 2007-03-25 02:30:58 +00:00
Yang Tse
fbcf86b83e avoid using funtion isblank() and just use our ISBLANK
macro to provide this functionality on all platforms
2007-02-14 13:31:37 +00:00
Yang Tse
5c3f36b4b4 compiler warning fix 2007-02-14 04:45:30 +00:00
Yang Tse
6d05a33ed9 use our own ISBLANK macro 2007-02-13 17:47:27 +00:00
Daniel Stenberg
277df1c6b1 make Curl_cookie_clearall() survive getting called with a NULL pointer 2007-01-13 23:32:14 +00:00
Daniel Stenberg
68e9f75708 As reported in bug: #1566077 the former URL mentioned in the generated cookie
jar has died and we now instead point out our own version of that
2006-09-27 21:00:45 +00:00
Daniel Stenberg
28611704d9 Ates Goral pointed out that libcurl's cookie parser did case insensitive
string comparisons on the path which is incorrect and provided a patch that
fixes this. I edited test case 8 to include details that test for this.
2006-07-08 18:52:08 +00:00
Daniel Stenberg
606562aa7e Michael Wallner provided a patch that allows "SESS" to be set with
CURLOPT_COOKIELIST, which then makes all session cookies get cleared. (slightly
edited by me, and the re-indent in cookie.c was also done by me)
2006-05-24 22:46:38 +00:00
Daniel Stenberg
90e1a6905a remove the typecast to long from time_t, since we now store it as curl_off_t 2005-08-17 09:11:27 +00:00
Daniel Stenberg
a676c18502 - Jeff Pohlmeyer found out that if you ask libcurl to load a cookiefile (with
CURLOPT_COOKIEFILE), add a cookie (with CURLOPT_COOKIELIST), tell it to
  write the result to a given cookie jar and then never actually call
  curl_easy_perform() - the given file(s) to read was never read but the
  output file was written and thus it caused a "funny" result.

- While doing some tests for the bug above, I noticed that Firefox generates
  large numbers (for the expire time) in the cookies.txt file and libcurl
  didn't treat them properly. Now it does.
2005-08-17 08:55:43 +00:00
Daniel Stenberg
1c388a52a5 curl standard indent/format 2005-07-28 21:49:58 +00:00
Daniel Stenberg
2236ba0d20 Peteris Krumins added CURLOPT_COOKIELIST and CURLINFO_COOKIELIST, which is a
simple interface to extracting and setting cookies in libcurl's internal
"cookie jar". See the new cookie_interface.c example code.
2005-07-27 22:17:14 +00:00
Daniel Stenberg
6b1220b61d Cory Nelson's work on nuking compiler warnings when building on x64 with
VS2005.
2005-04-26 13:08:49 +00:00
Daniel Stenberg
ab4086bc24 Updated the copyright year since changes have been this year. 2005-03-31 07:02:02 +00:00
Daniel Stenberg
6f752c64bc Dave Dribin made it possible to set CURLOPT_COOKIEFILE to "" to activate
the cookie "engine" without having to provide an empty or non-existing file.
2005-03-04 00:26:50 +00:00
Daniel Stenberg
67abd4cd47 Rune Kleveland fixed a minor memory leak for received cookies with the (rare)
version attribute set.
2004-12-22 22:33:31 +00:00
Daniel Stenberg
ac269a8f68 Dan Fandrich added the --disable-cookies option to configure to build
libcurl without cookie support. This is mainly useful if you want to build a
minimalistic libcurl with no cookies support at all. Like for embedded
systems or similar.
2004-12-05 23:59:32 +00:00
Daniel Stenberg
f40c9b83df libcurl leaked memory for cookies with the "max-age" field set. 2004-10-16 13:54:40 +00:00
Daniel Stenberg
39af394a1c removed tabs and trailing whitespace from source 2004-10-06 07:50:18 +00:00
Daniel Stenberg
be7ce435c0 Replaced the use of isspace() with our own version instead since we have most
data as 'char *' and that makes us pass in negative values if there is 8bit
data in the string. Changing to unsigned causes too much warnings or too many
required typecasts to the normal string functions.
2004-10-03 21:02:01 +00:00
Daniel Stenberg
13cc010e38 getdate.h is not required to include, it adds nothing new 2004-09-13 20:47:15 +00:00
Daniel Stenberg
de6ab3de22 Dylan Salisbury's fix to prevent us from accepting cookies from TLD only 2004-08-04 12:26:27 +00:00
Daniel Stenberg
0e03165467 Bertrand Demiddelaer fixed two missing newlines 2004-07-26 15:42:07 +00:00
Daniel Stenberg
ce945bd2f0 5K array on the stack is a big hefty, it is now allocated with malloc
instead
2004-06-30 12:05:07 +00:00
Daniel Stenberg
35558e6bd7 David Cohen pointed out that RFC2109 says clients should allow cookies to
contain least 4096 bytes while libcurl only allowed 2047. I raised the limit
to 4999 now and made the used buffer get malloc()ed instead of simply
allocated on stack as before.
