luna - curl/lib/cookie.c

   1/***************************************************************************
   2 *                                  _   _ ____  _
   3 *  Project                     ___| | | |  _ \| |
   4 *                             / __| | | | |_) | |
   5 *                            | (__| |_| |  _ <| |___
   6 *                             \___|\___/|_| \_\_____|
   7 *
   8 * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
   9 *
  10 * This software is licensed as described in the file COPYING, which
  11 * you should have received as part of this distribution. The terms
  12 * are also available at https://curl.se/docs/copyright.html.
  13 *
  14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
  15 * copies of the Software, and permit persons to whom the Software is
  16 * furnished to do so, under the terms of the COPYING file.
  17 *
  18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  19 * KIND, either express or implied.
  20 *
  21 * SPDX-License-Identifier: curl
  22 *
  23 ***************************************************************************/
  24#include "curl_setup.h"
  25
  26#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES)
  27
  28#include "urldata.h"
  29#include "cookie.h"
  30#include "psl.h"
  31#include "curl_trc.h"
  32#include "slist.h"
  33#include "curl_share.h"
  34#include "strcase.h"
  35#include "curl_fopen.h"
  36#include "curl_get_line.h"
  37#include "curl_memrchr.h"
  38#include "parsedate.h"
  39#include "curlx/strdup.h"
  40#include "llist.h"
  41#include "curlx/strparse.h"
  42
  43/* number of seconds in 400 days */
  44#define COOKIES_MAXAGE (400 * 24 * 3600)
  45
  46/* Make sure cookies never expire further away in time than 400 days into the
  47   future. (from RFC6265bis draft-19)
  48
  49   For the sake of easier testing, align the capped time to an even 60 second
  50   boundary.
  51*/
  52static void cap_expires(time_t now, struct Cookie *co)
  53{
  54  if(co->expires && (TIME_T_MAX - COOKIES_MAXAGE - 30) > now) {
  55    timediff_t cap = now + COOKIES_MAXAGE;
  56    if(co->expires > cap) {
  57      cap += 30;
  58      co->expires = (cap / 60) * 60;
  59    }
  60  }
  61}
  62
  63static void freecookie(struct Cookie *co, bool maintoo)
  64{
  65  curlx_free(co->domain);
  66  curlx_free(co->path);
  67  curlx_free(co->name);
  68  curlx_free(co->value);
  69  if(maintoo)
  70    curlx_free(co);
  71}
  72
  73static bool cookie_tailmatch(const char *cookie_domain,
  74                             const size_t cookie_domain_len,
  75                             const char *hostname)
  76{
  77  size_t hostname_len = strlen(hostname);
  78
  79  if(hostname_len < cookie_domain_len)
  80    return FALSE;
  81
  82  if(!curl_strnequal(cookie_domain,
  83                     hostname + hostname_len - cookie_domain_len,
  84                     cookie_domain_len))
  85    return FALSE;
  86
  87  /*
  88   * A lead char of cookie_domain is not '.'.
  89   * RFC6265 4.1.2.3. The Domain Attribute says:
  90   * For example, if the value of the Domain attribute is
  91   * "example.com", the user agent will include the cookie in the Cookie
  92   * header when making HTTP requests to example.com, www.example.com, and
  93   * www.corp.example.com.
  94   */
  95  if(hostname_len == cookie_domain_len)
  96    return TRUE;
  97  if('.' == *(hostname + hostname_len - cookie_domain_len - 1))
  98    return TRUE;
  99  return FALSE;
 100}
 101
 102/*
 103 * matching cookie path and URL path
 104 * RFC6265 5.1.4 Paths and Path-Match
 105 */
 106static bool pathmatch(const char *cookie_path, const char *uri_path)
 107{
 108  size_t cookie_path_len;
 109  size_t uri_path_len;
 110  bool ret = FALSE;
 111
 112  /* cookie_path must not have last '/' separator. ex: /sample */
 113  cookie_path_len = strlen(cookie_path);
 114  if(cookie_path_len == 1) {
 115    /* cookie_path must be '/' */
 116    return TRUE;
 117  }
 118
 119  /* #-fragments are already cut off! */
 120  if(strlen(uri_path) == 0 || uri_path[0] != '/')
 121    uri_path = "/";
 122
 123  /*
 124   * here, RFC6265 5.1.4 says
 125   *  4. Output the characters of the uri-path from the first character up
 126   *     to, but not including, the right-most %x2F ("/").
 127   *  but URL path /hoge?fuga=xxx means /hoge/index.cgi?fuga=xxx in some site
 128   *  without redirect.
 129   *  Ignore this algorithm because /hoge is uri path for this case
 130   *  (uri path is not /).
 131   */
 132
 133  uri_path_len = strlen(uri_path);
 134
 135  if(uri_path_len < cookie_path_len)
 136    goto pathmatched;
 137
 138  /* not using checkprefix() because matching should be case-sensitive */
 139  if(strncmp(cookie_path, uri_path, cookie_path_len))
 140    goto pathmatched;
 141
 142  /* The cookie-path and the uri-path are identical. */
 143  if(cookie_path_len == uri_path_len) {
 144    ret = TRUE;
 145    goto pathmatched;
 146  }
 147
 148  /* here, cookie_path_len < uri_path_len */
 149  if(uri_path[cookie_path_len] == '/') {
 150    ret = TRUE;
 151    goto pathmatched;
 152  }
 153
 154pathmatched:
 155  return ret;
 156}
 157
 158/*
 159 * Return the top-level domain, for optimal hashing.
 160 */
 161static const char *get_top_domain(const char * const domain, size_t *outlen)
 162{
 163  size_t len = 0;
 164  const char *first = NULL, *last;
 165
 166  if(domain) {
 167    len = strlen(domain);
 168    last = memrchr(domain, '.', len);
 169    if(last) {
 170      first = memrchr(domain, '.', (last - domain));
 171      if(first)
 172        len -= (++first - domain);
 173    }
 174  }
 175
 176  if(outlen)
 177    *outlen = len;
 178
 179  return first ? first : domain;
 180}
 181
 182/* Avoid C1001, an "internal error" with MSVC14 */
 183#if defined(_MSC_VER) && (_MSC_VER == 1900)
 184#pragma optimize("", off)
 185#endif
 186
 187/*
 188 * A case-insensitive hash for the cookie domains.
 189 */
 190static size_t cookie_hash_domain(const char *domain, const size_t len)
 191{
 192  const char *end = domain + len;
 193  size_t h = 5381;
 194
 195  while(domain < end) {
 196    size_t j = (size_t)Curl_raw_toupper(*domain++);
 197    h += h << 5;
 198    h ^= j;
 199  }
 200
 201  return (h % COOKIE_HASH_SIZE);
 202}
 203
 204#if defined(_MSC_VER) && (_MSC_VER == 1900)
 205#pragma optimize("", on)
 206#endif
 207
 208/*
 209 * Hash this domain.
