From: Daniel Stenberg Date: Wed, 8 Jan 2025 09:19:26 +0000 (+0100) Subject: cookie: cap expire times to 400 days X-Git-Tag: curl-8_12_0~164 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=386f570df60f58fe9e90dddbda2fdd822a318f04;p=thirdparty%2Fcurl.git cookie: cap expire times to 400 days The pending cookie RFC update (currently known as 6265bis draft-19) says Let cookie-age-limit be the maximum age of the cookie (which name of Max-Age and an attribute-value of expiry-time. SHOULD be 400 days or less. This change makes received cookies over the wire get capped to 400 days. It does not cap the expiry date of cookies loaded from file. It does this by rounding the expire time to a even minute. This, to allow the test suite to do the same and have a chance to get the same number for stable testing without requiring a debug build. The test script generates TWO numbers in the output file for each %days[] used in the input test file, and the function that subsequently compares and verifies output is fine with *either* of the two numbers. This is done so that if the test case is generated the second immediately before curl runs, that updated expiry number is also deemed okay. It still checks for an exact match of either number. Closes #15937 --- diff --git a/lib/cookie.c b/lib/cookie.c index c56a7c2ee4..48a200dc6d 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -97,6 +97,26 @@ Example set of cookies: static void strstore(char **str, const char *newstr, size_t len); +/* number of seconds in 400 days */ +#define COOKIES_MAXAGE (400*24*3600) + +/* Make sure cookies never expire further away in time than 400 days into the + future. (from RFC6265bis draft-19) + + For the sake of easier testing, align the capped time to an even 60 second + boundary. +*/ +static void cap_expires(time_t now, struct Cookie *co) +{ + if((TIME_T_MAX - COOKIES_MAXAGE - 30) > now) { + timediff_t cap = now + COOKIES_MAXAGE; + if(co->expires > cap) { + cap += 30; + co->expires = (cap/60)*60; + } + } +} + static void freecookie(struct Cookie *co) { free(co->domain); @@ -714,6 +734,7 @@ parse_cookie_header(struct Curl_easy *data, co->expires += now; break; } + cap_expires(now, co); } else if((nlen == 7) && strncasecompare("expires", namep, 7)) { if(!co->expires && (vlen < MAX_DATE_LENGTH)) { @@ -737,6 +758,7 @@ parse_cookie_header(struct Curl_easy *data, co->expires = 1; else if(co->expires < 0) co->expires = 0; + cap_expires(now, co); } } diff --git a/tests/FILEFORMAT.md b/tests/FILEFORMAT.md index f336f772eb..f2b0507f69 100644 --- a/tests/FILEFORMAT.md +++ b/tests/FILEFORMAT.md @@ -74,6 +74,13 @@ For example, to insert the word hello 100 times: %repeat[100 x hello]% +## Insert capped epoch days + +Mostly to test capped cookie expire dates: `%days[NUM]` inserts the number of +seconds for the given number of days into the future, aligned to the nearest +minute. That is the same calculation the cookie engine uses to cap expiration +dates. + ## Include file This instruction allows a test case to include another file. It is helpful to diff --git a/tests/data/test1415 b/tests/data/test1415 index ae07d76f42..1e7090092f 100644 --- a/tests/data/test1415 +++ b/tests/data/test1415 @@ -78,15 +78,9 @@ Proxy-Connection: Keep-Alive # https://curl.se/docs/http-cookies.html # This file was generated by libcurl! Edit at your own risk. -%if large-time -.example.com TRUE / FALSE 17545593600 test7value test7 -.example.com TRUE / FALSE 17545593600 test4value test4 -.example.com TRUE / FALSE 17545593600 test2value test2 -%else -.example.com TRUE / FALSE 2145830400 test7value test7 -.example.com TRUE / FALSE 2145830400 test4value test4 -.example.com TRUE / FALSE 2145830400 test2value