[curl/f19] Resolves: #1118917 - handle cookies with numerical IPv6 address

Kamil Dudka kdudka at fedoraproject.org
Mon Jul 14 13:14:33 UTC 2014 

commit b2b2c57e7da78bb9076304a138453db914b992a7
Author: Kamil Dudka <kdudka at redhat.com>
Date:   Mon Jul 14 15:04:52 2014 +0200

    Resolves: #1118917 - handle cookies with numerical IPv6 address

 0023-curl-7.29.0-85b9dc80.patch |  145 +++++++++++++++++++++++++++++++++++++++
 curl.spec                       |    9 ++-
 2 files changed, 153 insertions(+), 1 deletions(-)
---
diff --git a/0023-curl-7.29.0-85b9dc80.patch b/0023-curl-7.29.0-85b9dc80.patch
new file mode 100644
index 0000000..b5f39f1
--- /dev/null
+++ b/0023-curl-7.29.0-85b9dc80.patch
@@ -0,0 +1,145 @@
+From 65b07615f776ab24ed1a4f112e036b6ccb797c49 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel at haxx.se>
+Date: Tue, 21 May 2013 23:28:59 +0200
+Subject: [PATCH] Curl_cookie_add: handle IPv6 hosts
+
+1 - don't skip host names with a colon in them in an attempt to bail out
+on HTTP headers in the cookie file parser. It was only a shortcut anyway
+and trying to parse a file with HTTP headers will still be handled, only
+slightly slower.
+
+2 - don't skip domain names based on number of dots. The original
+netscape cookie spec had this oddity mentioned and while our code
+decreased the check to only check for two, the existing cookie spec has
+no such dot counting required.
+
+Bug: http://curl.haxx.se/bug/view.cgi?id=1221
+Reported-by: Stefan Neis
+Upstream-commit: 85b9dc80232d1d7d48ee4dea6db5a2263ee68efd
+Signed-off-by: Kamil Dudka <kdudka at redhat.com>
+---
+ lib/cookie.c | 89 ++++++++++++++++--------------------------------------------
+ 1 file changed, 24 insertions(+), 65 deletions(-)
+
+diff --git a/lib/cookie.c b/lib/cookie.c
+index d4fd78a..ac4d89c 100644
+--- a/lib/cookie.c
++++ b/lib/cookie.c
+@@ -184,6 +184,9 @@ static void strstore(char **str, const char *newstr)
+  *
+  * Add a single cookie line to the cookie keeping object.
+  *
++ * Be aware that sometimes we get an IP-only host name, and that might also be
++ * a numerical IPv6 address.
++ *
+  ***************************************************************************/
+ 
+ struct Cookie *
+@@ -290,70 +293,32 @@ Curl_cookie_add(struct SessionHandle *data,
+           }
+         }
+         else if(Curl_raw_equal("domain", name)) {
+-          /* note that this name may or may not have a preceding dot, but
+-             we don't care about that, we treat the names the same anyway */
+-
+-          const char *domptr=whatptr;
+-          const char *nextptr;
+-          int dotcount=1;
+-
+-          /* Count the dots, we need to make sure that there are enough
+-             of them. */
++          /* Now, we make sure that our host is within the given domain,
++             or the given domain is not valid and thus cannot be set. */
+ 
+           if('.' == whatptr[0])
+-            /* don't count the initial dot, assume it */
+-            domptr++;
+-
+-          do {
+-            nextptr = strchr(domptr, '.');
+-            if(nextptr) {
+-              if(domptr != nextptr)
+-                dotcount++;
+-              domptr = nextptr+1;
++            whatptr++; /* ignore preceding dot */
++
++          if(!domain || tailmatch(whatptr, domain)) {
++            const char *tailptr=whatptr;
++            if(tailptr[0] == '.')
++              tailptr++;
++            strstore(&co->domain, tailptr); /* don't prefix w/dots
++                                               internally */
++            if(!co->domain) {
++              badcookie = TRUE;
++              break;
+             }
+-          } while(nextptr);
+-
+-          /* The original Netscape cookie spec defined that this domain name
+-             MUST have three dots (or two if one of the seven holy TLDs),
+-             but it seems that these kinds of cookies are in use "out there"