 210 */
 211static size_t cookiehash(const char * const domain)
 212{
 213  const char *top;
 214  size_t len;
 215
 216  if(!domain || Curl_host_is_ipnum(domain))
 217    return 0;
 218
 219  top = get_top_domain(domain, &len);
 220  return cookie_hash_domain(top, len);
 221}
 222
 223/*
 224 * cookie path sanitize
 225 */
 226static char *sanitize_cookie_path(const char *cookie_path, size_t len)
 227{
 228  /* some sites send path attribute within '"'. */
 229  if(len && (cookie_path[0] == '\"')) {
 230    cookie_path++;
 231    len--;
 232
 233    if(len && (cookie_path[len - 1] == '\"'))
 234      len--;
 235  }
 236
 237  /* RFC6265 5.2.4 The Path Attribute */
 238  if(!len || (cookie_path[0] != '/'))
 239    /* Let cookie-path be the default-path. */
 240    return curlx_strdup("/");
 241
 242  /* remove trailing slash when path is non-empty */
 243  /* convert /hoge/ to /hoge */
 244  if(len > 1 && cookie_path[len - 1] == '/')
 245    len--;
 246
 247  return curlx_memdup0(cookie_path, len);
 248}
 249
 250/*
 251 * strstore
 252 *
 253 * A thin wrapper around curlx_memdup0().
 254 */
 255static CURLcode strstore(char **str, const char *newstr, size_t len)
 256{
 257  DEBUGASSERT(str);
 258  *str = curlx_memdup0(newstr, len);
 259  if(!*str)
 260    return CURLE_OUT_OF_MEMORY;
 261  return CURLE_OK;
 262}
 263
 264/*
 265 * remove_expired
 266 *
 267 * Remove expired cookies from the hash by inspecting the expires timestamp on
 268 * each cookie in the hash, freeing and deleting any where the timestamp is in
 269 * the past. If the cookiejar has recorded the next timestamp at which one or
 270 * more cookies expire, then processing will exit early in case this timestamp
 271 * is in the future.
 272 */
 273static void remove_expired(struct CookieInfo *ci)
 274{
 275  struct Cookie *co;
 276  curl_off_t now = (curl_off_t)time(NULL);
 277  unsigned int i;
 278
 279  /*
 280   * If the earliest expiration timestamp in the jar is in the future we can
 281   * skip scanning the whole jar and instead exit early as there will not be
 282   * any cookies to evict. If we need to evict, reset the next_expiration
 283   * counter in order to track the next one. In case the recorded first
 284   * expiration is the max offset, then perform the safe fallback of checking
 285   * all cookies.
 286   */
 287  if(now < ci->next_expiration &&
 288     ci->next_expiration != CURL_OFF_T_MAX)
 289    return;
 290  else
 291    ci->next_expiration = CURL_OFF_T_MAX;
 292
 293  for(i = 0; i < COOKIE_HASH_SIZE; i++) {
 294    struct Curl_llist_node *n;
 295    struct Curl_llist_node *e = NULL;
 296
 297    for(n = Curl_llist_head(&ci->cookielist[i]); n; n = e) {
 298      co = Curl_node_elem(n);
 299      e = Curl_node_next(n);
 300      if(co->expires) {
 301        if(co->expires < now) {
 302          Curl_node_remove(n);
 303          freecookie(co, TRUE);
 304          ci->numcookies--;
 305        }
 306        else if(co->expires < ci->next_expiration)
 307          /*
 308           * If this cookie has an expiration timestamp earlier than what we
 309           * have seen so far then record it for the next round of expirations.
 310           */
 311          ci->next_expiration = co->expires;
 312      }
 313    }
 314  }
 315}
 316
 317#ifndef USE_LIBPSL
 318/* Make sure domain contains a dot or is localhost. */
 319static bool bad_domain(const char *domain, size_t len)
 320{
 321  if((len == 9) && curl_strnequal(domain, "localhost", 9))
 322    return FALSE;
 323  else {
 324    /* there must be a dot present, but that dot must not be a trailing dot */
 325    const char *dot = memchr(domain, '.', len);
 326    if(dot) {
 327      size_t i = dot - domain;
 328      if((len - i) > 1)
 329        /* the dot is not the last byte */
 330        return FALSE;
 331    }
 332  }
 333  return TRUE;
 334}
 335#endif
 336
 337/*
 338  RFC 6265 section 4.1.1 says a server should accept this range:
 339
 340  cookie-octet    = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
 341
 342  Yet, Firefox and Chrome as of June 2022 accept space, comma and double-quotes
 343  fine. The prime reason for filtering out control bytes is that some HTTP
 344  servers return 400 for requests that contain such.
 345*/
 346static bool invalid_octets(const char *ptr, size_t len)
 347{
 348  const unsigned char *p = (const unsigned char *)ptr;
 349  /* Reject all bytes \x01 - \x1f (*except* \x09, TAB) + \x7f */
 350  while(len && *p) {
 351    if(((*p != 9) && (*p < 0x20)) || (*p == 0x7f))
 352      return TRUE;
 353    p++;
 354    len--;
 355  }
 356  return FALSE;
 357}
 358
 359/* The maximum length we accept a date string for the 'expire' keyword. The
 360   standard date formats are within the 30 bytes range. This adds an extra
 361   margin to make sure it realistically works with what is used out there.
 362*/
 363#define MAX_DATE_LENGTH 80
 364
 365#define COOKIE_NAME   0
 366#define COOKIE_VALUE  1
 367#define COOKIE_DOMAIN 2
 368#define COOKIE_PATH   3
 369
 370#define COOKIE_PIECES 4 /* the list above */
 371
 372static CURLcode storecookie(struct Cookie *co, const struct Curl_str *cp,
 373                            const char *path, const char *domain)
 374{
 375  CURLcode result;
 376  result = strstore(&co->name, curlx_str(&cp[COOKIE_NAME]),
 377                    curlx_strlen(&cp[COOKIE_NAME]));
 378  if(!result)
 379    result = strstore(&co->value, curlx_str(&cp[COOKIE_VALUE]),
 380                      curlx_strlen(&cp[COOKIE_VALUE]));
 381  if(!result) {
 382    size_t plen = 0;
 383    if(curlx_strlen(&cp[COOKIE_PATH])) {
 384      path = curlx_str(&cp[COOKIE_PATH]);
 385      plen = curlx_strlen(&cp[COOKIE_PATH]);
 386    }
 387    else if(path) {
 388      /* No path was given in the header line, set the default */
 389      const char *endslash = strrchr(path, '/');
 390      if(endslash)
 391        plen = endslash - path + 1; /* include end slash */
 392      else
 393        plen = strlen(path);
 394    }
 395
 396    if(path) {
 397      co->path = sanitize_cookie_path(path, plen);
 398      if(!co->path)
 399        result = CURLE_OUT_OF_MEMORY;
 400    }
 401  }
 402  if(!result) {
 403    if(curlx_strlen(&cp[COOKIE_DOMAIN]))
 404      result = strstore(&co->domain, curlx_str(&cp[COOKIE_DOMAIN]),
 405                        curlx_strlen(&cp[COOKIE_DOMAIN]));
 406    else if(domain) {
 407      /* no domain was given in the header line, set the default */
 408      co->domain = curlx_strdup(domain);
 409      if(!co->domain)
 410        result = CURLE_OUT_OF_MEMORY;
 411    }
 412  }
 413  return result;
 414}
 415
 416/* this function return errors on OOM etc, not on plain cookie format
 417   problems */
 418static CURLcode parse_cookie_header(
 419  struct Curl_easy *data,
 420  struct Cookie *co,
 421  const struct CookieInfo *ci,
 422  bool *okay,         /* if the cookie was fine */
 423  const char *ptr,
 424  const char *domain, /* default domain */
 425  const char *path,   /* full path used when this cookie is
 426                         set, used to get default path for
