mirror of
https://github.com/curl/curl.git
synced 2026-06-19 02:05:43 +03:00
cookie: reject control octets in file-loaded cookies
Verified by test 2311 Closes #22070
This commit is contained in:
alhudz
Daniel Stenberg
parent
9ccc80b192
commit
4a86af9940
3 changed files with 65 additions and 1 deletions
|
|
@ -786,6 +786,14 @@ static CURLcode parse_netscape(struct Cookie *co,
|
|||
/* we did not find the sufficient number of fields */
|
||||
return CURLE_OK;
|
||||
|
||||
/* Reject control octets in the name or value, matching the filtering done
|
||||
for cookies set over HTTP. A cookie loaded from a file is later sent in
|
||||
request headers, so the same bytes that make a server reject a request
|
||||
must not slip in through the file. */
|
||||
if(invalid_octets(co->name, strlen(co->name)) ||
|
||||
invalid_octets(co->value, strlen(co->value)))
|
||||
return CURLE_OK;
|
||||
|
||||
*okay = TRUE;
|
||||
return CURLE_OK;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -259,7 +259,7 @@ test2200 test2201 test2202 test2203 test2204 test2205 test2206 test2207 \
|
|||
test2208 \
|
||||
\
|
||||
test2300 test2301 test2302 test2303 test2304 test2306 test2307 test2308 \
|
||||
test2309 test2310 \
|
||||
test2309 test2310 test2311 \
|
||||
\
|
||||
test2400 test2401 test2402 test2403 test2404 test2405 test2406 test2407 \
|
||||
test2408 test2409 test2410 test2411 \
|
||||
|
|
|
|||
56
tests/data/test2311
Normal file
56
tests/data/test2311
Normal file
|
|
@ -0,0 +1,56 @@
|
|||
<?xml version="1.0" encoding="US-ASCII"?>
|
||||
<testcase>
|
||||
<info>
|
||||
<keywords>
|
||||
HTTP
|
||||
HTTP GET
|
||||
HTTP proxy
|
||||
cookies
|
||||
</keywords>
|
||||
</info>
|
||||
|
||||
# Server-side
|
||||
<reply>
|
||||
<data crlf="headers">
|
||||
HTTP/1.1 200 OK
|
||||
Server: test-server/fake
|
||||
Content-Length: 21
|
||||
|
||||
This server says moo
|
||||
</data>
|
||||
</reply>
|
||||
|
||||
# Client-side
|
||||
<client>
|
||||
<server>
|
||||
http
|
||||
</server>
|
||||
<name>
|
||||
Cookie from file with control octet in value is rejected
|
||||
</name>
|
||||
<command>
|
||||
http://example.fake/%TESTNUMBER -b %LOGDIR/injar%TESTNUMBER -x %HOSTIP:%HTTPPORT
|
||||
</command>
|
||||
<file name="%LOGDIR/injar%TESTNUMBER">
|
||||
example.fake FALSE / FALSE 0 clean good
|
||||
example.fake FALSE / FALSE 0 bad %hex[ba%07d]hex%
|
||||
</file>
|
||||
<features>
|
||||
cookies
|
||||
proxy
|
||||
</features>
|
||||
</client>
|
||||
|
||||
# Verify data after the test has been "shot"
|
||||
<verify>
|
||||
<protocol crlf="headers">
|
||||
GET http://example.fake/%TESTNUMBER HTTP/1.1
|
||||
Host: example.fake
|
||||
User-Agent: curl/%VERSION
|
||||
Accept: */*
|
||||
Proxy-Connection: Keep-Alive
|
||||
Cookie: clean=good
|
||||
|
||||
</protocol>
|
||||
</verify>
|
||||
</testcase>
|
||||
Loading…
Add table
Add a link
Reference in a new issue