[gnurl] 113/222: cookies: using a share with cookies shouldn't enable the cookie engine

[gnunet]

This is an automated email from the git hooks/post-receive script.

ng0 pushed a commit to branch master
in repository gnurl.

commit d0a7ee3f613b0c3f2370c6cc81e5aafef67120f0
Author: Daniel Stenberg <address@hidden>
AuthorDate: Fri Sep 27 09:41:43 2019 +0200

    cookies: using a share with cookies shouldn't enable the cookie engine
    
    The 'share object' only sets the storage area for cookies. The "cookie
    engine" still needs to be enabled or activated using the normal cookie
    options.
    
    This caused the curl command line tool to accidentally use cookies
    without having been told to, since curl switched to using shared cookies
    in 7.66.0.
    
    Test 1166 verifies
    
    Updated test 506
    
    Fixes #4429
    Closes #4434
---
 lib/cookie.c            |   4 ++
 lib/http.c              |   4 +-
 lib/urldata.h           |   1 +
 tests/data/Makefile.inc |   2 +-
 tests/data/test1166     |  53 ++++++++++++++++++++++
 tests/data/test506      | 118 +++++++++++++++++++++++++-----------------------
 tests/libtest/lib506.c  |   3 +-
 7 files changed, 124 insertions(+), 61 deletions(-)

diff --git a/lib/cookie.c b/lib/cookie.c
index 0e71129de..f6b52df2f 100644
--- a/lib/cookie.c
+++ b/lib/cookie.c
@@ -1090,6 +1090,8 @@ Curl_cookie_add(struct Curl_easy *data,
  *
  * If 'newsession' is TRUE, discard all "session cookies" on read from file.
  *
+ * Note that 'data' might be called as NULL pointer.
+ *
  * Returns NULL on out of memory. Invalid cookies are ignored.
  ****************************************************************************/
 struct CookieInfo *Curl_cookie_init(struct Curl_easy *data,
@@ -1160,6 +1162,8 @@ struct CookieInfo *Curl_cookie_init(struct Curl_easy 
*data,
   }
 
   c->running = TRUE;          /* now, we're running */
+  if(data)
+    data->state.cookie_engine = TRUE;
 
   return c;
 
diff --git a/lib/http.c b/lib/http.c
index 9719b28ef..4631a7f36 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -2676,7 +2676,7 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
     struct Cookie *co = NULL; /* no cookies from start */
     int count = 0;
 
-    if(data->cookies) {
+    if(data->cookies && data->state.cookie_engine) {
       Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE);
       co = Curl_cookie_getlist(data->cookies,
                                conn->allocptr.cookiehost?
@@ -4013,7 +4013,7 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy 
*data,
         data->state.resume_from = 0; /* get everything */
     }
 #if !defined(CURL_DISABLE_COOKIES)
-    else if(data->cookies &&
+    else if(data->cookies && data->state.cookie_engine &&
             checkprefix("Set-Cookie:", k->p)) {
       Curl_share_lock(data, CURL_LOCK_DATA_COOKIE,
                       CURL_LOCK_ACCESS_SINGLE);
diff --git a/lib/urldata.h b/lib/urldata.h
index 2700bc2a6..f9365b2e6 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -1397,6 +1397,7 @@ struct UrlState {
                   invoked twice when the multi interface is used. */
   BIT(stream_depends_e); /* set or don't set the Exclusive bit */
   BIT(previouslypending); /* this transfer WAS in the multi->pending queue */
+  BIT(cookie_engine);
 };
 