 427                         the cookie unless set */
 428  bool secure)        /* TRUE if connection is over secure origin */
 429{
 430  /* This line was read off an HTTP-header */
 431  time_t now = 0;
 432  size_t linelength = strlen(ptr);
 433  CURLcode result = CURLE_OK;
 434  struct Curl_str cookie[COOKIE_PIECES];
 435  *okay = FALSE;
 436  if(linelength > MAX_COOKIE_LINE)
 437    /* discard overly long lines at once */
 438    return CURLE_OK;
 439
 440  /* memset instead of initializer because gcc 4.8.1 is silly */
 441  memset(cookie, 0, sizeof(cookie));
 442  do {
 443    struct Curl_str name;
 444    struct Curl_str val;
 445
 446    /* we have a <name>=<value> pair or a stand-alone word here */
 447    if(!curlx_str_cspn(&ptr, &name, ";\t\r\n=")) {
 448      bool sep = FALSE;
 449      curlx_str_trimblanks(&name);
 450
 451      if(!curlx_str_single(&ptr, '=')) {
 452        sep = TRUE; /* a '=' was used */
 453        if(!curlx_str_cspn(&ptr, &val, ";\r\n"))
 454          curlx_str_trimblanks(&val);
 455
 456        /* Reject cookies with a TAB inside the value */
 457        if(curlx_strlen(&val) &&
 458           memchr(curlx_str(&val), '\t', curlx_strlen(&val))) {
 459          infof(data, "cookie contains TAB, dropping");
 460          return CURLE_OK;
 461        }
 462      }
 463      else
 464        curlx_str_init(&val);
 465
 466      if(!curlx_strlen(&cookie[COOKIE_NAME])) {
 467        /* The first name/value pair is the actual cookie name */
 468        if(!sep ||
 469           /* Bad name/value pair. */
 470           invalid_octets(curlx_str(&name), curlx_strlen(&name)) ||
 471           invalid_octets(curlx_str(&val), curlx_strlen(&val)) ||
 472           !curlx_strlen(&name)) {
 473          infof(data, "invalid octets in name/value, cookie dropped");
 474          return CURLE_OK;
 475        }
 476
 477        /*
 478         * Check for too long individual name or contents, or too long
 479         * combination of name + contents. Chrome and Firefox support 4095 or
 480         * 4096 bytes combo
 481         */
 482        if(curlx_strlen(&name) >= (MAX_NAME - 1) ||
 483           curlx_strlen(&val) >= (MAX_NAME - 1) ||
 484           ((curlx_strlen(&name) + curlx_strlen(&val)) > MAX_NAME)) {
 485          infof(data, "oversized cookie dropped, name/val %zu + %zu bytes",
 486                curlx_strlen(&name), curlx_strlen(&val));
 487          return CURLE_OK;
 488        }
 489
 490        /* Check if we have a reserved prefix set. */
 491        if(!strncmp("__Secure-", curlx_str(&name), 9))
 492          co->prefix_secure = TRUE;
 493        else if(!strncmp("__Host-", curlx_str(&name), 7))
 494          co->prefix_host = TRUE;
 495
 496        cookie[COOKIE_NAME] = name;
 497        cookie[COOKIE_VALUE] = val;
 498      }
 499      else if(!sep) {
 500        /*
 501         * this is a "<name>" with no content
 502         */
 503
 504        /*
 505         * secure cookies are only allowed to be set when the connection is
 506         * using a secure protocol, or when the cookie is being set by
 507         * reading from file
 508         */
 509        if(curlx_str_casecompare(&name, "secure")) {
 510          if(secure || !ci->running)
 511            co->secure = TRUE;
 512          else {
 513            infof(data, "skipped cookie because not 'secure'");
 514            return CURLE_OK;
 515          }
 516        }
 517        else if(curlx_str_casecompare(&name, "httponly"))
 518          co->httponly = TRUE;
 519      }
 520      else if(curlx_str_casecompare(&name, "path")) {
 521        cookie[COOKIE_PATH] = val;
 522      }
 523      else if(curlx_str_casecompare(&name, "domain") && curlx_strlen(&val)) {
 524        bool is_ip;
 525        const char *v = curlx_str(&val);
 526        /*
 527         * Now, we make sure that our host is within the given domain, or
 528         * the given domain is not valid and thus cannot be set.
 529         */
 530
 531        if('.' == *v)
 532          curlx_str_nudge(&val, 1);
 533
 534#ifndef USE_LIBPSL
 535        /*
 536         * Without PSL we do not know when the incoming cookie is set on a
 537         * TLD or otherwise "protected" suffix. To reduce risk, we require a
 538         * dot OR the exact hostname being "localhost".
 539         */
 540        if(bad_domain(curlx_str(&val), curlx_strlen(&val)))
 541          domain = ":";
 542#endif
 543
 544        is_ip = Curl_host_is_ipnum(domain ? domain : curlx_str(&val));
 545
 546        if(!domain ||
 547           (is_ip &&
 548            !strncmp(curlx_str(&val), domain, curlx_strlen(&val)) &&
 549            (curlx_strlen(&val) == strlen(domain))) ||
 550           (!is_ip && cookie_tailmatch(curlx_str(&val),
 551                                          curlx_strlen(&val), domain))) {
 552          cookie[COOKIE_DOMAIN] = val;
 553          if(!is_ip)
 554            co->tailmatch = TRUE; /* we always do that if the domain name was
 555                                     given */
 556        }
 557        else {
 558          /*
 559           * We did not get a tailmatch and then the attempted set domain is
 560           * not a domain to which the current host belongs. Mark as bad.
 561           */
 562          infof(data, "skipped cookie with bad tailmatch domain: %s",
 563                curlx_str(&val));
 564          return CURLE_OK;
 565        }
 566      }
 567      else if(curlx_str_casecompare(&name, "max-age") && curlx_strlen(&val)) {
 568        /*
 569         * Defined in RFC2109:
 570         *
 571         * Optional. The Max-Age attribute defines the lifetime of the
 572         * cookie, in seconds. The delta-seconds value is a decimal non-
 573         * negative integer. After delta-seconds seconds elapse, the
 574         * client should discard the cookie. A value of zero means the
 575         * cookie should be discarded immediately.
 576         */
 577        int rc;
 578        const char *maxage = curlx_str(&val);
 579        if(*maxage == '\"')
 580          maxage++;
 581        rc = curlx_str_number(&maxage, &co->expires, CURL_OFF_T_MAX);
 582        if(!now)
 583          now = time(NULL);
 584        switch(rc) {
 585        case STRE_OVERFLOW:
 586          /* overflow, used max value */
 587          co->expires = CURL_OFF_T_MAX;
 588          break;
 589        default:
 590          /* negative or otherwise bad, expire */
 591          co->expires = 1;
 592          break;
 593        case STRE_OK:
 594          if(!co->expires)
 595            co->expires = 1; /* expire now */
 596          else if(CURL_OFF_T_MAX - now < co->expires)
 597            /* would overflow */
 598            co->expires = CURL_OFF_T_MAX;
 599          else
 600            co->expires += now;
 601          break;
 602        }
 603        cap_expires(now, co);
 604      }
 605      else if(curlx_str_casecompare(&name, "expires") && curlx_strlen(&val) &&
 606              !co->expires && (curlx_strlen(&val) < MAX_DATE_LENGTH)) {
 607        /*
 608         * Let max-age have priority.
