[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnurl] 71/282: cookie: check __Secure- and __Host- case sensitively
|
From: |
gnunet |
|
Subject: |
[gnurl] 71/282: cookie: check __Secure- and __Host- case sensitively |
|
Date: |
Wed, 01 Apr 2020 14:28:56 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit 5af0165562f35d06b9db6c9844203ad33a4a8ee6
Author: Daniel Stenberg <address@hidden>
AuthorDate: Wed Jan 29 09:57:50 2020 +0100
cookie: check __Secure- and __Host- case sensitively
While most keywords in cookies are case insensitive, these prefixes are
specified explicitly to get checked "with a case-sensitive match".
(From the 6265bis document in progress)
Ref: https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-04
Closes #4864
---
lib/cookie.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lib/cookie.c b/lib/cookie.c
index 0091132aa..fa3337598 100644
--- a/lib/cookie.c
+++ b/lib/cookie.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2019, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2020, Daniel Stenberg, <address@hidden>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -537,9 +537,9 @@ Curl_cookie_add(struct Curl_easy *data,
* only test for names where that can possibly be true.
*/
if(nlen > 3 && name[0] == '_' && name[1] == '_') {
- if(strncasecompare("__Secure-", name, 9))
+ if(!strncmp("__Secure-", name, 9))
co->prefix |= COOKIE_PREFIX__SECURE;
- else if(strncasecompare("__Host-", name, 7))
+ else if(!strncmp("__Host-", name, 7))
co->prefix |= COOKIE_PREFIX__HOST;
}
--
To stop receiving notification emails like this one, please contact
address@hidden.
- [gnurl] 83/282: tool_operhlp: Copyright year out of date, should be 2020, (continued)
- [gnurl] 83/282: tool_operhlp: Copyright year out of date, should be 2020, gnunet, 2020/04/01
- [gnurl] 68/282: multi_done: if multiplexed, make conn->data point to another transfer, gnunet, 2020/04/01
- [gnurl] 81/282: ntlm: Ensure the HTTP header data is not stored in the challenge/response, gnunet, 2020/04/01
- [gnurl] 67/282: location.d: the method change is from POST to GET only, gnunet, 2020/04/01
- [gnurl] 84/282: RELEASE-NOTES: synced, gnunet, 2020/04/01
- [gnurl] 86/282: docs/HTTP3: update the OpenSSL branch to use for ngtcp2, gnunet, 2020/04/01
- [gnurl] 66/282: urlapi: guess scheme correct even with credentials given, gnunet, 2020/04/01
- [gnurl] 70/282: KNOWN_BUGS: Multiple methods in a single WWW-Authenticate: header, gnunet, 2020/04/01
- [gnurl] 69/282: oauth2-bearer.d: works for HTTP too, gnunet, 2020/04/01
- [gnurl] 78/282: cirrus: Add some missing semicolons, gnunet, 2020/04/01
- [gnurl] 71/282: cookie: check __Secure- and __Host- case sensitively,
gnunet <=
- [gnurl] 79/282: travis: update non-OpenSSL Linux jobs to Bionic, gnunet, 2020/04/01
- [gnurl] 77/282: cleanup: fix typos and wording in docs and comments, gnunet, 2020/04/01
- [gnurl] 85/282: ntlm: Pass the Curl_easy structure to the private winbind functions, gnunet, 2020/04/01
- [gnurl] 97/282: ntlm_wb: Use Curl_socketpair() for greater portability, gnunet, 2020/04/01
- [gnurl] 87/282: ngtcp2: fixed to only use AF_INET6 when ENABLE_IPV6, gnunet, 2020/04/01
- [gnurl] 90/282: RELEASE-PROCEDURE: feature win is closed post-release a few days, gnunet, 2020/04/01
- [gnurl] 89/282: altsvc: set h3 version at a common single spot, gnunet, 2020/04/01
- [gnurl] 96/282: contributors: Also include people who contributed to curl-www, gnunet, 2020/04/01
- [gnurl] 88/282: altsvc: improved header parser, gnunet, 2020/04/01
- [gnurl] 104/282: asyn-thread: remove dead code, gnunet, 2020/04/01