 
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index 10072c584..a4f06fd1f 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -129,7 +129,7 @@ test1128 test1129 test1130 test1131 test1132 test1133 
test1134 test1135 \
 test1136 test1137 test1138 test1139 test1140 test1141 test1142 test1143 \
 test1144 test1145 test1146 test1147 test1148 test1149 test1150 test1151 \
 test1152 test1153 test1154 test1155 test1156 test1157 test1158 test1159 \
-test1160 test1161 test1162 test1163 test1164 test1165 \
+test1160 test1161 test1162 test1163 test1164 test1165 test1166 \
 test1170 test1171 test1172 test1173 test1174 \
 \
 test1200 test1201 test1202 test1203 test1204 test1205 test1206 test1207 \
diff --git a/tests/data/test1166 b/tests/data/test1166
new file mode 100644
index 000000000..3cae80ecd
--- /dev/null
+++ b/tests/data/test1166
@@ -0,0 +1,53 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+followlocation
+cookies
+</keywords>
+</info>
+
+# Server-side
+<reply>
+<data>
+HTTP/1.1 200 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Set-Cookie: trackyou=want; path=/
+Content-Length: 68
+
+This server reply is for testing a Location: following with cookies
+</data>
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+ <name>
+HTTP response with cookies but not receiving!
+ </name>
+ <command>
+http://%HOSTIP:%HTTPPORT/want/1166 http://%HOSTIP:%HTTPPORT/want/1166
+</command>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+</strip>
+<protocol>
+GET /want/1166 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+
+GET /want/1166 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+
+</protocol>
+</verify>
+</testcase>
diff --git a/tests/data/test506 b/tests/data/test506
index 8f06e0e4f..f821ad10e 100644
--- a/tests/data/test506
+++ b/tests/data/test506
@@ -115,94 +115,98 @@ CURLOPT_SHARE
 lock:   share  [Pigs in space]: 16
 unlock: share  [Pigs in space]: 17
 PERFORM
-lock:   dns    [Pigs in space]: 18
-unlock: dns    [Pigs in space]: 19
+lock:   cookie [Pigs in space]: 18
+unlock: cookie [Pigs in space]: 19
 lock:   dns    [Pigs in space]: 20
 unlock: dns    [Pigs in space]: 21
-lock:   cookie [Pigs in space]: 22
-unlock: cookie [Pigs in space]: 23
+lock:   dns    [Pigs in space]: 22
+unlock: dns    [Pigs in space]: 23
 lock:   cookie [Pigs in space]: 24
 unlock: cookie [Pigs in space]: 25
 lock:   cookie [Pigs in space]: 26
 unlock: cookie [Pigs in space]: 27
 lock:   cookie [Pigs in space]: 28
 unlock: cookie [Pigs in space]: 29
+lock:   cookie [Pigs in space]: 30
+unlock: cookie [Pigs in space]: 31
 run 1: set cookie 1, 2 and 3
-lock:   dns    [Pigs in space]: 30
-unlock: dns    [Pigs in space]: 31
 lock:   dns    [Pigs in space]: 32
 unlock: dns    [Pigs in space]: 33
+lock:   dns    [Pigs in space]: 34
+unlock: dns    [Pigs in space]: 35
 CLEANUP
-lock:   cookie [Pigs in space]: 34
-unlock: cookie [Pigs in space]: 35
-lock:   share  [Pigs in space]: 36
-unlock: share  [Pigs in space]: 37
-*** run 2
-CURLOPT_SHARE
+lock:   cookie [Pigs in space]: 36
+unlock: cookie [Pigs in space]: 37
 lock:   share  [Pigs in space]: 38
 unlock: share  [Pigs in space]: 39
+*** run 2
+CURLOPT_SHARE
+lock:   share  [Pigs in space]: 40
+unlock: share  [Pigs in space]: 41
 PERFORM
-lock:   dns    [Pigs in space]: 40
-unlock: dns    [Pigs in space]: 41
 lock:   cookie [Pigs in space]: 42
 unlock: cookie [Pigs in space]: 43
-lock:   cookie [Pigs in space]: 44
-unlock: cookie [Pigs in space]: 45
+lock:   dns    [Pigs in space]: 44
+unlock: dns    [Pigs in space]: 45
 lock:   cookie [Pigs in space]: 46
 unlock: cookie [Pigs in space]: 47
+lock:   cookie [Pigs in space]: 48
+unlock: cookie [Pigs in space]: 49
+lock:   cookie [Pigs in space]: 50
+unlock: cookie [Pigs in space]: 51
 run 2: set cookie 4 and 5
-lock:   dns    [Pigs in space]: 48
-unlock: dns    [Pigs in space]: 49
-lock:   dns    [Pigs in space]: 50
-unlock: dns    [Pigs in space]: 51
+lock:   dns    [Pigs in space]: 52
+unlock: dns    [Pigs in space]: 53
+lock:   dns    [Pigs in space]: 54
+unlock: dns    [Pigs in space]: 55
 CLEANUP
-lock:   cookie [Pigs in space]: 52
-unlock: cookie [Pigs in space]: 53