 609         *
 610         * If the date cannot get parsed for whatever reason, the cookie
 611         * will be treated as a session cookie
 612         */
 613        char dbuf[MAX_DATE_LENGTH + 1];
 614        time_t date = 0;
 615        memcpy(dbuf, curlx_str(&val), curlx_strlen(&val));
 616        dbuf[curlx_strlen(&val)] = 0;
 617        if(!Curl_getdate_capped(dbuf, &date)) {
 618          if(!date)
 619            date++;
 620          co->expires = (curl_off_t)date;
 621        }
 622        else
 623          co->expires = 0;
 624        if(!now)
 625          now = time(NULL);
 626        cap_expires(now, co);
 627      }
 628    }
 629  } while(!curlx_str_single(&ptr, ';'));
 630
 631  if(curlx_strlen(&cookie[COOKIE_NAME])) {
 632    /* the header was fine, now store the data */
 633    result = storecookie(co, &cookie[0], path, domain);
 634    if(!result)
 635      *okay = TRUE;
 636  }
 637  return result;
 638}
 639
 640static CURLcode parse_netscape(struct Cookie *co,
 641                               const struct CookieInfo *ci,
 642                               bool *okay,
 643                               const char *lineptr,
 644                               bool secure) /* TRUE if connection is over
 645                                               secure origin */
 646{
 647  /*
 648   * This line is NOT an HTTP header style line, we do offer support for
 649   * reading the odd netscape cookies-file format here
 650   */
 651  const char *ptr, *next;
 652  int fields;
 653  size_t len;
 654  *okay = FALSE;
 655
 656  /*
 657   * In 2008, Internet Explorer introduced HTTP-only cookies to prevent XSS
 658   * attacks. Cookies marked httpOnly are not accessible to JavaScript. In
 659   * Firefox's cookie files, they are prefixed #HttpOnly_ and the rest
 660   * remains as usual, so we skip 10 characters of the line.
 661   */
 662  if(strncmp(lineptr, "#HttpOnly_", 10) == 0) {
 663    lineptr += 10;
 664    co->httponly = TRUE;
 665  }
 666
 667  if(lineptr[0] == '#')
 668    /* do not even try the comments */
 669    return CURLE_OK;
 670
 671  /*
 672   * Now loop through the fields and init the struct we already have
 673   * allocated
 674   */
 675  fields = 0;
 676  for(next = lineptr; next; fields++) {
 677    ptr = next;
 678    len = strcspn(ptr, "\t\r\n");
 679    next = (ptr[len] == '\t' ? &ptr[len + 1] : NULL);
 680    switch(fields) {
 681    case 0:
 682      if(ptr[0] == '.') { /* skip preceding dots */
 683        ptr++;
 684        len--;
 685      }
 686      co->domain = curlx_memdup0(ptr, len);
 687      if(!co->domain)
 688        return CURLE_OUT_OF_MEMORY;
 689      break;
 690    case 1:
 691      /*
 692       * flag: A TRUE/FALSE value indicating if all machines within a given
 693       * domain can access the variable. Set TRUE when the cookie says
 694       * .example.com and to false when the domain is complete www.example.com
 695       */
 696      co->tailmatch = !!curl_strnequal(ptr, "TRUE", len);
 697      break;
 698    case 2:
 699      /* The file format allows the path field to remain not filled in */
 700      if(strncmp("TRUE", ptr, len) && strncmp("FALSE", ptr, len)) {
 701        /* only if the path does not look like a boolean option! */
 702        co->path = sanitize_cookie_path(ptr, len);
 703        if(!co->path)
 704          return CURLE_OUT_OF_MEMORY;
 705        break;
 706      }
 707      else {
 708        /* this does not look like a path, make one up! */
 709        co->path = curlx_strdup("/");
 710        if(!co->path)
 711          return CURLE_OUT_OF_MEMORY;
 712      }
 713      fields++; /* add a field and fall down to secure */
 714      FALLTHROUGH();
 715    case 3:
 716      co->secure = FALSE;
 717      if(curl_strnequal(ptr, "TRUE", len)) {
 718        if(secure || ci->running)
 719          co->secure = TRUE;
 720        else
 721          return CURLE_OK;
 722      }
 723      break;
 724    case 4:
 725      if(curlx_str_number(&ptr, &co->expires, CURL_OFF_T_MAX))
 726        return CURLE_OK;
 727      break;
 728    case 5:
 729      co->name = curlx_memdup0(ptr, len);
 730      if(!co->name)
 731        return CURLE_OUT_OF_MEMORY;
 732      else {
 733        /* For Netscape file format cookies we check prefix on the name */
 734        if(curl_strnequal("__Secure-", co->name, 9))
 735          co->prefix_secure = TRUE;
 736        else if(curl_strnequal("__Host-", co->name, 7))
 737          co->prefix_host = TRUE;
 738      }
 739      break;
 740    case 6:
 741      co->value = curlx_memdup0(ptr, len);
 742      if(!co->value)
 743        return CURLE_OUT_OF_MEMORY;
 744      break;
 745    }
 746  }
 747  if(fields == 6) {
 748    /* we got a cookie with blank contents, fix it */
 749    co->value = curlx_strdup("");
 750    if(!co->value)
 751      return CURLE_OUT_OF_MEMORY;
 752    else
 753      fields++;
 754  }
 755
 756  if(fields != 7)
 757    /* we did not find the sufficient number of fields */
 758    return CURLE_OK;
 759
 760  *okay = TRUE;
 761  return CURLE_OK;
 762}
 763
 764static bool is_public_suffix(struct Curl_easy *data,
 765                             const struct Cookie *co,
 766                             const char *domain)
 767{
 768#ifdef USE_LIBPSL
 769  /*
 770   * Check if the domain is a Public Suffix and if yes, ignore the cookie. We
 771   * must also check that the data handle is not NULL since the psl code will
 772   * dereference it.
 773   */
 774  DEBUGF(infof(data, "PSL check set-cookie '%s' for domain=%s in %s",
 775               co->name, co->domain, domain));
 776  if(data && (domain && co->domain && !Curl_host_is_ipnum(co->domain))) {
 777    bool acceptable = FALSE;
 778    char lcase[256];
 779    char lcookie[256];
 780    size_t dlen = strlen(domain);
 781    size_t clen = strlen(co->domain);
 782
 783    /* trim trailing dots */
 784    if(dlen && (domain[dlen - 1] == '.'))
 785      dlen--;
 786    if(clen && (co->domain[clen - 1] == '.'))
