On Thu, 16 Jan 2014, chen prog wrote:
as i known, there are two problem at this place.
Even three. 1) the overflow 2) the 31 bit limit and 3) the max-age not being preferred over expires.
There's also a potential 4) we don't have any tests for max-age at all. I need to think of a way to add such. max-age being converted to "now + value" makes the number new in every invoke though so we need to introduce some new fun number magic...
My suggested take to address the three problems, and still working for systems without 64bit curl_off_t, is like this:
---- snip ------------------
From ac6ebc772bea800f39ee25ec6a96ef4cebed658e Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <[email protected]> Date: Thu, 16 Jan 2014 08:51:30 +0100 Subject: [PATCH] cookie: max-age fixes 1 - allow >31 bit max-age values 2 - don't overflow on extremely large max-age values when we add the value to the current time 3 - make sure max-age takes precedence over expires as dictated by RFC6265 Bug: http://curl.haxx.se/mail/lib-2014-01/0130.html Reported-by: Chen Prog --- lib/cookie.c | 38 ++++++++++++++++++++++++-------------- 1 file changed, 24 insertions(+), 14 deletions(-) diff --git a/lib/cookie.c b/lib/cookie.c index 9961c67..0590643 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -489,9 +489,6 @@ Curl_cookie_add(struct SessionHandle *data, badcookie = TRUE; break; } - co->expires = - strtol((*co->maxage=='\"')?&co->maxage[1]:&co->maxage[0],NULL,10) - + (long)now; } else if(Curl_raw_equal("expires", name)) { strstore(&co->expirestr, whatptr); @@ -499,17 +496,6 @@ Curl_cookie_add(struct SessionHandle *data, badcookie = TRUE; break; } - /* Note that if the date couldn't get parsed for whatever reason, - the cookie will be treated as a session cookie */ - co->expires = curl_getdate(what, NULL); - - /* Session cookies have expires set to 0 so if we get that back - from the date parser let's add a second to make it a - non-session cookie */ - if(co->expires == 0) - co->expires = 1; - else if(co->expires < 0) - co->expires = 0; } else if(!co->name) { co->name = strdup(name); @@ -544,6 +530,30 @@ Curl_cookie_add(struct SessionHandle *data, semiptr=strchr(ptr, '\0'); } while(semiptr); + if(co->maxage) { + co->expires = + curlx_strtoofft((*co->maxage=='\"')? + &co->maxage[1]:&co->maxage[0], NULL, 10); + if(CURL_OFF_T_MAX - now < co->expires) + /* avoid overflow */ + co->expires = CURL_OFF_T_MAX; + else + co->expires += now; + } + else if(co->expirestr) { + /* Note that if the date couldn't get parsed for whatever reason, + the cookie will be treated as a session cookie */ + co->expires = curl_getdate(co->expirestr, NULL); + + /* Session cookies have expires set to 0 so if we get that back + from the date parser let's add a second to make it a + non-session cookie */ + if(co->expires == 0) + co->expires = 1; + else if(co->expires < 0) + co->expires = 0; + } + if(!badcookie && !co->domain) { if(domain) { /* no domain was given in the header line, set the default */ -- 1.8.5.2 -- / daniel.haxx.se ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
