]> granicus.if.org Git - curl/commit
projects / curl / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1a07279) | patch
cookies: reject oversized cookies
authorDaniel Stenberg <daniel@haxx.se>
Sun, 17 Sep 2017 22:55:07 +0000 (00:55 +0200)
committerDaniel Stenberg <daniel@haxx.se>
Mon, 18 Sep 2017 20:55:50 +0000 (22:55 +0200)
commit2bc230de63bd7da197280a69d84972b61455cd18
treeb616832f6cd1138851d1ed87ba68fb60e0a5c85ftree | snapshot
parent1a072796d390a7f56739d48a5158c250e211e2f7commit | diff
cookies: reject oversized cookies

... instead of truncating them.

There's no fixed limit for acceptable cookie names in RFC 6265, but the
entire cookie is said to be less than 4096 bytes (section 6.1). This is
also what browsers seem to implement.

We now allow max 5000 bytes cookie header. Max 4095 bytes length per
cookie name and value. Name + value together may not exceed 4096 bytes.

Added test 1151 to verify

Bug: https://curl.haxx.se/mail/lib-2017-09/0062.html
Reported-by: Kevin Smith
Closes #1894
lib/cookie.c diff | blob | history
lib/cookie.h diff | blob | history
tests/data/Makefile.inc diff | blob | history
tests/data/test1151 [new file with mode: 0644] blob
tests/data/test46 diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.