 787      clen--;
 788
 789    if((dlen < sizeof(lcase)) && (clen < sizeof(lcookie))) {
 790      const psl_ctx_t *psl = Curl_psl_use(data);
 791      if(psl) {
 792        /* the PSL check requires lowercase domain name and pattern */
 793        Curl_strntolower(lcase, domain, dlen);
 794        lcase[dlen] = 0;
 795        Curl_strntolower(lcookie, co->domain, clen);
 796        lcookie[clen] = 0;
 797        acceptable = psl_is_cookie_domain_acceptable(psl, lcase, lcookie);
 798        Curl_psl_release(data);
 799      }
 800      else
 801        infof(data, "libpsl problem, rejecting cookie for safety");
 802    }
 803
 804    if(!acceptable) {
 805      infof(data, "cookie '%s' dropped, domain '%s' must not "
 806            "set cookies for '%s'", co->name, domain, co->domain);
 807      return TRUE;
 808    }
 809  }
 810#else
 811  (void)data;
 812  (void)co;
 813  (void)domain;
 814  DEBUGF(infof(data, "NO PSL to check set-cookie '%s' for domain=%s in %s",
 815               co->name, co->domain, domain));
 816#endif
 817  return FALSE;
 818}
 819
 820/* returns TRUE when replaced */
 821static bool replace_existing(struct Curl_easy *data,
 822                             struct Cookie *co,
 823                             const struct CookieInfo *ci,
 824                             bool secure,
 825                             bool *replacep)
 826{
 827  bool replace_old = FALSE;
 828  struct Curl_llist_node *replace_n = NULL;
 829  struct Curl_llist_node *n;
 830  size_t myhash = cookiehash(co->domain);
 831  for(n = Curl_llist_head(&ci->cookielist[myhash]); n; n = Curl_node_next(n)) {
 832    struct Cookie *clist = Curl_node_elem(n);
 833    if(!strcmp(clist->name, co->name)) {
 834      /* the names are identical */
 835      bool matching_domains = FALSE;
 836
 837      if(clist->domain && co->domain) {
 838        if(curl_strequal(clist->domain, co->domain))
 839          /* The domains are identical */
 840          matching_domains = TRUE;
 841      }
 842      else if(!clist->domain && !co->domain)
 843        matching_domains = TRUE;
 844
 845      if(matching_domains && /* the domains were identical */
 846         clist->path && co->path && /* both have paths */
 847         clist->secure && !co->secure && !secure) {
 848        size_t cllen;
 849        const char *sep = NULL;
 850
 851        /*
 852         * A non-secure cookie may not overlay an existing secure cookie.
 853         * For an existing cookie "a" with path "/login", refuse a new
 854         * cookie "a" with for example path "/login/en", while the path
 855         * "/loginhelper" is ok.
 856         */
 857
 858        DEBUGASSERT(clist->path[0]);
 859        if(clist->path[0])
 860          sep = strchr(clist->path + 1, '/');
 861        if(sep)
 862          cllen = sep - clist->path;
 863        else
 864          cllen = strlen(clist->path);
 865
 866        if(!strncmp(clist->path, co->path, cllen)) {
 867          infof(data, "cookie '%s' for domain '%s' dropped, would "
 868                "overlay an existing cookie", co->name, co->domain);
 869          return FALSE;
 870        }
 871      }
 872    }
 873
 874    if(!replace_n && !strcmp(clist->name, co->name)) {
 875      /* the names are identical */
 876
 877      if(clist->domain && co->domain) {
 878        if(curl_strequal(clist->domain, co->domain) &&
 879           (clist->tailmatch == co->tailmatch))
 880          /* The domains are identical */
 881          replace_old = TRUE;
 882      }
 883      else if(!clist->domain && !co->domain)
 884        replace_old = TRUE;
 885
 886      if(replace_old) {
 887        /* the domains were identical */
 888
 889        if(clist->path && co->path &&
 890           strcmp(clist->path, co->path))
 891          replace_old = FALSE;
 892        else if(!clist->path != !co->path)
 893          replace_old = FALSE;
 894      }
 895
 896      if(replace_old && !co->livecookie && clist->livecookie) {
 897        /*
 898         * Both cookies matched fine, except that the already present cookie
 899         * is "live", which means it was set from a header, while the new one
 900         * was read from a file and thus is not "live". "live" cookies are
 901         * preferred so the new cookie is freed.
 902         */
 903        return FALSE;
 904      }
 905      if(replace_old)
 906        replace_n = n;
 907    }
 908  }
 909  if(replace_n) {
 910    struct Cookie *repl = Curl_node_elem(replace_n);
 911
 912    /* when replacing, creationtime is kept from old */
 913    co->creationtime = repl->creationtime;
 914
 915    /* unlink the old */
 916    Curl_node_remove(replace_n);
 917
 918    /* free the old cookie */
 919    freecookie(repl, TRUE);
 920  }
 921  *replacep = replace_old;
 922  return TRUE;
 923}
 924
 925/*
 926 * Curl_cookie_add
 927 *
 928 * Add a single cookie line to the cookie keeping object. Be aware that
 929 * sometimes we get an IP-only hostname, and that might also be a numerical
 930 * IPv6 address.
 931 *
 932 */
 933CURLcode Curl_cookie_add(
 934  struct Curl_easy *data,
 935  struct CookieInfo *ci,
 936  bool httpheader,     /* TRUE if HTTP header-style line */
 937  bool noexpire,       /* if TRUE, skip remove_expired() */
 938  const char *lineptr, /* first character of the line */
 939  const char *domain,  /* default domain */
 940  const char *path,    /* full path used when this cookie is set, used
 941                          to get default path for the cookie unless set */
 942  bool secure)         /* TRUE if connection is over secure origin */
 943{
 944  struct Cookie comem;
 945  struct Cookie *co;
 946  size_t myhash;
 947  CURLcode result;
 948  bool replaces = FALSE;
 949  bool okay;
 950
 951  DEBUGASSERT(data);
 952  DEBUGASSERT(MAX_SET_COOKIE_AMOUNT <= 255); /* counter is an unsigned char */
 953  if(data->req.setcookies >= MAX_SET_COOKIE_AMOUNT)
 954    return CURLE_OK; /* silently ignore */
 955
 956  co = &comem;
 957  memset(co, 0, sizeof(comem));
 958
 959  if(httpheader)
 960    result = parse_cookie_header(data, co, ci, &okay,
 961                                 lineptr, domain, path, secure);
 962  else
 963    result = parse_netscape(co, ci, &okay, lineptr, secure);
 964
 965  if(result || !okay)
 966    goto fail;
 967
 968  if(co->prefix_secure && !co->secure)
 969    /* The __Secure- prefix only requires that the cookie be set secure */
 970    goto fail;
 971
 972  if(co->prefix_host) {
 973    /*
 974     * The __Host- prefix requires the cookie to be secure, have a "/" path
 975     * and not have a domain set.
 976     */
 977    if(co->secure && co->path && !strcmp(co->path, "/") && !co->tailmatch)
 978      ;
 979    else
 980      goto fail;
 981  }
 982
 983  if(!ci->running &&    /* read from a file */
 984     ci->newsession &&  /* clean session cookies */
 985     !co->expires)      /* this is a session cookie */
 986    goto fail;
 987
 988  co->livecookie = ci->running;
 989  co->creationtime = ++ci->lastct;
 990
 991  /*
 992   * Now we have parsed the incoming line, we must now check if this supersedes
 993   * an already existing cookie, which it may if the previous have the same
 994   * domain and path as this.
