xref: /third_party/curl/lib/cookie.c

39                  char *lineptr, const char *domain, const char *path,
69     Set-cookie: PRODUCTINFO=webxpress; domain=.fidelity.com; path=/; secure
71     domain=.fidelity.com; path=/ftgw; secure
73     domain=.fidelity.com; path=/; secure
75     domain=.fidelity.com; path=/; secure
77     domain=.fidelity.com; path=/; secure
79     domain=.fidelity.com; path=/; secure
82     13-Jun-1988 03:04:55 GMT; domain=.fidelity.com; path=/; secure
115   free(co->domain);
228  * Return the top-level domain, for optimal hashing.
230 static const char *get_top_domain(const char * const domain, size_t *outlen)
235   if(domain) {
236     len = strlen(domain);
237     last = memrchr(domain, '.', len);
239       first = memrchr(domain, '.', (last - domain));
241         len -= (++first - domain);
248   return first? first: domain;
259 static size_t cookie_hash_domain(const char *domain, const size_t len)
261   const char *end = domain + len;
264   while(domain < end) {
266     h ^= Curl_raw_toupper(*domain++);
277  * Hash this domain.
279 static size_t cookiehash(const char * const domain)
284   if(!domain || Curl_host_is_ipnum(domain))
287   top = get_top_domain(domain, &len);
429 /* Make sure domain contains a dot or is localhost. */
430 static bool bad_domain(const char *domain, size_t len)
432   if((len == 9) && strncasecompare(domain, "localhost", 9))
436     char *dot = memchr(domain, '.', len);
438       size_t i = dot - domain;
486                 const char *domain, /* default domain */
667                 strncasecompare("domain", namep, 6) && vlen) {
671            * Now, we make sure that our host is within the given domain, or
672            * the given domain is not valid and thus cannot be set.
687             domain = ":";
690           is_ip = Curl_host_is_ipnum(domain ? domain : valuep);
692           if(!domain
693              || (is_ip && !strncmp(valuep, domain, vlen) &&
694                  (vlen == strlen(domain)))
695              || (!is_ip && cookie_tailmatch(valuep, vlen, domain))) {
696             strstore(&co->domain, valuep, vlen);
697             if(!co->domain) {
702               co->tailmatch = TRUE; /* we always do that if the domain name was
707              * We did not get a tailmatch and then the attempted set domain is
708              * not a domain to which the current host belongs. Mark as bad.
711             infof(data, "skipped cookie with bad tailmatch domain: %s",
796     if(!badcookie && !co->domain) {
797       if(domain) {
798         /* no domain was given in the header line, set the default */
799         co->domain = strdup(domain);
800         if(!co->domain)
857      * with httpOnly after the domain name are not accessible from javascripts,
893         co->domain = strdup(ptr);
894         if(!co->domain)
900          * domain can access the variable. Set TRUE when the cookie says
901          * .domain.com and to false when the domain is complete www.domain.com
991      * and not have a domain set.
1014    * domain and path as this.
1023    * Check if the domain is a Public Suffix and if yes, ignore the cookie. We
1027   if(data && (domain && co->domain && !Curl_host_is_ipnum(co->domain))) {
1031     size_t dlen = strlen(domain);
1032     size_t clen = strlen(co->domain);
1036         /* the PSL check requires lowercase domain name and pattern */
1037         Curl_strntolower(lcase, domain, dlen + 1);
1038         Curl_strntolower(lcookie, co->domain, clen + 1);
1043         acceptable = !bad_domain(domain, strlen(domain));
1047       infof(data, "cookie '%s' dropped, domain '%s' must not "
1048                   "set cookies for '%s'", co->name, domain, co->domain);
1056   myhash = cookiehash(co->domain);
1063       if(clist->domain && co->domain) {
1064         if(strcasecompare(clist->domain, co->domain))
1068       else if(!clist->domain && !co->domain)
1092           infof(data, "cookie '%s' for domain '%s' dropped, would "
1093                 "overlay an existing cookie", co->name, co->domain);
1103       if(clist->domain && co->domain) {
1104         if(strcasecompare(clist->domain, co->domain) &&
1109       else if(!clist->domain && !co->domain)
1151     free(clist->domain);
1163     infof(data, "%s cookie %s=\"%s\" for domain %s, path %s, "
1166           co->domain, co->path, co->expires);
1295  * shorter path. Path, domain and name lengths are considered in that order,
1312   /* 2 - compare cookie domain lengths */
1313   l1 = c1->domain ? strlen(c1->domain) : 0;
1314   l2 = c2->domain ? strlen(c2->domain) : 0;
1356     CLONE(domain);
1411       /* now check if the domain is correct */
1412       if(!co->domain ||
1414           cookie_tailmatch(co->domain, strlen(co->domain), host)) ||
1415          ((!co->tailmatch || is_ip) && strcasecompare(host, co->domain)) ) {
1417          * the right part of the host matches the domain stuff in the
1594     "%s%s\t" /* domain */
1606     (co->tailmatch && co->domain && co->domain[0] != '.')? ".":"",
1607     co->domain?co->domain:"unknown",
1667     /* only sort the cookies with a domain property */
1670         if(!co->domain)
1730       if(!c->domain)

Indexes created Thu Nov 07 10:32:03 CST 2024