cURL
Haxx ad
libcurl

curl's project page on SourceForge.net

Sponsors:
Haxx

cURL > Mailing List > Monthly Index > Single Mail

curl-tracker Archives

[curl:bugs] #1221 Problems with cookies and numerical IPv6 addresses

From: Daniel Stenberg <bagder_at_users.sf.net>
Date: Tue, 21 May 2013 21:36:44 +0000

- **status**: open-confirmed --> closed-fixed

---
** [bugs:#1221] Problems with cookies and numerical IPv6 addresses**
**Status:** closed-fixed
**Labels:** cookies 
**Created:** Mon May 06, 2013 01:35 PM UTC by Stefan Neis
**Last Updated:** Tue May 07, 2013 11:56 AM UTC
**Owner:** Daniel Stenberg
In testing our application linked with libcurl-7.30.0 we encountered some problems with cookies when using IPv6 addresses directly. Upon inspecting the source code in lib/cookie.c, I (believe I) identified two immediate problems:
* In Curl_cookie_add, if you're using HTTP header-style, there's a test that the "domain" contains at least two dots. This is of course fine for real "domain names" and I'm unsure if that code is also used to handle IP adresses of servers (e.g. when connecting to say 192.168.18.33 instead of demo.local.net), but if it is used, it "obviously" only works for IPv4 addresses (containing dots) but not for IPv6 addresses (containing colons only).
* Still in Curl_cookie_add, if you're _not_ using HTTP header-style, there is this nice check:
~~~~~~
  /`*` Here's a quick check to eliminate normal HTTP-headers from this `*`/
  if(!firstptr || strchr(firstptr, ':')) {
     free(co);
     return NULL;
  }
~~~~~~
This "of course" not only throws HTTP-headers away, but also leads to ignore IPv6 addresses.
The result is that I'm unable to set cookies that should be send to a specific IPv6 host. Using curl_easy_getinfo(.., CURLINFO_COOKIELIST,...), I obtain something like e.g. "#HttpOnly_2001:0db8:85a3:08d3:1319:8a2e:0370:7344\tFALSE\t<path>\tFALSE\t0\tJSESSIONID\t1234", but trying to set it via curl_easy_setopt(..., CURLOPT_COOKIELIST,...) fails (IMHO because of the above mentioned check for colons).
Assuming this gets fixed, there might be another problem waiting in Curl_cookie_getlist, where I don't really know whether or not the host passed in still has the square brackets or not - checking 2001:0db8:85a3:08d3:1319:8a2e:0370:7344 against [2001:0db8:85a3:08d3:1319:8a2e:0370:7344] with Curl_raw_equal wouldn't work, would it. 
---
Sent from sourceforge.net because you indicated interest in <https://sourceforge.net/p/curl/bugs/1221/>
To unsubscribe from further messages, please visit <https://sourceforge.net/auth/subscriptions/>
Received on 2013-05-21

These mail archives are generated by hypermail.

donate! Page updated May 06, 2013.
web site info

File upload with ASP.NET