 995   */
 996
 997  /* remove expired cookies */
 998  if(!noexpire)
 999    remove_expired(ci);
1000
1001  if(is_public_suffix(data, co, domain))
1002    goto fail;
1003
1004  if(!replace_existing(data, co, ci, secure, &replaces))
1005    goto fail;
1006
1007  /* clone the stack struct into heap */
1008  co = curlx_memdup(&comem, sizeof(comem));
1009  if(!co) {
1010    co = &comem;
1011    result = CURLE_OUT_OF_MEMORY;
1012    goto fail; /* bail out if we are this low on memory */
1013  }
1014
1015  /* add this cookie to the list */
1016  myhash = cookiehash(co->domain);
1017  Curl_llist_append(&ci->cookielist[myhash], co, &co->node);
1018
1019  if(ci->running)
1020    /* Only show this when NOT reading the cookies from a file */
1021    infof(data, "%s cookie %s=\"%s\" for domain %s, path %s, "
1022          "expire %" FMT_OFF_T,
1023          replaces ? "Replaced" : "Added", co->name, co->value,
1024          co->domain, co->path, co->expires);
1025
1026  if(!replaces)
1027    ci->numcookies++; /* one more cookie in the jar */
1028
1029  /*
1030   * Now that we have added a new cookie to the jar, update the expiration
1031   * tracker in case it is the next one to expire.
1032   */
1033  if(co->expires && (co->expires < ci->next_expiration))
1034    ci->next_expiration = co->expires;
1035
1036  if(httpheader)
1037    data->req.setcookies++;
1038
1039  return result;
1040fail:
1041  freecookie(co, FALSE);
1042  return result;
1043}
1044
1045/*
1046 * Curl_cookie_init()
1047 *
1048 * Inits a cookie struct to read data from a local file. This is always
1049 * called before any cookies are set. File may be NULL in which case only the
1050 * struct is initialized. Is file is "-" then STDIN is read.
1051 *
1052 * If 'newsession' is TRUE, discard all "session cookies" on read from file.
1053 *
1054 * Note that 'data' might be called as NULL pointer. If data is NULL, 'file'
1055 * will be ignored.
1056 *
1057 * Returns NULL on out of memory.
1058 */
1059struct CookieInfo *Curl_cookie_init(void)
1060{
1061  int i;
1062  struct CookieInfo *ci = curlx_calloc(1, sizeof(struct CookieInfo));
1063  if(!ci)
1064    return NULL;
1065
1066  /* This does not use the destructor callback since we want to add
1067     and remove to lists while keeping the cookie struct intact */
1068  for(i = 0; i < COOKIE_HASH_SIZE; i++)
1069    Curl_llist_init(&ci->cookielist[i], NULL);
1070  /*
1071   * Initialize the next_expiration time to signal that we do not have enough
1072   * information yet.
1073   */
1074  ci->next_expiration = CURL_OFF_T_MAX;
1075
1076  return ci;
1077}
1078
1079/*
1080 * cookie_load()
1081 *
1082 * Reads cookies from a local file. This is always called before any cookies
1083 * are set. If file is "-" then STDIN is read.
1084 *
1085 * If 'newsession' is TRUE, discard all "session cookies" on read from file.
1086 *
1087 */
1088static CURLcode cookie_load(struct Curl_easy *data, const char *file,
1089                            struct CookieInfo *ci, bool newsession)
1090{
1091  FILE *handle = NULL;
1092  CURLcode result = CURLE_OK;
1093  FILE *fp = NULL;
1094  DEBUGASSERT(ci);
1095  DEBUGASSERT(data);
1096  DEBUGASSERT(file);
1097
1098  ci->newsession = newsession; /* new session? */
1099  ci->running = FALSE; /* this is not running, this is init */
1100
1101  if(file && *file) {
1102    if(!strcmp(file, "-"))
1103      fp = stdin;
1104    else {
1105      fp = curlx_fopen(file, "rb");
1106      if(!fp)
1107        infof(data, "WARNING: failed to open cookie file \"%s\"", file);
1108      else {
1109        curlx_struct_stat stat;
1110        if((curlx_fstat(fileno(fp), &stat) != -1) && S_ISDIR(stat.st_mode)) {
1111          curlx_fclose(fp);
1112          fp = NULL;
1113          infof(data, "WARNING: cookie filename points to a directory: \"%s\"",
1114                file);
1115        }
1116        else
1117          handle = fp;
1118      }
1119    }
1120  }
1121
1122  if(fp) {
1123    struct dynbuf buf;
1124    bool eof = FALSE;
1125    curlx_dyn_init(&buf, MAX_COOKIE_LINE);
1126    do {
1127      result = Curl_get_line(&buf, fp, &eof);
1128      if(!result) {
1129        const char *lineptr = curlx_dyn_ptr(&buf);
1130        bool headerline = FALSE;
1131        if(checkprefix("Set-Cookie:", lineptr)) {
1132          /* This is a cookie line, get it! */
1133          lineptr += 11;
1134          headerline = TRUE;
1135          curlx_str_passblanks(&lineptr);
1136        }
1137
1138        result = Curl_cookie_add(data, ci, headerline, TRUE, lineptr, NULL,
1139                                 NULL, TRUE);
1140        /* File reading cookie failures are not propagated back to the
1141           caller because there is no way to do that */
1142      }
1143    } while(!result && !eof);
1144    curlx_dyn_free(&buf); /* free the line buffer */
1145
1146    /*
1147     * Remove expired cookies from the hash. We must make sure to run this
1148     * after reading the file, and not on every cookie.
1149     */
1150    remove_expired(ci);
1151
1152    if(handle)
1153      curlx_fclose(handle);
1154  }
1155  data->state.cookie_engine = TRUE;
1156  ci->running = TRUE;          /* now, we are running */
1157
1158  return result;
1159}
1160
1161/*
1162 * Load cookies from all given cookie files (CURLOPT_COOKIEFILE).
1163 */
1164CURLcode Curl_cookie_loadfiles(struct Curl_easy *data)
1165{
1166  CURLcode result = CURLE_OK;
1167  struct curl_slist *list = data->state.cookielist;
1168  if(list) {
1169    Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE);
1170    if(!data->cookies)
1171      data->cookies = Curl_cookie_init();
1172    if(!data->cookies)
1173      result = CURLE_OUT_OF_MEMORY;
1174    else {
1175      data->state.cookie_engine = TRUE;
1176      while(list) {
1177        result = cookie_load(data, list->data, data->cookies,
1178                             (bool)data->set.cookiesession);
1179        if(result)
1180          break;
1181        list = list->next;
1182      }
1183    }
1184    Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE);
1185  }
1186  return result;
1187}
1188
1189/*
1190 * cookie_sort
1191 *
1192 * Helper function to sort cookies such that the longest path gets before the
1193 * shorter path. Path, domain and name lengths are considered in that order,
1194 * with the creationtime as the tiebreaker. The creationtime is guaranteed to
1195 * be unique per cookie, so we know we will get an ordering at that point.
1196 */
1197static int cookie_sort(const void *p1, const void *p2)
1198{
1199  const struct Cookie *c1 = *(const struct Cookie * const *)p1;
1200  const struct Cookie *c2 = *(const struct Cookie * const *)p2;
1201  size_t l1, l2;
1202
1203  /* 1 - compare cookie path lengths */
1204  l1 = c1->path ? strlen(c1->path) : 0;
1205  l2 = c2->path ? strlen(c2->path) : 0;
1206
1207  if(l1 != l2)
1208    return (l2 > l1) ? 1 : -1; /* avoid size_t <=> int conversions */
1209
1210  /* 2 - compare cookie domain lengths */
1211  l1 = c1->domain ? strlen(c1->domain) : 0;
1212  l2 = c2->domain ? strlen(c2->domain) : 0;
1213
1214  if(l1 != l2)
1215    return (l2 > l1) ? 1 : -1; /* avoid size_t <=> int conversions */
1216
1217  /* 3 - compare cookie name lengths */
1218  l1 = c1->name ? strlen(c1->name) : 0;
1219  l2 = c2->name ? strlen(c2->name) : 0;
1220
1221  if(l1 != l2)
1222    return (l2 > l1) ? 1 : -1;
1223
1224  /* 4 - compare cookie creation time */
1225  return (c2->creationtime > c1->creationtime) ? 1 : -1;
1226}
1227
1228/*
1229 * cookie_sort_ct
1230 *
1231 * Helper function to sort cookies according to creation time.
