cookie: accept "high byte" cookie content

Regression from 597ee915c4c6da132dbd1735345 (not shipped in a release)
Reported-by: Carlos Henrique Lima Melara
Assisted-by: Scott Talbert
Added such a cookie to test 31.

Fixes #16692
Closes #16703

diff --git a/lib/cookie.c b/lib/cookie.c
index 1cacd487b3556668c11fcbc3046108ec86446a19..519b52a8d3bed999f82c99fc2bf2d09e1fee9b64 100644 (file)
--- a/lib/cookie.c
+++ b/lib/cookie.c
@@ -434,8 +434,9 @@ static bool bad_domain(const char *domain, size_t len)
   fine. The prime reason for filtering out control bytes is that some HTTP
   servers return 400 for requests that contain such.
 */
-static bool invalid_octets(const char *p)
+static bool invalid_octets(const char *ptr)
 {
+  const unsigned char *p = (const unsigned char *)ptr;
   /* Reject all bytes \x01 - \x1f (*except* \x09, TAB) + \x7f */
   while(*p) {
     if(((*p != 9) && (*p < 0x20)) || (*p == 0x7f))

diff --git a/tests/data/test31 b/tests/data/test31
index 7412b4bde8b146d4fb1310b245ebf99a81f4bb3a..bdc0a8d1d526070c840fb6f6239452985ad8a2f4 100644 (file)
--- a/tests/data/test31
+++ b/tests/data/test31
@@ -68,6 +68,7 @@ Set-Cookie: withspaces=  yes  within and around    ;
 Set-Cookie: withspaces2 =before equals;\r
 Set-Cookie: prespace=  yes before;\r
 Set-Cookie: securewithspace=after    ; secure =\r
+Set-Cookie: ³Ã\x92Ã\x9aÃ\x8dÃ\x97=%96%A6g%9Ay%B0%A5g%A7tm%7C%95%9A
 \r
 boo
 </data>
@@ -110,6 +111,7 @@ Accept: */*
 # https://curl.se/docs/http-cookies.html
 # This file was generated by libcurl! Edit at your own risk.
 
+test31.curl    FALSE   /we/want/       FALSE   0       ³Ã\x92Ã\x9aÃ\x8dÃ\x97    %96%A6g%9Ay%B0%A5g%A7tm%7C%95%9A
 test31.curl    FALSE   /we/want/       FALSE   0       prespace        yes before
 test31.curl    FALSE   /we/want/       FALSE   0       withspaces2     before equals
 test31.curl    FALSE   /we/want/       FALSE   0       withspaces      yes  within and around