From 14061f784c47069d20d17dd9d6c6cf4613efeca5 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 7 Nov 2022 17:10:56 +0100 Subject: [PATCH] cookie: compare cookie prefixes case insensitively Adapted to language in rfc6265bis draft-11. Closes #9863 Reviewed-by: Daniel Gustafsson --- lib/cookie.c | 4 ++-- tests/data/test1561 | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/cookie.c b/lib/cookie.c index a3c699d487..f3f3e4cf7a 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -605,9 +605,9 @@ Curl_cookie_add(struct Curl_easy *data, * only test for names where that can possibly be true. */ if(nlen > 3 && name[0] == '_' && name[1] == '_') { - if(!strncmp("__Secure-", name, 9)) + if(strncasecompare("__Secure-", name, 9)) co->prefix |= COOKIE_PREFIX__SECURE; - else if(!strncmp("__Host-", name, 7)) + else if(strncasecompare("__Host-", name, 7)) co->prefix |= COOKIE_PREFIX__HOST; } diff --git a/tests/data/test1561 b/tests/data/test1561 index 882b257805..908b31c296 100644 --- a/tests/data/test1561 +++ b/tests/data/test1561 @@ -19,7 +19,7 @@ Server: test-server/fake Set-Cookie: super=secret; domain=example.com; path=/%TESTNUMBER; secure; Set-Cookie: supersuper=secret; domain=example.com; path=/%TESTNUMBER/login/; secure; Set-Cookie: __Secure-SID=12345; Domain=example.com -Set-Cookie: __Secure-SID=12346; Secure; Domain=example.com +Set-Cookie: __SecURE-SID=12346; Secure; Domain=example.com Set-Cookie: supersupersuper=secret; __Secure-SID=12346; Secure; Domain=example.com Set-Cookie: __Host-SID=22345 Set-Cookie: __Host-SID=22346; Secure @@ -43,7 +43,7 @@ Set-Cookie: supersuper=plain; domain=example.com; path=/%TESTNUMBER/login/en; Set-Cookie: supersuper=plain; domain=example.com; path=/%TESTNUMBER/login; Set-Cookie: secureoverhttp=yes; domain=example.com; path=/%TESTNUMBER; secure; Set-Cookie: __Secure-SID=22345; Domain=example.com -Set-Cookie: __Secure-SID=22346; Secure; Domain=example.com +Set-Cookie: __SecuRE-SID=22346; Secure; Domain=example.com Set-Cookie: __Host-SID=32345 Set-Cookie: __Host-SID=32346; Secure Set-Cookie: __Host-SID=32347; Domain=example.com @@ -97,7 +97,7 @@ Accept: */* #HttpOnly_.example.com TRUE /15 FALSE 0 super plain www.example.com FALSE / TRUE 0 __Host-SID 12346 .example.com TRUE / TRUE 0 supersupersuper secret -.example.com TRUE / TRUE 0 __Secure-SID 12346 +.example.com TRUE / TRUE 0 __SecURE-SID 12346 .example.com TRUE /%TESTNUMBER/login/ TRUE 0 supersuper secret .example.com TRUE /1561 TRUE 0 super secret -- 2.47.3