1232 */
1233static int cookie_sort_ct(const void *p1, const void *p2)
1234{
1235  const struct Cookie *c1 = *(const struct Cookie * const *)p1;
1236  const struct Cookie *c2 = *(const struct Cookie * const *)p2;
1237
1238  return (c2->creationtime > c1->creationtime) ? 1 : -1;
1239}
1240
1241bool Curl_secure_context(const struct connectdata *conn, const char *host)
1242{
1243  return conn->scheme->protocol & (CURLPROTO_HTTPS | CURLPROTO_WSS) ||
1244    curl_strequal("localhost", host) ||
1245    !strcmp(host, "127.0.0.1") ||
1246    !strcmp(host, "::1");
1247}
1248
1249/*
1250 * Curl_cookie_getlist
1251 *
1252 * For a given host and path, return a linked list of cookies that the client
1253 * should send to the server if used now. The secure boolean informs the cookie
1254 * if a secure connection is achieved or not.
1255 *
1256 * It shall only return cookies that have not expired.
1257 *
1258 * 'okay' is TRUE when there is a list returned.
1259 */
1260CURLcode Curl_cookie_getlist(struct Curl_easy *data,
1261                             const struct connectdata *conn,
1262                             bool *okay,
1263                             const char *host,
1264                             struct Curl_llist *list)
1265{
1266  size_t matches = 0;
1267  const bool is_ip = Curl_host_is_ipnum(host);
1268  const size_t myhash = cookiehash(host);
1269  struct Curl_llist_node *n;
1270  const bool secure = Curl_secure_context(conn, host);
1271  struct CookieInfo *ci = data->cookies;
1272  const char *path = data->state.up.path;
1273  CURLcode result = CURLE_OK;
1274  *okay = FALSE;
1275
1276  Curl_llist_init(list, NULL);
1277
1278  if(!ci || !Curl_llist_count(&ci->cookielist[myhash]))
1279    return CURLE_OK; /* no cookie struct or no cookies in the struct */
1280
1281  /* at first, remove expired cookies */
1282  remove_expired(ci);
1283
1284  for(n = Curl_llist_head(&ci->cookielist[myhash]); n; n = Curl_node_next(n)) {
1285    struct Cookie *co = Curl_node_elem(n);
1286
1287    /* if the cookie requires we are secure we must only continue if we are! */
1288    if(co->secure ? secure : TRUE) {
1289
1290      /* now check if the domain is correct */
1291      if(!co->domain ||
1292         (co->tailmatch && !is_ip &&
1293          cookie_tailmatch(co->domain, strlen(co->domain), host)) ||
1294         ((!co->tailmatch || is_ip) && curl_strequal(host, co->domain))) {
1295        /*
1296         * the right part of the host matches the domain stuff in the
1297         * cookie data
1298         */
1299
1300        /*
1301         * now check the left part of the path with the cookies path
1302         * requirement
1303         */
1304        if(!co->path || pathmatch(co->path, path)) {
1305
1306          /*
1307           * This is a match and we add it to the return-linked-list
1308           */
1309          Curl_llist_append(list, co, &co->getnode);
1310          matches++;
1311          if(matches >= MAX_COOKIE_SEND_AMOUNT) {
1312            infof(data, "Included max number of cookies (%zu) in request!",
1313                  matches);
1314            break;
1315          }
1316        }
1317      }
1318    }
1319  }
1320
1321  if(matches) {
1322    /*
1323     * Now we need to make sure that if there is a name appearing more than
1324     * once, the longest specified path version comes first. To make this the
1325     * swiftest way, we sort them all based on path length.
1326     */
1327    struct Cookie **array;
1328    size_t i;
1329
1330    /* alloc an array and store all cookie pointers */
1331    array = curlx_malloc(sizeof(struct Cookie *) * matches);
1332    if(!array) {
1333      result = CURLE_OUT_OF_MEMORY;
1334      goto fail;
1335    }
1336
1337    n = Curl_llist_head(list);
1338
1339    for(i = 0; n; n = Curl_node_next(n))
1340      array[i++] = Curl_node_elem(n);
1341
1342    /* now sort the cookie pointers in path length order */
1343    qsort(array, matches, sizeof(struct Cookie *), cookie_sort);
1344
1345    /* remake the linked list order according to the new order */
1346    Curl_llist_destroy(list, NULL);
1347
1348    for(i = 0; i < matches; i++)
1349      Curl_llist_append(list, array[i], &array[i]->getnode);
1350
1351    curlx_free(array); /* remove the temporary data again */
1352  }
1353
1354  *okay = TRUE;
1355  return CURLE_OK; /* success */
1356
1357fail:
1358  /* failure, clear up the allocated chain and return NULL */
1359  Curl_llist_destroy(list, NULL);
1360  return result; /* error */
1361}
1362
1363/*
1364 * Curl_cookie_clearall
1365 *
1366 * Clear all existing cookies and reset the counter.
1367 */
1368void Curl_cookie_clearall(struct CookieInfo *ci)
1369{
1370  if(ci) {
1371    unsigned int i;
1372    for(i = 0; i < COOKIE_HASH_SIZE; i++) {
1373      struct Curl_llist_node *n;
1374      for(n = Curl_llist_head(&ci->cookielist[i]); n;) {
1375        struct Cookie *c = Curl_node_elem(n);
1376        struct Curl_llist_node *e = Curl_node_next(n);
1377        Curl_node_remove(n);
1378        freecookie(c, TRUE);
1379        n = e;
1380      }
1381    }
1382    ci->numcookies = 0;
1383  }
1384}
1385
1386/*
1387 * Curl_cookie_clearsess
1388 *
1389 * Free all session cookies in the cookies list.
1390 */
1391void Curl_cookie_clearsess(struct CookieInfo *ci)
1392{
1393  unsigned int i;
1394
1395  if(!ci)
1396    return;
1397
1398  for(i = 0; i < COOKIE_HASH_SIZE; i++) {
1399    struct Curl_llist_node *n = Curl_llist_head(&ci->cookielist[i]);
1400    struct Curl_llist_node *e = NULL;
1401
1402    for(; n; n = e) {
1403      struct Cookie *curr = Curl_node_elem(n);
1404      e = Curl_node_next(n); /* in case the node is removed, get it early */
1405      if(!curr->expires) {
1406        Curl_node_remove(n);
1407        freecookie(curr, TRUE);
1408        ci->numcookies--;
1409      }
1410    }
1411  }
1412}
1413
1414/*
1415 * Curl_cookie_cleanup()
1416 *
1417 * Free a "cookie object" previous created with Curl_cookie_init().
1418 */
1419void Curl_cookie_cleanup(struct CookieInfo *ci)
1420{
1421  if(ci) {
1422    Curl_cookie_clearall(ci);
1423    curlx_free(ci); /* free the base struct as well */
1424  }
1425}
1426
1427/*
1428 * get_netscape_format()
1429 *
1430 * Formats a string for Netscape output file, w/o a newline at the end.
