git-market/curl-curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-11 12:01:42 +08:00
Code Issues Actions 14 Packages Projects Releases Wiki Activity
master
curl-curl/tests/data/test46
Viktor Szakats e76968e20d
curl_get_line: fix potential infinite loop when filename is a directory 
Fix potential inifinite loop reading file content with `Curl_get_line()`
when a filename passed via these options are pointing to a directory
entry (on non-Windows):

- `--alt-svc` / `CURLOPT_ALTSVC`
- `-b` / `--cookie` / `CURLOPT_COOKIEFILE`
- `--hsts` / `CURLOPT_HSTS`
- `--netrc-file` / `CURLOPT_NETRC_FILE`

Fix by checking for this condition and silently skipping such filename
without attempting to read content. Add test 1713 to verify.

Mention in cookie documentation as an accepted case, also show a verbose
message when a directory is detected. Extend test 46 to verify if such
failure lets the logic continue to the next cookie file.

Reported-and-based-on-patch-by: Richard Tollerton
Fixes #20823
Closes #20826 (originally-based-on)
Follow-up to 769ccb4d42 #19140

Closes #20873
2026-03-16 11:54:43 +01:00

112 lines
3.2 KiB
XML
Raw Permalink Blame History

<?xml version="1.0" encoding="US-ASCII"?>
<testcase>
<info>
<keywords>
HTTP
HTTP GET
cookies
cookiejar
--resolve
</keywords>
</info>
# Server-side
<reply>
<data crlf="headers">
HTTP/1.1 200 OK
Server: Microsoft-IIS/4.0
Date: Tue, 25 Sep 2001 19:37:44 GMT
Content-Type: text/html
%if large-time
Set-Cookie: ckyPersistent=permanent; expires=Fri, 13-Feb-2525 11:56:27 GMT; path=/
%else
Set-Cookie: ckyPersistent=permanent; expires=Fri, 13-Feb-2037 11:56:27 GMT; path=/
%endif
Set-Cookie: ckySession=temporary; path=/
Set-Cookie: ASPSESSIONIDQGGQQSJJ=GKNBDIFAAOFDPDAIEAKDIBKE; path=/
Set-Cookie: justaname=; path=/;
Set-Cookie: simplyhuge=%repeat[3998 x z]%
Cache-control: private
Content-Length: 41
This server reply is for testing cookies
</data>
</reply>
# Client-side
<client>
<server>
http
</server>
<name>
HTTP with bad domain name, get cookies and store in cookie jar
</name>
# Explicitly set the time zone to a known good one, in case the user is
# using one of the 'right' zones that take into account leap seconds
# which causes the cookie expiry times to be different from what we expect.
<setenv>
TZ=GMT
</setenv>
<command>
domain..tld:%HTTPPORT/want/%TESTNUMBER --resolve domain..tld:%HTTPPORT:%HOSTIP -c %LOGDIR/jar%TESTNUMBER -b %LOGDIR -b %LOGDIR/injar%TESTNUMBER
</command>
<file name="%LOGDIR/injar%TESTNUMBER">
# Netscape HTTP Cookie File
# https://curl.se/docs/http-cookies.html
# This is generated by libcurl! Do not edit.
%if large-time
www.fake.come FALSE / FALSE 22147483647 cookiecliente si
www.loser.com FALSE / FALSE 22139150993 UID 99
domain..tld FALSE / FALSE 22139150993 mooo indeed
#HttpOnly_domain..tld FALSE /want FALSE 22139150993 mooo2 indeed2
%else
www.fake.come FALSE / FALSE 2147483647 cookiecliente si
www.loser.com FALSE / FALSE 2139150993 UID 99
domain..tld FALSE / FALSE 2139150993 mooo indeed
#HttpOnly_domain..tld FALSE /want FALSE 2139150993 mooo2 indeed2
%endif
domain..tld FALSE /want FALSE 0 empty%TAB
</file>
<features>
cookies
</features>
</client>
# Verify data after the test has been "shot"
<verify>
<protocol crlf="headers">
GET /want/%TESTNUMBER HTTP/1.1
Host: domain..tld:%HTTPPORT
User-Agent: curl/%VERSION
Accept: */*
Cookie: empty=; mooo2=indeed2; mooo=indeed
</protocol>
<file name="%LOGDIR/jar%TESTNUMBER" mode="text">
# Netscape HTTP Cookie File
# https://curl.se/docs/http-cookies.html
# This file was generated by libcurl! Edit at your own risk.
domain..tld FALSE /want FALSE 0 simplyhuge %repeat[3998 x z]%
domain..tld FALSE / FALSE 0 justaname%TAB
domain..tld FALSE / FALSE 0 ASPSESSIONIDQGGQQSJJ GKNBDIFAAOFDPDAIEAKDIBKE
domain..tld FALSE / FALSE 0 ckySession temporary
domain..tld FALSE / FALSE %days[400] ckyPersistent permanent
%if large-time
domain..tld FALSE /want FALSE 0 empty%TAB
#HttpOnly_domain..tld FALSE /want FALSE 22139150993 mooo2 indeed2
domain..tld FALSE / FALSE 22139150993 mooo indeed
www.loser.com FALSE / FALSE 22139150993 UID 99
www.fake.come FALSE / FALSE 22147483647 cookiecliente si
%else
domain..tld FALSE /want FALSE 0 empty%TAB
#HttpOnly_domain..tld FALSE /want FALSE 2139150993 mooo2 indeed2
domain..tld FALSE / FALSE 2139150993 mooo indeed
www.loser.com FALSE / FALSE 2139150993 UID 99
www.fake.come FALSE / FALSE 2147483647 cookiecliente si
%endif
</file>
</verify>
</testcase>
Reference in New Issue View Git Blame Copy Permalink