test2 -%endif +.example.com TRUE / FALSE %days[400] test7value test7 +.example.com TRUE / FALSE %days[400] test4value test4 +.example.com TRUE / FALSE %days[400] test2value test2 .example.com TRUE / FALSE 0 test1value test1 diff --git a/tests/data/test31 b/tests/data/test31 index 4517054861..7412b4bde8 100644 --- a/tests/data/test31 +++ b/tests/data/test31 @@ -115,11 +115,7 @@ test31.curl FALSE /we/want/ FALSE 0 withspaces2 before equals test31.curl FALSE /we/want/ FALSE 0 withspaces yes within and around .test31.curl TRUE /we/want/ FALSE 0 blexp yesyes #HttpOnly_test31.curl FALSE /silly/ FALSE 0 magic yessir -%if large-time -test31.curl FALSE /we/want/ FALSE 17517902187 nodomain value -%else -test31.curl FALSE /we/want/ FALSE 2118138987 nodomain value -%endif +test31.curl FALSE /we/want/ FALSE %days[400] nodomain value .test31.curl TRUE / FALSE 0 partmatch present #HttpOnly_.test31.curl TRUE /p4/ FALSE 0 httponly myvalue1 #HttpOnly_.test31.curl TRUE /p4/ FALSE 0 httpo4 value4 diff --git a/tests/data/test46 b/tests/data/test46 index 042af7e6e6..0a0e84914f 100644 --- a/tests/data/test46 +++ b/tests/data/test46 @@ -91,15 +91,14 @@ domain..tld FALSE /want/ FALSE 0 simplyhuge zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz domain..tld FALSE / FALSE 0 justaname domain..tld FALSE / FALSE 0 ASPSESSIONIDQGGQQSJJ GKNBDIFAAOFDPDAIEAKDIBKE domain..tld FALSE / FALSE 0 ckySession temporary +domain..tld FALSE / FALSE %days[400] ckyPersistent permanent %if large-time -domain..tld FALSE / FALSE 17517902187 ckyPersistent permanent domain..tld FALSE /want FALSE 0 empty #HttpOnly_domain..tld FALSE /want FALSE 22139150993 mooo2 indeed2 domain..tld FALSE / FALSE 22139150993 mooo indeed www.loser.com FALSE / FALSE 22139150993 UID 99 www.fake.come FALSE / FALSE 22147483647 cookiecliente si %else -domain..tld FALSE / FALSE 2118138987 ckyPersistent permanent domain..tld FALSE /want FALSE 0 empty #HttpOnly_domain..tld FALSE /want FALSE 2139150993 mooo2 indeed2 domain..tld FALSE / FALSE 2139150993 mooo indeed diff --git a/tests/data/test483 b/tests/data/test483 index 13fa4f157f..5d86f467d0 100644 --- a/tests/data/test483 +++ b/tests/data/test483 @@ -58,9 +58,9 @@ Accept: */* # This file was generated by libcurl! Edit at your own risk. 127.0.0.1 FALSE / FALSE 0 name4 value -127.0.0.1 FALSE / FALSE 5115959787 name3 value +127.0.0.1 FALSE / FALSE %days[400] name3 value 127.0.0.1 FALSE / FALSE 0 name2 value -127.0.0.1 FALSE / FALSE 5115959787 name value +127.0.0.1 FALSE / FALSE %days[400] name value diff --git a/tests/data/test506 b/tests/data/test506 index 30d4c62154..02165275b6 100644 --- a/tests/data/test506 +++ b/tests/data/test506 @@ -210,14 +210,14 @@ lock: cookie [Pigs in space]: 90 unlock: cookie [Pigs in space]: 91 loaded cookies: ----------------- - www.host.foo.com FALSE / FALSE 1993463787 test6 six_more - .www.host.foo.com TRUE / FALSE 1993463787 test6 six - .host.foo.com TRUE / FALSE 1896263787 test5 five - .host.foo.com TRUE / FALSE 2061978987 test4 overwritten4 - .foo.com TRUE / FALSE 1896263787 test3 three - .host.foo.com TRUE / FALSE 1896263787 test2 two - .foo.com TRUE / FALSE 1993463787 test1 overwritten1 - .host.foo.com TRUE / FALSE 1896263787 injected yes + www.host.foo.com FALSE / FALSE %days[400] test6 six_more + .www.host.foo.com TRUE / FALSE %days[400] test6 six + .host.foo.com TRUE / FALSE %days[400] test5 five + .host.foo.com TRUE / FALSE %days[400] test4 overwritten4 + .foo.com TRUE / FALSE %days[400] test3 three + .host.foo.com TRUE / FALSE %days[400] test2 two + .foo.com TRUE / FALSE %days[400] test1 overwritten1 + .host.foo.com TRUE / FALSE %days[400] injected yes ----------------- try SHARE_CLEANUP... lock: share [Pigs in space]: 92 @@ -238,14 +238,14 @@ GLOBAL_CLEANUP # https://curl.se/docs/http-cookies.html # This file was generated by libcurl! Edit at your own risk. -www.host.foo.com FALSE / FALSE 1993463787 test6 six_more -.www.host.foo.com TRUE / FALSE 1993463787 test6 six -.host.foo.com TRUE / FALSE 1896263787 test5 five -.host.foo.com TRUE / FALSE 2061978987 test4 overwritten4 -.foo.com TRUE / FALSE 1896263787 test3 three -.host.foo.com TRUE / FALSE 1896263787 test2 two -.foo.com TRUE / FALSE 1993463787 test1 overwritten1 -.host.foo.com TRUE / FALSE 1896263787 injected yes +www.host.foo.com FALSE / FALSE %days[400] test6 six_more +.www.host.foo.com TRUE / FALSE %days[400] test6 six +.host.foo.com TRUE / FALSE %days[400] test5 five +.host.foo.com TRUE / FALSE %days[400] test4 overwritten4 +.foo.com TRUE / FALSE %days[400] test3 three +.host.foo.com TRUE / FALSE %days[400] test2 two +.foo.com TRUE / FALSE %days[400] test1 overwritten1 +.host.foo.com TRUE / FALSE %days[400] injected yes diff --git a/tests/data/test61 b/tests/data/test61 index 43a8598bab..2cb5963ff4 100644 --- a/tests/data/test61 +++ b/tests/data/test61 @@ -71,13 +71,8 @@ Accept: */* # https://curl.se/docs/http-cookies.html # This file was generated by libcurl! Edit at your own risk. -%if large-time -.host.foo.com TRUE /we/want/ FALSE 17517902187 test2 yes -#HttpOnly_.foo.com TRUE /we/want/ FALSE 17517902187 test yes -%else -.host.foo.com TRUE /we/want/ FALSE 2118138987 test2 yes -#HttpOnly_.foo.com TRUE /we/want/ FALSE 2118138987 test yes -%endif +.host.foo.com TRUE /we/want/ FALSE %days[400] test2 yes +#HttpOnly_.foo.com TRUE /we/want/ FALSE %days[400] test yes diff --git a/tests/getpart.pm b/tests/getpart.pm index afc1f06214..8f7204f9f9 100644 --- a/tests/getpart.pm +++ b/tests/getpart.pm @@ -308,15 +308,48 @@ sub striparray { sub compareparts { my ($firstref, $secondref)=@_; + # we cannot compare arrays index per index since with the base64 chunks, + # they may not be "evenly" distributed my $first = join("", @$firstref); my $second = join("", @$secondref); - # we cannot compare arrays index per index since with the base64 chunks, - # they may not be "evenly" distributed + if($first =~ /%alternatives\[/) { + die "bad use of compareparts\n"; + } - # NOTE: this no longer strips off carriage returns from the arrays. Is that - # really necessary? It ruins the testing of newlines. I believe it was once - # added to enable tests on Windows. + if($second =~ /%alternatives\[([^,]*),([^\]]*)\]/) { + # there can be many %alternatives in this chunk, so we call + # this function recursively + my $alt = $second; + $alt =~ s/%alternatives\[([^,]*),([^\]]*)\]/$1/; + + # check first alternative + { + my @f; + my @s; + push @f, $first; + push @s, $alt; + if(!compareparts(\@f, \@s)) { + return 0; + } + } + + $alt = $second; + $alt =~ s/%alternatives\[([^,]*),([^\]]*)\]/$2/; + # check second alternative + { + my @f; + my @s; + push @f, $first; + push @s, $alt; + if(!compareparts(\@f, \@s)) { + return 0; + } + } + + # neither matched + return 1; + } if($first ne $second) { return 1; diff --git a/tests/testutil.pm b/tests/testutil.pm index 71b1495bc3..113c90a2b0 100644 --- a/tests/testutil.pm +++ b/tests/testutil.pm @@ -136,6 +136,17 @@ sub subbase64 { $$thing =~ s/%%REPEAT%%/$all/; } + # days + while($$thing =~ s/%days\[(.*?)\]/%%DAYS%%/i) { + # convert to now + given days in epoch seconds, align to a 60 second + # boundary. Then provide two alternatives. + my $now = time(); + my $d = ($1 * 24 * 3600) + $now + 30; + $d = int($d/60) * 60; + my $d2 = $d + 60; + $$thing =~ s/%%DAYS%%/%alternatives[$d,$d2]/; + } + # include a file $$thing =~ s/%include ([^%]*)%[\n\r]+/includefile($1)/ge; }