[prev in list] [next in list] [prev in thread] [next in thread]
List: wget
Subject: wget-1.10.2 cookie expiry bug
From: Jay Soffian <jay () soffian ! org>
Date: 2006-11-11 0:35:25
Message-ID: 088392CC-1A91-4D1D-A656-6A44D4A7635E () soffian ! org
[Download RAW message or body]
Kind wget maintainers,
I believe I found a bug in the wget cookie expiry handling. Recently
I was using wget receiving back a cookie with an expiration of "Sun,
20-Sep-2043 19:37:28 GMT".
This fits inside a 32-bit unsigned long but unfortunately overflows a
32-bit signed long by about 4 years.
It would appear that timegm (called from http_atotm) returns -1 when
it overflows. At least that was the behavior I observed with my
system's timegm (OS X 10.4.8/i386) and the timegm that ships with
wget (I recompiled using the wget timegm function to test).
Looking at cookies.c, the intent seems to be to treat a (time_t) -1
as a session cookie. If this is the case, there is a bug in the logic
which instead causes wget to discard the cookie entirely:
expires = http_atotm (value_copy);
if (expires != (time_t) -1)
{
cookie->permanent = 1;
cookie->expiry_time = expires;
}
else
/* Error in expiration spec. Assume default (cookie doesn't
expire, but valid only for this session.) */
;
/* According to netscape's specification, expiry time in the
past means that discarding of a matching cookie is
requested. */
if (cookie->expiry_time < cookies_now)
cookie->discard_requested = 1;
The problem is that when http_atotm returns -1, cookie->expiry_time
does not get set, defaulting to 0 (I think). That then causes the
cookie to be discarded. I've attached the world's smallest patch
which corrects this behavior to what I believe the comments intended.
Thanks,
j.
["wget-1.10.2.cookie_expiry.patch" (wget-1.10.2.cookie_expiry.patch)]
diff -ru wget-1.10.2.orig/src/cookies.c wget-1.10.2/src/cookies.c
--- wget-1.10.2.orig/src/cookies.c 2005-06-27 11:35:45.000000000 -0400
+++ wget-1.10.2/src/cookies.c 2006-11-10 19:32:01.000000000 -0500
@@ -402,7 +402,7 @@
else
/* Error in expiration spec. Assume default (cookie doesn't
expire, but valid only for this session.) */
- ;
+ return 1;
/* According to netscape's specification, expiry time in the
past means that discarding of a matching cookie is
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic