From: Daniel Stenberg Date: Thu, 13 Mar 2025 07:22:11 +0000 (+0100) Subject: cookie: accept "high byte" cookie content X-Git-Tag: curl-8_13_0~154 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=5a26b901d47f81915381b5ea188d87f173415a58;p=thirdparty%2Fcurl.git cookie: accept "high byte" cookie content Regression from 597ee915c4c6da132dbd1735345 (not shipped in a release) Reported-by: Carlos Henrique Lima Melara Assisted-by: Scott Talbert Added such a cookie to test 31. Fixes #16692 Closes #16703 --- diff --git a/lib/cookie.c b/lib/cookie.c index 1cacd487b3..519b52a8d3 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -434,8 +434,9 @@ static bool bad_domain(const char *domain, size_t len) fine. The prime reason for filtering out control bytes is that some HTTP servers return 400 for requests that contain such. */ -static bool invalid_octets(const char *p) +static bool invalid_octets(const char *ptr) { + const unsigned char *p = (const unsigned char *)ptr; /* Reject all bytes \x01 - \x1f (*except* \x09, TAB) + \x7f */ while(*p) { if(((*p != 9) && (*p < 0x20)) || (*p == 0x7f)) diff --git a/tests/data/test31 b/tests/data/test31 index 7412b4bde8..bdc0a8d1d5 100644 --- a/tests/data/test31 +++ b/tests/data/test31 @@ -68,6 +68,7 @@ Set-Cookie: withspaces= yes within and around ; Set-Cookie: withspaces2 =before equals; Set-Cookie: prespace= yes before; Set-Cookie: securewithspace=after ; secure = +Set-Cookie: ³Ã\x92Ã\x9aÃ\x8dÃ\x97=%96%A6g%9Ay%B0%A5g%A7tm%7C%95%9A boo @@ -110,6 +111,7 @@ Accept: */* # https://curl.se/docs/http-cookies.html # This file was generated by libcurl! Edit at your own risk. +test31.curl FALSE /we/want/ FALSE 0 ³Ã\x92Ã\x9aÃ\x8dÃ\x97 %96%A6g%9Ay%B0%A5g%A7tm%7C%95%9A test31.curl FALSE /we/want/ FALSE 0 prespace yes before test31.curl FALSE /we/want/ FALSE 0 withspaces2 before equals test31.curl FALSE /we/want/ FALSE 0 withspaces yes within and around