2004-06-22 21:15:51 +00:00
Daniel Stenberg
755f98e768 While talking to host a.b.c, libcurl did wrongly not accept cookies that were
set to the domain .a.b.c (that is with a dot prefix). This is now fixed and
test case 171 verifies it.
2004-05-21 20:40:15 +00:00
Daniel Stenberg
34e8baab9a general cleanup to bail out nice and clean when a memory function fails
to deliver
2004-05-12 12:04:38 +00:00
Daniel Stenberg
bbafb2eb27 curl_global_init_mem() allows the memory functions to be replaced.
memory.h is included everywhere for this.
2004-05-11 11:30:23 +00:00
Daniel Stenberg
5dcab07c54 if a malloc fails, clear up the memory and return failure 2004-05-10 14:04:06 +00:00
Daniel Stenberg
9948250723 strequal() returns int so we typecast the return to bool when we store the
result as bool
2004-03-10 09:41:37 +00:00
Daniel Stenberg
7d8cd5906c use calloc instead of malloc and we won't have to memset() the struct 2004-02-26 14:52:16 +00:00
Daniel Stenberg
d571064b65 Clear up int/long/size_t/ssize_t usage a bit 2004-02-26 13:40:43 +00:00
Daniel Stenberg
4d17d6876e Dan Fandrich's cleanup patch to make pedantic compiler options cause less
warnings. Minor edits by me.
2004-01-29 13:56:45 +00:00
Daniel Stenberg
053f6c85ef updated year in the copyright string 2004-01-07 09:19:33 +00:00
Daniel Stenberg
168703b7bf Added some infof() calls, that require the data pointer so now several
cookie functions need that.

I also fixed the cookie loader to properly load and deal with cookies without
contents (or rather with a blank content).
2003-08-11 09:55:11 +00:00
Daniel Stenberg
98ee12bc35 Jan Sundin reported a case where curl ignored a cookie that browsers don't,
which turned up to be due to the number of dots in the 'domain'. I've now
  made curl follow the the original netscape cookie spec less strict on that
  part.
2003-08-04 23:05:57 +00:00
Daniel Stenberg
2bd71d70ff use CURLDEBUG instead of MALLOCDEBUG 2003-06-26 06:50:32 +00:00
Daniel Stenberg
465de793e8 Skip any preceeding dots from the domain name of cookies when we keep them
in memory, only add it when we save the cookie. This makes all tailmatching
and domain string matching internally a lot easier.

This was also the reason for a remaining bug I introduced in my overhaul.
2003-05-15 22:28:19 +00:00
Daniel Stenberg
efd836d971 Many cookie fixes:
o Save domains in jars like Mozilla does. It means all domains set in
    Set-Cookie: headers are dot-prefixed.
  o Save and use the 'tailmatch' field in the Mozilla/Netscape cookie jars (the
    second column).
  o Reject cookies using illegal domains in the Set-Cookie: line. Concerns
    both domains with too few dots or domains that are outside the currently
    operating server host's domain.
  o Set the path part by default to the one used in the request, if none was
    set in the Set-Cookie line.
2003-04-30 17:03:43 +00:00
Sterling Hughes
ad6fca28f9 testing, ignore this commit 2003-03-31 15:59:17 +00:00
Daniel Stenberg
a7c72b7abf removed the local variables for emacs and vim, use the new sample.emacs
way for emacs, and vim users should provide a similar non-polluting style
2003-01-29 10:14:20 +00:00
Daniel Stenberg
f26a338a54 copyright year update in the source header 2003-01-16 21:08:12 +00:00
Daniel Stenberg
01387f42c5 kromJx@crosswinds.net's fix that now uses checkprefix() instead of
strnequal() when the third argument was strlen(first argument) anyway.
This makes it less prone to errors. (Slightly edited by me)
2002-10-28 21:52:00 +00:00
Daniel Stenberg
ba4e69bebc updated source code boilerplate/header 2002-09-03 11:52:59 +00:00
Daniel Stenberg
d8b2c819e7 properly skip white spaces on Set-Cookie: header lines 2002-07-29 22:22:49 +00:00
Daniel Stenberg
08ef208fb7 added disable-[protocol] support, largely provided by Miklos Nemeth 2002-06-11 11:13:01 +00:00
Daniel Stenberg
980a47b42b support for ingoring session cookies added 2002-05-07 09:58:13 +00:00
Daniel Stenberg
2361aabbef Dirk Manske made libcurl strip off white spaces from the beginning of cookie
contents.