+-             so we cannot be that strict. I've therefore lowered the check
+-             to not allow less than two dots. */
+-
+-          if(dotcount < 2) {
+-            /* Received and skipped a cookie with a domain using too few
+-               dots. */
+-            badcookie=TRUE; /* mark this as a bad cookie */
+-            infof(data, "skipped cookie with illegal dotcount domain: %s\n",
+-                  whatptr);
++            co->tailmatch=TRUE; /* we always do that if the domain name was
++                                   given */
+           }
+           else {
+-            /* Now, we make sure that our host is within the given domain,
+-               or the given domain is not valid and thus cannot be set. */
+-
+-            if('.' == whatptr[0])
+-              whatptr++; /* ignore preceding dot */
+-
+-            if(!domain || tailmatch(whatptr, domain)) {
+-              const char *tailptr=whatptr;
+-              if(tailptr[0] == '.')
+-                tailptr++;
+-              strstore(&co->domain, tailptr); /* don't prefix w/dots
+-                                                 internally */
+-              if(!co->domain) {
+-                badcookie = TRUE;
+-                break;
+-              }
+-              co->tailmatch=TRUE; /* we always do that if the domain name was
+-                                     given */
+-            }
+-            else {
+-              /* we did not get a tailmatch and then the attempted set domain
+-                 is not a domain to which the current host belongs. Mark as
+-                 bad. */
+-              badcookie=TRUE;
+-              infof(data, "skipped cookie with bad tailmatch domain: %s\n",
+-                    whatptr);
+-            }
++            /* we did not get a tailmatch and then the attempted set domain
++               is not a domain to which the current host belongs. Mark as
++               bad. */
++            badcookie=TRUE;
++            infof(data, "skipped cookie with bad tailmatch domain: %s\n",
++                  whatptr);
+           }
+         }
+         else if(Curl_raw_equal("version", name)) {
+@@ -512,12 +477,6 @@ Curl_cookie_add(struct SessionHandle *data,
+ 
+     firstptr=strtok_r(lineptr, "\t", &tok_buf); /* tokenize it on the TAB */
+ 
+-    /* Here's a quick check to eliminate normal HTTP-headers from this */
+-    if(!firstptr || strchr(firstptr, ':')) {
+-      free(co);
+-      return NULL;
+-    }
+-
+     /* Now loop through the fields and init the struct we already have
+        allocated */
+     for(ptr=firstptr, fields=0; ptr && !badcookie;
+-- 
+1.9.3
+
diff --git a/curl.spec b/curl.spec
index 9be1629..c32f418 100644
--- a/curl.spec
+++ b/curl.spec
@@ -1,7 +1,7 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
 Version: 7.29.0
-Release: 20%{?dist}
+Release: 21%{?dist}
 License: MIT
 Group: Applications/Internet
 Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
@@ -70,6 +70,9 @@ Patch21: 0021-curl-7.29.0-ec5fde24.patch
 # acknowledge the --no-sessionid/CURLOPT_SSL_SESSIONID_CACHE option (#1098711)
 Patch22: 0022-curl-7.29.0-f63603de.patch
 
+# handle cookies with numerical IPv6 address (#1118917)
+Patch23: 0023-curl-7.29.0-85b9dc80.patch
+
 # patch making libcurl multilib ready
 Patch101: 0101-curl-7.29.0-multilib.patch
 
@@ -199,6 +202,7 @@ documentation of the library, too.
 %patch20 -p1
 %patch21 -p1
 %patch22 -p1
+%patch23 -p1
 
 # Fedora patches
 %patch101 -p1
@@ -319,6 +323,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_datadir}/aclocal/libcurl.m4
 
 %changelog
+* Mon Jul 14 2014 Kamil Dudka <kdudka at redhat.com> 7.29.0-21
+- handle cookies with numerical IPv6 address (#1118917)
+
 * Mon Jun 02 2014 Kamil Dudka <kdudka at redhat.com> 7.29.0-20
 - acknowledge the --no-sessionid/CURLOPT_SSL_SESSIONID_CACHE option (#1098711)

More information about the scm-commits mailing list