cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: [PATCH] fix cookie max-age field integer overflow bug in libcurl

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Wed, 15 Jan 2014 11:45:47 +0100 (CET)

On Tue, 14 Jan 2014, chen prog wrote:

> when http server return as
> Set-Cookie: ID=D31939F01C9A5F71918AB1573B9CE3FA:FG=1; expires=Thu,
> 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.abc.com
>
> must make sure max-age after expires and max-age=0x7FFFFFFF
>
> in libcurl cookie_add will make a overflow max-age, result in cookie invalid

Thanks, but I couldn't help a nagging feeling we can do even better and I
wanted to hear what you and others have to say...

1 - your patch makes the line too long

2 - shouldn't we handle max-age larger than 31 bits? Firefox does...

3 - should we care about old systems without 64 bit types to not overflow?

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Received on 2014-01-15

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: [PATCH] fix cookie max-age field integer overflow bug in libcurl"
Previous message: Putinei .Ionut: "libcurl and openssl1.0.1e"
In reply to: chen prog: "[PATCH] fix cookie max-age field integer overflow bug in libcurl"
Next in thread: Daniel Stenberg: "Re: [PATCH] fix cookie max-age field integer overflow bug in libcurl"
Reply: Daniel Stenberg: "Re: [PATCH] fix cookie max-age field integer overflow bug in libcurl"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]