luo980/curl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2ec00372a1
curl/tests/libtest/lib3104.c
Jay Satiro 39e21794a7 cookie: fix crash in netscape cookie parsing 
- Parse the input string without modifying it.

Prior to this change a segfault could occur if the input string was
const because the tokenizer modified the input string. For example if
the user set CURLOPT_COOKIELIST to a const string then libcurl would
likely cause a crash when modifying that string. Even if the string was
not const or a crash did not occur there was still the incorrect and
unexpected modification of the user's input string.

This issue was caused by 30da1f59 (precedes 8.11.0) which refactored
some options parsing and eliminated the copy of the input string. Also,
an earlier commit f88cc654 incorrectly cast the input pointer when
passing it to strtok.

Co-authored-by: Daniel Stenberg

Closes https://github.com/curl/curl/pull/15826
2024-12-27 13:16:08 -05:00

67 lines
1.9 KiB
C
Raw Blame History

/***************************************************************************
* _ _ ____ _
* Project ___| | | | _ \| |
* / __| | | | |_) | |
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
* are also available at https://curl.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
* furnished to do so, under the terms of the COPYING file.
*
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
* KIND, either express or implied.
*
* SPDX-License-Identifier: curl
*
***************************************************************************/
#include "test.h"
#include "memdebug.h"
CURLcode test(char *URL)
{
CURLcode res = CURLE_OK;
CURLSH *share;
CURL *curl;
curl_global_init(CURL_GLOBAL_ALL);
share = curl_share_init();
curl_share_setopt(share, CURLSHOPT_SHARE, CURL_LOCK_DATA_COOKIE);
curl = curl_easy_init();
test_setopt(curl, CURLOPT_SHARE, share);
test_setopt(curl, CURLOPT_VERBOSE, 1L);
test_setopt(curl, CURLOPT_HEADER, 1L);
test_setopt(curl, CURLOPT_PROXY, URL);
test_setopt(curl, CURLOPT_URL, "http://example.com/");
test_setopt(curl, CURLOPT_COOKIEFILE, "");
test_setopt(curl, CURLOPT_COOKIELIST,
"example.com\tFALSE\t/\tFALSE\t0\tname\tvalue");
res = curl_easy_perform(curl);
if(res) {
fprintf(stderr, "curl_easy_perform() failed: %s\n",
curl_easy_strerror(res));
}
test_cleanup:
/* always cleanup */
curl_easy_cleanup(curl);
curl_share_cleanup(share);
curl_global_cleanup();
return res;
}
Reference in New Issue View Git Blame Copy Permalink