2002-04-14 18:21:17 +00:00
Daniel Stenberg
541e5a3b82 Jacky Lam cookie parser fix for domains with preceeding dot 2002-03-25 09:08:33 +00:00
Daniel Stenberg
974f314f57 copyright string (year) update 2002-03-19 07:54:55 +00:00
Daniel Stenberg
3612c3774e made Max-Age work as defined in the RFC.
my brain damaged fix to not parse spaces as part of the value is now fixed
to instead strip off trailing spaces from values.
2002-02-27 07:38:04 +00:00
Daniel Stenberg
66b8f48a88 When saving a cookie jar, set field 1 (counted from 0) properly to TRUE if the
domain starts with a dot.
2002-02-26 13:18:08 +00:00
Daniel Stenberg
a23a897ad2 removed crash on weird input, this also better discards silly input 2002-02-26 13:07:53 +00:00
Daniel Stenberg
87037136ef As identified in bug report #495290, the last "name=value" pair in a
Set-Cookie: line was ignored if they didn't end with a trailing
semicolon. This is indeed wrong syntax, but there are high-profile web sites
out there sending cookies like that so we must make a best-effort to parse
them.
2002-01-07 23:05:36 +00:00
Daniel Stenberg
d9a7773011 added precautions to not go insane when two matching cookies end up in the
cookie list, even though they're not supposed to do that...
2002-01-07 14:56:15 +00:00
Daniel Stenberg
6d35984286 prevent strdup()ing NULL -- Paul Harrington's report 2001-10-30 12:08:17 +00:00
Daniel Stenberg
c6822f5a7f T. Bharath found this memory leak. It occurs when we replace an internally
already existing cookie with a new one.
2001-10-24 11:36:55 +00:00
Sterling Hughes
8e91d5de8e looks nicer and is better compatible with older vim versions 2001-10-11 09:32:19 +00:00
Daniel Stenberg
f2a25966cf cookiejar now enables the cookie engine 2001-10-10 12:48:32 +00:00
Daniel Stenberg
e719f4169c corrected cookie-jar comment 2001-10-08 06:43:22 +00:00
Daniel Stenberg
598e8dfbfb Now we're setting a default domain for received cookies so that we can
properly match those cookies in subsequent requests
2001-09-26 07:08:29 +00:00
Daniel Stenberg
3f5227dfc7 Curl_cookie_output() must check that there's a cookie struct present before
trying to address it!
2001-09-10 07:43:08 +00:00
Sterling Hughes
6147879837 Added formatting sections for emacs and vim 2001-09-07 04:01:32 +00:00
Daniel Stenberg
a2b6ef3478 cookie jar adjustments 2001-08-29 09:32:18 +00:00
Daniel Stenberg
9e5dfc15ac improved the test 2001-08-26 14:28:05 +00:00
Daniel Stenberg
c9c2115088 started working on a function for writing (all) cookies, made it possible
to read multiple cookie files, no longer writes to the URL string passed
to the _add() function. The new stuff is now conditionally compiled on the
COOKIE define. Changed the _init() proto.
2001-08-23 14:05:25 +00:00
Daniel Stenberg
c8926138d1 commented out empty else blocks to shut up pedantic compilers 2001-08-14 08:17:29 +00:00
Daniel Stenberg
870bacd689 include strtok.h to get the prototype 2001-05-30 11:06:56 +00:00
Daniel Stenberg
d567659bf4 strtok() replaced with strtok_r() 2001-05-29 19:17:39 +00:00
Daniel Stenberg
72dec6cfec Added Andres' comments about field 2 in netscape cookie files 2001-05-23 13:04:19 +00:00
Daniel Stenberg
8dc9f4330c Andrés García's netscape cookie file parser fix 2001-05-23 09:26:45 +00:00
Daniel Stenberg
4031104404 Internal symbols that aren't static are now prefixed with 'Curl_' 2001-01-05 10:11:41 +00:00
Daniel Stenberg
24dee483e9 dual-license fix 2001-01-03 09:29:33 +00:00
Daniel Stenberg
78423c5899 Venkataramana Mokkapati corrected a cookie parser bug 2000-11-10 08:10:04 +00:00
Daniel Stenberg
0f8facb49b added memory debugging include file 2000-10-09 11:12:34 +00:00