Resolve: #1311907 - cookie: fix bug in export if any-domain cookie is present

2016-02-25 11:21:22 +01:00 · 2016-02-25 11:21:22 +01:00 · 0c9fbb7ebe
commit 0c9fbb7ebe
parent c70c78b593
2 changed files with 71 additions and 1 deletions
--- a/0005-curl-7.43.0-ef0fdb83.patch
+++ b/0005-curl-7.43.0-ef0fdb83.patch
@ -0,0 +1,63 @@
+From 635c0837cfb774053238a691378716286842d886 Mon Sep 17 00:00:00 2001
+From: Jay Satiro <raysatiro@yahoo.com>
+Date: Thu, 18 Jun 2015 19:35:04 -0400
+Subject: [PATCH] cookie: Fix bug in export if any-domain cookie is present
+
+In 3013bb6 I had changed cookie export to ignore any-domain cookies,
+however the logic I used to do so was incorrect, and would lead to a
+busy loop in the case of exporting a cookie list that contained
+any-domain cookies. The result of that is worse though, because in that
+case the other cookies would not be written resulting in an empty file
+once the application is terminated to stop the busy loop.
+
+Upstream-commit: ef0fdb83b89c87b63e94bf6ecdab5cd8c6458b2e
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/cookie.c | 9 ++-------
+ 1 file changed, 2 insertions(+), 7 deletions(-)
+
+diff --git a/lib/cookie.c b/lib/cookie.c
+index 94f2a8b..22730cf 100644
+--- a/lib/cookie.c
+++ b/lib/cookie.c
+@@ -1274,9 +1274,8 @@ static int cookie_output(struct CookieInfo *c, const char *dumphere)
+           "# http://curl.haxx.se/docs/http-cookies.html\n"
+           "# This file was generated by libcurl! Edit at your own risk.\n\n",
+           out);
+-    co = c->cookies;
+ 
+-    while(co) {
+    for(co = c->cookies; co; co = co->next) {
+       if(!co->domain)
+         continue;
+       format_ptr = get_netscape_format(co);
+@@ -1288,7 +1287,6 @@ static int cookie_output(struct CookieInfo *c, const char *dumphere)
+       }
+       fprintf(out, "%s\n", format_ptr);
+       free(format_ptr);
+-      co=co->next;
+     }
+   }
+ 
+@@ -1309,9 +1307,7 @@ struct curl_slist *Curl_cookie_list(struct SessionHandle *data)
+       (data->cookies->numcookies == 0))
+     return NULL;
+ 
+-  c = data->cookies->cookies;
+-
+-  while(c) {
+  for(c = data->cookies->cookies; c; c = c->next) {
+     if(!c->domain)
+       continue;
+     line = get_netscape_format(c);
+@@ -1326,7 +1322,6 @@ struct curl_slist *Curl_cookie_list(struct SessionHandle *data)
+       return NULL;
+     }
+     list = beg;
+-    c = c->next;
+   }
+ 
+   return list;
+-- 
+2.5.0
+
--- a/curl.spec
+++ b/curl.spec
@ -1,7 +1,7 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
 Version: 7.43.0
-Release: 5%{?dist}
+Release: 6%{?dist}
 License: MIT
 Group: Applications/Internet
 Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
@ -19,6 +19,9 @@ Patch3: 0003-curl-7.43.0-958d2ffb.patch
 # match credentials when re-using a proxy connection (CVE-2016-0755)
 Patch4: 0004-curl-7.43.0-CVE-2016-0755.patch

+# cookie: fix bug in export if any-domain cookie is present (#1311907)
+Patch5: 0005-curl-7.43.0-ef0fdb83.patch
+
 # patch making libcurl multilib ready
 Patch101: 0101-curl-7.32.0-multilib.patch

@ -133,6 +136,7 @@ documentation of the library, too.
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
+%patch5 -p1

 # Fedora patches
 %patch101 -p1
@ -252,6 +256,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_datadir}/aclocal/libcurl.m4

 %changelog
+* Thu Feb 25 2016 Kamil Dudka <kdudka@redhat.com> 7.43.0-6
+- cookie: fix bug in export if any-domain cookie is present (#1311907)
+
 * Wed Jan 27 2016 Kamil Dudka <kdudka@redhat.com> 7.43.0-5
 - match credentials when re-using a proxy connection (CVE-2016-0755)