Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CURLOPT_COOKIELIST regression? #11875

Closed
wangp opened this issue Sep 18, 2023 · 1 comment
Closed

CURLOPT_COOKIELIST regression? #11875

wangp opened this issue Sep 18, 2023 · 1 comment
Assignees
@bagder
Labels
cookies regression

Comments

@wangp
Copy link
Contributor

wangp commented Sep 18, 2023

I did this

I think there may be a regression due to commit b1b326e.

When Curl_cookie_init is called with data set to NULL, this assignment is no longer performed:

c->running = TRUE;          /* now, we're running */

If we try to add a cookie without an expiry using CURLOPT_COOKIELIST, it will be ignored in Curl_cookie_add as though it was a session cookie read from a file, due to this code:

  if(!c->running &&    /* read from a file */                                                              
     c->newsession &&  /* clean session cookies */                                                         
     !co->expires) {   /* this is a session cookie since it doesn't expire! */                             
    freecookie(co);
    return NULL;
  }

where c->running is FALSE.

I expected the following

Prior to commit b1b326e, the following program would send the cookie set with CURLOPT_COOKIELIST in the HTTP request, but not after that commit.

#include <stdio.h>
#include <curl/curl.h>

int main(void)
{
    curl_global_init(CURL_GLOBAL_ALL);

    // Create a share object to share cookies
    CURLSH *share = curl_share_init();
    curl_share_setopt(share, CURLSHOPT_SHARE, CURL_LOCK_DATA_COOKIE);

    // Create the easy handle
    CURL *curl = curl_easy_init();
    curl_easy_setopt(curl, CURLOPT_SHARE, share);

    // Set options
    curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
    curl_easy_setopt(curl, CURLOPT_URL, "http://localhost:8001/echo.cgi");

    // Activate cookie engine
    curl_easy_setopt(curl, CURLOPT_COOKIEFILE, "");

    // Set a cookie without Max-age or Expires
    curl_easy_setopt(curl, CURLOPT_COOKIELIST, "Set-Cookie: c1=v1; domain=localhost");

    // Perform the HTTP request
    CURLcode res;
    res = curl_easy_perform(curl);
    if (res != CURLE_OK) {
        fprintf(stderr, "curl_easy_perform() failed: %s\n", curl_easy_strerror(res));
    }

    // Cleanup
    curl_easy_cleanup(curl);
    curl_share_cleanup(share);
    curl_global_cleanup();

    return 0;
}

curl/libcurl version

curl 8.3.0-DEV (x86_64-pc-linux-gnu) libcurl/8.3.0-DEV OpenSSL/3.1.2 zlib/1.2.13 brotli/1.0.9 zstd/1.5.2 nghttp2/1.51.0 OpenLDAP/2.4.58
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli HSTS HTTP2 HTTPS-proxy IPv6 Largefile libz NTLM NTLM_WB SSL threadsafe TLS-SRP UnixSockets zstd

operating system

Linux ugla.localdomain 6.1.31_1 #1 SMP PREEMPT_DYNAMIC Wed May 31 05:53:37 UTC 2023 x86_64 GNU/Linux
@bagder bagder added the cookies label Sep 18, 2023
@bagder bagder self-assigned this Sep 18, 2023
@bagder
Copy link
Member

bagder commented Sep 18, 2023

I have created a test case based on this code that works with 8.0.1 but fails on current master.

bagder added a commit that referenced this issue Sep 18, 2023
@bagder
cookie: set ->running in cookie_init even if data is NULL
c3eb9c3 
This is a regression introduced in b1b326e (shipped in curl 8.1.0)

Test 3103 verifies.

Fixes #11875
Reported-by: wangp on github
@bagder bagder mentioned this issue Sep 18, 2023
Closed
bagder added a commit that referenced this issue Sep 18, 2023
@bagder
cookie: set ->running in cookie_init even if data is NULL
12f71da 
This is a regression introduced in b1b326e (shipped in curl 8.1.0)

Test 3103 verifies.

Fixes #11875
Reported-by: wangp on github
@bagder bagder closed this as completed in 73c82ed Sep 19, 2023
ptitSeb pushed a commit to wasix-org/curl that referenced this issue Sep 25, 2023
@bagder @ptitSeb
cookie: set ->running in cookie_init even if data is NULL
5770011 
This is a regression introduced in b1b326e (shipped in curl 8.1.0)

Test 3103 verifies.

Fixes curl#11875
Reported-by: wangp on github
Closes curl#11876
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bagder bagder

Labels
cookies regression
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix COOKIELIST regression curl/curl
2 participants
@bagder @wangp