-lock:   share  [Pigs in space]: 54
-unlock: share  [Pigs in space]: 55
+lock:   cookie [Pigs in space]: 56
+unlock: cookie [Pigs in space]: 57
+lock:   share  [Pigs in space]: 58
+unlock: share  [Pigs in space]: 59
 *** run 3
 CURLOPT_SHARE
-lock:   share  [Pigs in space]: 56
-unlock: share  [Pigs in space]: 57
+lock:   share  [Pigs in space]: 60
+unlock: share  [Pigs in space]: 61
 CURLOPT_COOKIEJAR
 CURLOPT_COOKIELIST FLUSH
-lock:   cookie [Pigs in space]: 58
-unlock: cookie [Pigs in space]: 59
-PERFORM
-lock:   dns    [Pigs in space]: 60
-unlock: dns    [Pigs in space]: 61
 lock:   cookie [Pigs in space]: 62
 unlock: cookie [Pigs in space]: 63
-lock:   cookie [Pigs in space]: 64
-unlock: cookie [Pigs in space]: 65
+PERFORM
+lock:   dns    [Pigs in space]: 64
+unlock: dns    [Pigs in space]: 65
 lock:   cookie [Pigs in space]: 66
 unlock: cookie [Pigs in space]: 67
 lock:   cookie [Pigs in space]: 68
 unlock: cookie [Pigs in space]: 69
 lock:   cookie [Pigs in space]: 70
 unlock: cookie [Pigs in space]: 71
+lock:   cookie [Pigs in space]: 72
+unlock: cookie [Pigs in space]: 73
+lock:   cookie [Pigs in space]: 74
+unlock: cookie [Pigs in space]: 75
 run 3: overwrite cookie 1 and 4, set cookie 6 with and without tailmatch
-lock:   dns    [Pigs in space]: 72
-unlock: dns    [Pigs in space]: 73
-lock:   dns    [Pigs in space]: 74
-unlock: dns    [Pigs in space]: 75
+lock:   dns    [Pigs in space]: 76
+unlock: dns    [Pigs in space]: 77
+lock:   dns    [Pigs in space]: 78
+unlock: dns    [Pigs in space]: 79
 CLEANUP
-lock:   cookie [Pigs in space]: 76
-unlock: cookie [Pigs in space]: 77
-lock:   share  [Pigs in space]: 78
-unlock: share  [Pigs in space]: 79
+lock:   cookie [Pigs in space]: 80
+unlock: cookie [Pigs in space]: 81
+lock:   share  [Pigs in space]: 82
+unlock: share  [Pigs in space]: 83
 CURLOPT_SHARE
-lock:   share  [Pigs in space]: 80
-unlock: share  [Pigs in space]: 81
+lock:   share  [Pigs in space]: 84
+unlock: share  [Pigs in space]: 85
 CURLOPT_COOKIELIST ALL
-lock:   cookie [Pigs in space]: 82
-unlock: cookie [Pigs in space]: 83
-CURLOPT_COOKIEJAR
-CURLOPT_COOKIELIST RELOAD
-lock:   cookie [Pigs in space]: 84
-unlock: cookie [Pigs in space]: 85
 lock:   cookie [Pigs in space]: 86
 unlock: cookie [Pigs in space]: 87
+CURLOPT_COOKIEJAR
+CURLOPT_COOKIELIST RELOAD
+lock:   cookie [Pigs in space]: 88
+unlock: cookie [Pigs in space]: 89
+lock:   cookie [Pigs in space]: 90
+unlock: cookie [Pigs in space]: 91
 loaded cookies:
 -----------------
   www.host.foo.com     FALSE   /       FALSE   1993463787      test6   six_more
@@ -215,17 +219,17 @@ loaded cookies:
   .host.foo.com        TRUE    /       FALSE   1896263787      injected        
yes
 -----------------
 try SHARE_CLEANUP...
-lock:   share  [Pigs in space]: 88
-unlock: share  [Pigs in space]: 89
-SHARE_CLEANUP failed, correct
-CLEANUP
-lock:   cookie [Pigs in space]: 90
-unlock: cookie [Pigs in space]: 91
 lock:   share  [Pigs in space]: 92
 unlock: share  [Pigs in space]: 93
+SHARE_CLEANUP failed, correct
+CLEANUP
+lock:   cookie [Pigs in space]: 94
+unlock: cookie [Pigs in space]: 95
+lock:   share  [Pigs in space]: 96
+unlock: share  [Pigs in space]: 97
 SHARE_CLEANUP
-lock:   share  [Pigs in space]: 94
-unlock: share  [Pigs in space]: 95
+lock:   share  [Pigs in space]: 98
+unlock: share  [Pigs in space]: 99
 GLOBAL_CLEANUP
 </stdout>
 <file name="log/jar506" mode="text">
diff --git a/tests/libtest/lib506.c b/tests/libtest/lib506.c
index 9f656e032..e0325ee00 100644
--- a/tests/libtest/lib506.c
+++ b/tests/libtest/lib506.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <address@hidden>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -142,6 +142,7 @@ static void *fire(void *ptr)
   curl_easy_setopt(curl, CURLOPT_VERBOSE,    1L);
   curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers);
   curl_easy_setopt(curl, CURLOPT_URL,        tdata->url);
+  curl_easy_setopt(curl, CURLOPT_COOKIEFILE, "");
   printf("CURLOPT_SHARE\n");
   curl_easy_setopt(curl, CURLOPT_SHARE, tdata->share);
 

-- 
To stop receiving notification emails like this one, please contact
address@hidden.