cURL / Mailing Lists / curl-library / Single Mail


Re: [PATCH] fix cookie max-age field integer overflow bug in libcurl

From: chen prog <>
Date: Thu, 16 Jan 2014 11:11:55 +0800

as i known, there are two problem at this place.
first, deal max-age integer overflow
second, when http server set-cookie max-age and expires at once, libcurl
cannt support rfc6265 friendly

answer to your 3 questions:
1.too long seems a poor excuse, you can fix to
    co->expires =

    co->expires += (long)now

2. not amx-age larger than 31 bit, but (now + max-age) may did
3.this bug can occur in windows 7 VS2005 and it support int64, this system

On Wed, Jan 15, 2014 at 7:44 PM, Daniel Stenberg <> wrote:

> On Wed, 15 Jan 2014, Daniel Stenberg wrote:
> Thanks, but I couldn't help a nagging feeling we can do even better and I
>> wanted to hear what you and others have to say...
> Oh, and I noticed that we base max-age on "expires" which is wrong.
> Max-age is the age in seconds from *now*. And if both expires and max-age
> are used, max-age takes precedence. See in RFC6265.
> I think this requires a little polishing!
> --
> /
> -------------------------------------------------------------------
> List admin:
> Etiquette:

List admin:
Received on 2014-01-16