From cc3d517e8cfac502c34202980c227852c8f93fbf Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 17 Nov 2022 08:26:17 +0100
Subject: [PATCH] cookie: expire cookies at once when max-age is negative

Update test 329 to verify

Reported-by: godmar on github
Fixes #9930
Closes #9932
---
 lib/cookie.c       | 11 +++++++++--
 tests/data/test329 |  1 +
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/lib/cookie.c b/lib/cookie.c
index 4d81344ba7..1cc923f8fb 100644
--- a/lib/cookie.c
+++ b/lib/cookie.c
@@ -779,10 +779,16 @@ Curl_cookie_add(struct Curl_easy *data,
       offt = curlx_strtoofft((*co->maxage == '\"')?
                              &co->maxage[1]:&co->maxage[0], NULL, 10,
                              &co->expires);
-      if(offt == CURL_OFFT_FLOW)
+      switch(offt) {
+      case CURL_OFFT_FLOW:
         /* overflow, used max value */
         co->expires = CURL_OFF_T_MAX;
-      else if(!offt) {
+        break;
+      case CURL_OFFT_INVAL:
+        /* negative or otherwise bad, expire */
+        co->expires = 1;
+        break;
+      case CURL_OFFT_OK:
         if(!co->expires)
           /* already expired */
           co->expires = 1;
@@ -791,6 +797,7 @@ Curl_cookie_add(struct Curl_easy *data,
           co->expires = CURL_OFF_T_MAX;
         else
           co->expires += now;
+        break;
       }
     }
     else if(co->expirestr) {
diff --git a/tests/data/test329 b/tests/data/test329
index d25f968905..86f7a82751 100644
--- a/tests/data/test329
+++ b/tests/data/test329
@@ -14,6 +14,7 @@ Date: Tue, 09 Nov 2010 14:49:00 GMT
 Server: test-server/fake
 Content-Type: text/html
 Funny-head: yesyes
+Set-Cookie: testn1=yes; path=/we/want/; domain=.host.foo.com; Max-Age=-1;
 Set-Cookie: test=yes; path=/we/want/; domain=.host.foo.com; Max-Age=0;
 Content-Length: 4