cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: [PATCH] fix cookie max-age field integer overflow bug in libcurl

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Thu, 16 Jan 2014 09:05:01 +0100 (CET)

On Thu, 16 Jan 2014, chen prog wrote:

> as i known, there are two problem at this place.

Even three. 1) the overflow 2) the 31 bit limit and 3) the max-age not being
preferred over expires.

There's also a potential 4) we don't have any tests for max-age at all. I need
to think of a way to add such. max-age being converted to "now + value" makes
the number new in every invoke though so we need to introduce some new fun
number magic...

My suggested take to address the three problems, and still working for systems
without 64bit curl_off_t, is like this:

---- snip ------------------
Received on 2014-01-16