1431 * Function returns a char * to a formatted line. The caller is responsible
1432 * for freeing the returned pointer.
1433 */
1434static char *get_netscape_format(const struct Cookie *co)
1435{
1436  return curl_maprintf(
1437    "%s"               /* httponly preamble */
1438    "%s%s\t"           /* domain */
1439    "%s\t"             /* tailmatch */
1440    "%s\t"             /* path */
1441    "%s\t"             /* secure */
1442    "%" FMT_OFF_T "\t" /* expires */
1443    "%s\t"             /* name */
1444    "%s",              /* value */
1445    co->httponly ? "#HttpOnly_" : "",
1446    /*
1447     * Make sure all domains are prefixed with a dot if they allow
1448     * tailmatching. This is Mozilla-style.
1449     */
1450    (co->tailmatch && co->domain && co->domain[0] != '.') ? "." : "",
1451    co->domain ? co->domain : "unknown",
1452    co->tailmatch ? "TRUE" : "FALSE",
1453    co->path ? co->path : "/",
1454    co->secure ? "TRUE" : "FALSE",
1455    co->expires,
1456    co->name,
1457    co->value ? co->value : "");
1458}
1459
1460/*
1461 * cookie_output()
1462 *
1463 * Writes all internally known cookies to the specified file. Specify
1464 * "-" as filename to write to stdout.
1465 *
1466 * The function returns non-zero on write failure.
1467 */
1468static CURLcode cookie_output(struct Curl_easy *data,
1469                              struct CookieInfo *ci,
1470                              const char *filename)
1471{
1472  FILE *out = NULL;
1473  bool use_stdout = FALSE;
1474  char *tempstore = NULL;
1475  CURLcode result = CURLE_OK;
1476
1477  if(!ci)
1478    /* no cookie engine alive */
1479    return CURLE_OK;
1480
1481  /* at first, remove expired cookies */
1482  remove_expired(ci);
1483
1484  if(!strcmp("-", filename)) {
1485    /* use stdout */
1486    out = stdout;
1487    use_stdout = TRUE;
1488  }
1489  else {
1490    result = Curl_fopen(data, filename, &out, &tempstore);
1491    if(result)
1492      goto error;
1493  }
1494
1495  fputs("# Netscape HTTP Cookie File\n"
1496        "# https://curl.se/docs/http-cookies.html\n"
1497        "# This file was generated by libcurl! Edit at your own risk.\n\n",
1498        out);
1499
1500  if(ci->numcookies) {
1501    unsigned int i;
1502    size_t nvalid = 0;
1503    struct Cookie **array;
1504    struct Curl_llist_node *n;
1505
1506    array = curlx_calloc(1, sizeof(struct Cookie *) * ci->numcookies);
1507    if(!array) {
1508      result = CURLE_OUT_OF_MEMORY;
1509      goto error;
1510    }
1511
1512    /* only sort the cookies with a domain property */
1513    for(i = 0; i < COOKIE_HASH_SIZE; i++) {
1514      for(n = Curl_llist_head(&ci->cookielist[i]); n; n = Curl_node_next(n)) {
1515        struct Cookie *co = Curl_node_elem(n);
1516        if(!co->domain)
1517          continue;
1518        array[nvalid++] = co;
1519      }
1520    }
1521
1522    qsort(array, nvalid, sizeof(struct Cookie *), cookie_sort_ct);
1523
1524    for(i = 0; i < nvalid; i++) {
1525      char *format_ptr = get_netscape_format(array[i]);
1526      if(!format_ptr) {
1527        curlx_free(array);
1528        result = CURLE_OUT_OF_MEMORY;
1529        goto error;
1530      }
1531      curl_mfprintf(out, "%s\n", format_ptr);
1532      curlx_free(format_ptr);
1533    }
1534
1535    curlx_free(array);
1536  }
1537
1538  if(!use_stdout) {
1539    curlx_fclose(out);
1540    out = NULL;
1541    if(tempstore && curlx_rename(tempstore, filename)) {
1542      result = CURLE_WRITE_ERROR;
1543      goto error;
1544    }
1545  }
1546
1547  /*
1548   * If we reach here we have successfully written a cookie file so there is
1549   * no need to inspect the error, any error case should have jumped into the
1550   * error block below.
1551   */
1552  curlx_free(tempstore);
1553  return CURLE_OK;
1554
1555error:
1556  if(out && !use_stdout)
1557    curlx_fclose(out);
1558  if(tempstore) {
1559    unlink(tempstore);
1560    curlx_free(tempstore);
1561  }
1562  return result;
1563}
1564
1565static struct curl_slist *cookie_list(const struct Curl_easy *data)
1566{
1567  struct curl_slist *list = NULL;
1568  struct curl_slist *beg;
1569  unsigned int i;
1570  struct Curl_llist_node *n;
1571
1572  if(!data->cookies || (data->cookies->numcookies == 0))
1573    return NULL;
1574
1575  /* at first, remove expired cookies */
1576  remove_expired(data->cookies);
1577
1578  for(i = 0; i < COOKIE_HASH_SIZE; i++) {
1579    for(n = Curl_llist_head(&data->cookies->cookielist[i]); n;
1580        n = Curl_node_next(n)) {
1581      struct Cookie *c = Curl_node_elem(n);
1582      char *line;
1583      if(!c->domain)
1584        continue;
1585      line = get_netscape_format(c);
1586      if(!line) {
1587        curl_slist_free_all(list);
1588        return NULL;
1589      }
1590      beg = Curl_slist_append_nodup(list, line);
1591      if(!beg) {
1592        curlx_free(line);
1593        curl_slist_free_all(list);
1594        return NULL;
1595      }
1596      list = beg;
1597    }
1598  }
1599
1600  return list;
1601}
1602
1603struct curl_slist *Curl_cookie_list(struct Curl_easy *data)
1604{
1605  struct curl_slist *list;
1606  Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE);
1607  list = cookie_list(data);
1608  Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE);
1609  return list;
1610}
1611
1612void Curl_flush_cookies(struct Curl_easy *data, bool cleanup)
1613{
1614  Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE);
1615  /* only save the cookie file if a transfer was started (cookies->running is
1616     set), as otherwise the cookies were not completely initialized and there
1617     might be cookie files that were not loaded so saving the file is the
1618     wrong thing. */
1619  if(data->cookies) {
1620    if(data->set.str[STRING_COOKIEJAR] && data->cookies->running) {
1621      /* if we have a destination file for all the cookies to get dumped to */
1622      CURLcode result = cookie_output(data, data->cookies,
1623                                      data->set.str[STRING_COOKIEJAR]);
1624      if(result)
1625        infof(data, "WARNING: failed to save cookies in %s: %s",
1626              data->set.str[STRING_COOKIEJAR], curl_easy_strerror(result));
1627    }
1628
1629    if(cleanup && (!data->share || (data->cookies != data->share->cookies))) {
1630      Curl_cookie_cleanup(data->cookies);
1631      data->cookies = NULL;
1632    }
1633  }
1634  Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE);
1635}
1636
1637void Curl_cookie_run(struct Curl_easy *data)
1638{
1639  Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE);
1640  if(data->cookies)
1641    data->cookies->running = TRUE;
1642  Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE);
1643}
1644
1645#endif /* CURL_DISABLE_HTTP || CURL_DISABLE_COOKIES */