[prev in list] [next in list] [prev in thread] [next in thread] 

List:       wget
Subject:    wget-1.10.2 cookie expiry bug
From:       Jay Soffian <jay () soffian ! org>
Date:       2006-11-11 0:35:25
Message-ID: 088392CC-1A91-4D1D-A656-6A44D4A7635E () soffian ! org
[Download RAW message or body]

Kind wget maintainers,

I believe I found a bug in the wget cookie expiry handling. Recently  
I was using wget receiving back a cookie with an expiration of "Sun,  
20-Sep-2043 19:37:28 GMT".

This fits inside a 32-bit unsigned long but unfortunately overflows a  
32-bit signed long by about 4 years.

It would appear that timegm (called from http_atotm) returns -1 when  
it overflows. At least that was the behavior I observed with my  
system's timegm (OS X 10.4.8/i386) and the timegm that ships with  
wget (I recompiled using the wget timegm function to test).

Looking at cookies.c, the intent seems to be to treat a (time_t) -1  
as a session cookie. If this is the case, there is a bug in the logic  
which instead causes wget to discard the cookie entirely:

       expires = http_atotm (value_copy);
       if (expires != (time_t) -1)
     {
       cookie->permanent = 1;
       cookie->expiry_time = expires;
     }
       else
     /* Error in expiration spec.  Assume default (cookie doesn't
        expire, but valid only for this session.)  */
     ;

       /* According to netscape's specification, expiry time in the
      past means that discarding of a matching cookie is
      requested.  */
       if (cookie->expiry_time < cookies_now)
     cookie->discard_requested = 1;

The problem is that when http_atotm returns -1, cookie->expiry_time  
does not get set, defaulting to 0 (I think). That then causes the  
cookie to be discarded. I've attached the world's smallest patch  
which corrects this behavior to what I believe the comments intended.

Thanks,

j.

["wget-1.10.2.cookie_expiry.patch" (wget-1.10.2.cookie_expiry.patch)]

diff -ru wget-1.10.2.orig/src/cookies.c wget-1.10.2/src/cookies.c
--- wget-1.10.2.orig/src/cookies.c	2005-06-27 11:35:45.000000000 -0400
+++ wget-1.10.2/src/cookies.c	2006-11-10 19:32:01.000000000 -0500
@@ -402,7 +402,7 @@
       else
 	/* Error in expiration spec.  Assume default (cookie doesn't
 	   expire, but valid only for this session.)  */
-	;
+	return 1;
 
       /* According to netscape's specification, expiry time in the
 	 past means that discarding of a matching cookie is


[prev in list] [next in list] [prev in thread] [next in thread]