diff --git a/lib/cookie.c b/lib/cookie.c index c56a7c2ee4..48a200dc6d 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -97,6 +97,26 @@ Example set of cookies: static void strstore(char **str, const char *newstr, size_t len); +/* number of seconds in 400 days */ +#define COOKIES_MAXAGE (400*24*3600) + +/* Make sure cookies never expire further away in time than 400 days into the + future. (from RFC6265bis draft-19) + + For the sake of easier testing, align the capped time to an even 60 second + boundary. +*/ +static void cap_expires(time_t now, struct Cookie *co) +{ + if((TIME_T_MAX - COOKIES_MAXAGE - 30) > now) { + timediff_t cap = now + COOKIES_MAXAGE; + if(co->expires > cap) { + cap += 30; + co->expires = (cap/60)*60; + } + } +} + static void freecookie(struct Cookie *co) { free(co->domain); @@ -714,6 +734,7 @@ parse_cookie_header(struct Curl_easy *data, co->expires += now; break; } + cap_expires(now, co); } else if((nlen == 7) && strncasecompare("expires", namep, 7)) { if(!co->expires && (vlen < MAX_DATE_LENGTH)) { @@ -737,6 +758,7 @@ parse_cookie_header(struct Curl_easy *data, co->expires = 1; else if(co->expires < 0) co->expires = 0; + cap_expires(now, co); } } diff --git a/tests/FILEFORMAT.md b/tests/FILEFORMAT.md index f336f772eb..f2b0507f69 100644 --- a/tests/FILEFORMAT.md +++ b/tests/FILEFORMAT.md @@ -74,6 +74,13 @@ For example, to insert the word hello 100 times: %repeat[100 x hello]% +## Insert capped epoch days + +Mostly to test capped cookie expire dates: `%days[NUM]` inserts the number of +seconds for the given number of days into the future, aligned to the nearest +minute. That is the same calculation the cookie engine uses to cap expiration +dates. + ## Include file This instruction allows a test case to include another file. It is helpful to diff --git a/tests/data/test1415 b/tests/data/test1415 index ae07d76f42..1e7090092f 100644 --- a/tests/data/test1415 +++ b/tests/data/test1415 @@ -78,15 +78,9 @@ Proxy-Connection: Keep-Alive # https://curl.se/docs/http-cookies.html # This file was generated by libcurl! Edit at your own risk. -%if large-time -.example.com TRUE / FALSE 17545593600 test7value test7 -.example.com TRUE / FALSE 17545593600 test4value test4 -.example.com TRUE / FALSE 17545593600 test2value test2 -%else -.example.com TRUE / FALSE 2145830400 test7value test7 -.example.com TRUE / FALSE 2145830400 test4value test4 -.example.com TRUE / FALSE 2145830400 test2value test2 -%endif +.example.com TRUE / FALSE %days[400] test7value test7 +.example.com TRUE / FALSE %days[400] test4value test4 +.example.com TRUE / FALSE %days[400] test2value test2 .example.com TRUE / FALSE 0 test1value test1 diff --git a/tests/data/test31 b/tests/data/test31 index 4517054861..7412b4bde8 100644 --- a/tests/data/test31 +++ b/tests/data/test31 @@ -115,11 +115,7 @@ test31.curl FALSE /we/want/ FALSE 0 withspaces2 before equals test31.curl FALSE /we/want/ FALSE 0 withspaces yes within and around .test31.curl TRUE /we/want/ FALSE 0 blexp yesyes #HttpOnly_test31.curl FALSE /silly/ FALSE 0 magic yessir -%if large-time -test31.curl FALSE /we/want/ FALSE 17517902187 nodomain value -%else -test31.curl FALSE /we/want/ FALSE 2118138987 nodomain value -%endif +test31.curl FALSE /we/want/ FALSE %days[400] nodomain value .test31.curl TRUE / FALSE 0 partmatch present #HttpOnly_.test31.curl TRUE /p4/ FALSE 0 httponly myvalue1 #HttpOnly_.test31.curl TRUE /p4/ FALSE 0 httpo4 value4 diff --git a/tests/data/test46 b/tests/data/test46 index 042af7e6e6..0a0e84914f 100644 --- a/tests/data/test46 +++ b/tests/data/test46 @@ -91,15 +91,14 @@ domain..tld FALSE /want/ FALSE 0 simplyhuge zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz domain..tld FALSE / FALSE 0 justaname domain..tld FALSE / FALSE 0 ASPSESSIONIDQGGQQSJJ GKNBDIFAAOFDPDAIEAKDIBKE domain..tld FALSE / FALSE 0 ckySession temporary +domain..tld FALSE / FALSE %days[400] ckyPersistent permanent %if large-time -domain..tld FALSE / FALSE 17517902187 ckyPersistent permanent domain..tld FALSE /want FALSE 0 empty #HttpOnly_domain..tld FALSE /want FALSE 22139150993 mooo2 indeed2 domain..tld FALSE / FALSE 22139150993 mooo indeed www.loser.com FALSE / FALSE 22139150993 UID 99 www.fake.come FALSE / FALSE 22147483647 cookiecliente si %else -domain..tld FALSE / FALSE 2118138987 ckyPersistent permanent domain..tld FALSE /want FALSE 0 empty #HttpOnly_domain..tld FALSE /want FALSE 2139150993 mooo2 indeed2 domain..tld FALSE / FALSE 2139150993 mooo indeed diff --git a/tests/data/test483 b/tests/data/test483 index 13fa4f157f..5d86f467d0 100644 --- a/tests/data/test483 +++ b/tests/data/test483 @@ -58,9 +58,9 @@ Accept: */* # This file was generated by libcurl! Edit at your own risk. 127.0.0.1 FALSE / FALSE 0 name4 value -127.0.0.1 FALSE / FALSE 5115959787 name3 value +127.0.0.1 FALSE / FALSE %days[400] name3 value 127.0.0.1 FALSE / FALSE 0 name2 value -127.0.0.1 FALSE / FALSE 5115959787 name value +127.0.0.1 FALSE / FALSE %days[400] name value diff --git a/tests/data/test506 b/tests/data/test506 index 30d4c62154..02165275b6 100644 --- a/tests/data/test506 +++ b/tests/data/test506 @@ -210,14 +210,14 @@ lock: cookie [Pigs in space]: 90 unlock: cookie [Pigs in space]: 91 loaded cookies: ----------------- - www.host.foo.com FALSE / FALSE 1993463787 test6 six_more - .www.host.foo.com TRUE / FALSE 1993463787 test6 six - .host.foo.com TRUE / FALSE 1896263787 test5 five - .host.foo.com TRUE / FALSE 2061978987 test4 overwritten4 - .foo.com TRUE / FALSE 1896263787 test3 three - .host.foo.com TRUE / FALSE 1896263787 test2 two - .foo.com TRUE / FALSE 1993463787 test1 overwritten1 - .host.foo.com TRUE / FALSE 1896263787 injected yes + www.host.foo.com FALSE / FALSE %days[400] test6 six_more + .www.host.foo.com TRUE / FALSE %days[400] test6 six + .host.foo.com TRUE / FALSE %days[400] test5 five + .host.foo.com TRUE / FALSE %days[400] test4 overwritten4 + .foo.com TRUE / FALSE %days[400] test3 three + .host.foo.com TRUE / FALSE %days[400] test2 two + .foo.com TRUE / FALSE %days[400] test1 overwritten1 + .host.foo.com TRUE / FALSE %days[400] injected yes ----------------- try SHARE_CLEANUP... lock: share [Pigs in space]: 92 @@ -238,14 +238,14 @@ GLOBAL_CLEANUP # https://curl.se/docs/http-cookies.html # This file was generated by libcurl! Edit at your own risk. -www.host.foo.com FALSE / FALSE 1993463787 test6 six_more -.www.host.foo.com TRUE / FALSE 1993463787 test6 six -.host.foo.com TRUE / FALSE 1896263787 test5 five -.host.foo.com TRUE / FALSE 2061978987 test4 overwritten4 -.foo.com TRUE / FALSE 1896263787 test3 three -.host.foo.com TRUE / FALSE 1896263787 test2 two -.foo.com TRUE / FALSE 1993463787 test1 overwritten1 -.host.foo.com TRUE / FALSE 1896263787 injected yes +www.host.foo.com FALSE / FALSE %days[400] test6 six_more +.www.host.foo.com TRUE / FALSE %days[400] test6 six +.host.foo.com TRUE / FALSE %days[400] test5 five +.host.foo.com TRUE / FALSE %days[400] test4 overwritten4 +.foo.com TRUE / FALSE %days[400] test3 three +.host.foo.com TRUE / FALSE %days[400] test2 two +.foo.com TRUE / FALSE %days[400] test1 overwritten1 +.host.foo.com TRUE / FALSE %days[400] injected yes diff --git a/tests/data/test61 b/tests/data/test61 index 43a8598bab..2cb5963ff4 100644 --- a/tests/data/test61 +++ b/tests/data/test61 @@ -71,13 +71,8 @@ Accept: */* # https://curl.se/docs/http-cookies.html # This file was generated by libcurl! Edit at your own risk. -%if large-time -.host.foo.com TRUE /we/want/ FALSE 17517902187 test2 yes -#HttpOnly_.foo.com TRUE /we/want/ FALSE 17517902187 test yes -%else -.host.foo.com TRUE /we/want/ FALSE 2118138987 test2 yes -#HttpOnly_.foo.com TRUE /we/want/ FALSE 2118138987 test yes -%endif +.host.foo.com TRUE /we/want/ FALSE %days[400] test2 yes +#HttpOnly_.foo.com TRUE /we/want/ FALSE %days[400] test yes diff --git a/tests/getpart.pm b/tests/getpart.pm index afc1f06214..8f7204f9f9 100644 --- a/tests/getpart.pm +++ b/tests/getpart.pm @@ -308,15 +308,48 @@ sub striparray { sub compareparts { my ($firstref, $secondref)=@_; + # we cannot compare arrays index per index since with the base64 chunks, + # they may not be "evenly" distributed my $first = join("", @$firstref); my $second = join("", @$secondref); - # we cannot compare arrays index per index since with the base64 chunks, - # they may not be "evenly" distributed + if($first =~ /%alternatives\[/) { + die "bad use of compareparts\n"; + } - # NOTE: this no longer strips off carriage returns from the arrays. Is that - # really necessary? It ruins the testing of newlines. I believe it was once - # added to enable tests on Windows. + if($second =~ /%alternatives\[([^,]*),([^\]]*)\]/) { + # there can be many %alternatives in this chunk, so we call + # this function recursively + my $alt = $second; + $alt =~ s/%alternatives\[([^,]*),([^\]]*)\]/$1/; + + # check first alternative + { + my @f; + my @s; + push @f, $first; + push @s, $alt; + if(!compareparts(\@f, \@s)) { + return 0; + } + } + + $alt = $second; + $alt =~ s/%alternatives\[([^,]*),([^\]]*)\]/$2/; + # check second alternative + { + my @f; + my @s; + push @f, $first; + push @s, $alt; + if(!compareparts(\@f, \@s)) { + return 0; + } + } + + # neither matched + return 1; + } if($first ne $second) { return 1; diff --git a/tests/testutil.pm b/tests/testutil.pm index 71b1495bc3..113c90a2b0 100644 --- a/tests/testutil.pm +++ b/tests/testutil.pm @@ -136,6 +136,17 @@ sub subbase64 { $$thing =~ s/%%REPEAT%%/$all/; } + # days + while($$thing =~ s/%days\[(.*?)\]/%%DAYS%%/i) { + # convert to now + given days in epoch seconds, align to a 60 second + # boundary. Then provide two alternatives. + my $now = time(); + my $d = ($1 * 24 * 3600) + $now + 30; + $d = int($d/60) * 60; + my $d2 = $d + 60; + $$thing =~ s/%%DAYS%%/%alternatives[$d,$d2]/; + } + # include a file $$thing =~ s/%include ([^%]*)%[\n\r]+/includefile($1)/ge; }