#define CERR_PSL 14 /* a public suffix */
#define CERR_LIVE_WINS 15
+/* The maximum length we accept a date string for the 'expire' keyword. The
+ standard date formats are within the 30 bytes range. This adds an extra
+ margin just to make sure it realistically works with what is used out
+ there.
+*/
+#define MAX_DATE_LENGTH 80
+
static int
parse_cookie_header(struct Curl_easy *data,
struct Cookie *co,
}
}
else if((nlen == 7) && strncasecompare("expires", namep, 7)) {
- if(!co->expires) {
+ if(!co->expires && (vlen < MAX_DATE_LENGTH)) {
/*
* Let max-age have priority.
*
* If the date cannot get parsed for whatever reason, the cookie
* will be treated as a session cookie
*/
- co->expires = Curl_getdate_capped(valuep);
+ char dbuf[MAX_DATE_LENGTH + 1];
+ memcpy(dbuf, valuep, vlen);
+ dbuf[vlen] = 0;
+ co->expires = Curl_getdate_capped(dbuf);
/*
* Session cookies have expires set to 0 so if we get that back
test453 test454 test455 test456 test457 test458 test459 test460 test461 \
test462 test463 test467 test468 test469 test470 test471 test472 test473 \
test474 test475 test476 test477 test478 test479 test480 test481 test482 \
-\
+test483 \
test490 test491 test492 test493 test494 test495 test496 test497 test498 \
test499 test500 test501 test502 test503 test504 test505 test506 test507 \
test508 test509 test510 test511 test512 test513 test514 test515 test516 \
--- /dev/null
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+cookies
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<data crlf="yes">
+HTTP/1.1 200 OK
+Set-Cookie: name=value; expires=Fri Feb 13 11:56:27 GMT 2132\r
+Set-Cookie: name2=value; expires=Fri Feb 13 11:56:27 ; 2132\r
+Set-Cookie: name3=value; expires=Fri Feb 13 11:56:27 ...................................................GMT 2132\r
+Set-Cookie: name4=value; expires=Fri Feb 13 11:56:27 ....................................................GMT 2132\r
+Accept-Ranges: bytes
+Content-Length: 6
+Connection: close
+
+-foo-
+</data>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+http
+</server>
+<features>
+large-time
+</features>
+<name>
+HTTP cookies with long expire dates
+</name>
+<command>
+http://%HOSTIP:%HTTPPORT/%TESTNUMBER -c %LOGDIR/c%TESTNUMBER
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<protocol crlf="yes">
+GET /%TESTNUMBER HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+User-Agent: curl/%VERSION
+Accept: */*
+
+</protocol>
+<file name="%LOGDIR/c%TESTNUMBER" mode="text">
+# Netscape HTTP Cookie File
+# https://curl.se/docs/http-cookies.html
+# This file was generated by libcurl! Edit at your own risk.
+
+127.0.0.1 FALSE / FALSE 0 name4 value
+127.0.0.1 FALSE / FALSE 5115959787 name3 value
+127.0.0.1 FALSE / FALSE 0 name2 value
+127.0.0.1 FALSE / FALSE 5115959787 name value
+</file>
+</verify>
+</testcase>
projects / thirdparty / curl.git / commitdiff
