• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 #ifndef HEADER_CURL_COOKIE_H
2 #define HEADER_CURL_COOKIE_H
3 /***************************************************************************
4  *                                  _   _ ____  _
5  *  Project                     ___| | | |  _ \| |
6  *                             / __| | | | |_) | |
7  *                            | (__| |_| |  _ <| |___
8  *                             \___|\___/|_| \_\_____|
9  *
10  * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
11  *
12  * This software is licensed as described in the file COPYING, which
13  * you should have received as part of this distribution. The terms
14  * are also available at https://curl.se/docs/copyright.html.
15  *
16  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
17  * copies of the Software, and permit persons to whom the Software is
18  * furnished to do so, under the terms of the COPYING file.
19  *
20  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
21  * KIND, either express or implied.
22  *
23  * SPDX-License-Identifier: curl
24  *
25  ***************************************************************************/
26 #include "curl_setup.h"
27 
28 #include <curl/curl.h>
29 
30 struct Cookie {
31   struct Cookie *next; /* next in the chain */
32   char *name;        /* <this> = value */
33   char *value;       /* name = <this> */
34   char *path;         /* path = <this> which is in Set-Cookie: */
35   char *spath;        /* sanitized cookie path */
36   char *domain;      /* domain = <this> */
37   curl_off_t expires;  /* expires = <this> */
38   bool tailmatch;    /* whether we do tail-matching of the domain name */
39   bool secure;       /* whether the 'secure' keyword was used */
40   bool livecookie;   /* updated from a server, not a stored file */
41   bool httponly;     /* true if the httponly directive is present */
42   int creationtime;  /* time when the cookie was written */
43   unsigned char prefix; /* bitmap fields indicating which prefix are set */
44 };
45 
46 /*
47  * Available cookie prefixes, as defined in
48  * draft-ietf-httpbis-rfc6265bis-02
49  */
50 #define COOKIE_PREFIX__SECURE (1<<0)
51 #define COOKIE_PREFIX__HOST (1<<1)
52 
53 #define COOKIE_HASH_SIZE 63
54 
55 struct CookieInfo {
56   /* linked list of cookies we know of */
57   struct Cookie *cookies[COOKIE_HASH_SIZE];
58   curl_off_t next_expiration; /* the next time at which expiration happens */
59   int numcookies;  /* number of cookies in the "jar" */
60   int lastct;      /* last creation-time used in the jar */
61   bool running;    /* state info, for cookie adding information */
62   bool newsession; /* new session, discard session cookies on load */
63 };
64 
65 /* The maximum sizes we accept for cookies. RFC 6265 section 6.1 says
66    "general-use user agents SHOULD provide each of the following minimum
67    capabilities":
68 
69    - At least 4096 bytes per cookie (as measured by the sum of the length of
70      the cookie's name, value, and attributes).
71    In the 6265bis draft document section 5.4 it is phrased even stronger: "If
72    the sum of the lengths of the name string and the value string is more than
73    4096 octets, abort these steps and ignore the set-cookie-string entirely."
74 */
75 
76 /** Limits for INCOMING cookies **/
77 
78 /* The longest we allow a line to be when reading a cookie from a HTTP header
79    or from a cookie jar */
80 #define MAX_COOKIE_LINE 5000
81 
82 /* Maximum length of an incoming cookie name or content we deal with. Longer
83    cookies are ignored. */
84 #define MAX_NAME 4096
85 
86 /* Maximum number of Set-Cookie: lines accepted in a single response. If more
87    such header lines are received, they are ignored. This value must be less
88    than 256 since an unsigned char is used to count. */
89 #define MAX_SET_COOKIE_AMOUNT 50
90 
91 /** Limits for OUTGOING cookies **/
92 
93 /* Maximum size for an outgoing cookie line libcurl will use in an http
94    request. This is the default maximum length used in some versions of Apache
95    httpd. */
96 #define MAX_COOKIE_HEADER_LEN 8190
97 
98 /* Maximum number of cookies libcurl will send in a single request, even if
99    there might be more cookies that match. One reason to cap the number is to
100    keep the maximum HTTP request within the maximum allowed size. */
101 #define MAX_COOKIE_SEND_AMOUNT 150
102 
103 struct Curl_easy;
104 /*
105  * Add a cookie to the internal list of cookies. The domain and path arguments
106  * are only used if the header boolean is TRUE.
107  */
108 
109 struct Cookie *Curl_cookie_add(struct Curl_easy *data,
110                                struct CookieInfo *c, bool header,
111                                bool noexpiry, const char *lineptr,
112                                const char *domain, const char *path,
113                                bool secure);
114 
115 struct Cookie *Curl_cookie_getlist(struct Curl_easy *data,
116                                    struct CookieInfo *c, const char *host,
117                                    const char *path, bool secure);
118 void Curl_cookie_freelist(struct Cookie *cookies);
119 void Curl_cookie_clearall(struct CookieInfo *cookies);
120 void Curl_cookie_clearsess(struct CookieInfo *cookies);
121 
122 #if defined(CURL_DISABLE_HTTP) || defined(CURL_DISABLE_COOKIES)
123 #define Curl_cookie_list(x) NULL
124 #define Curl_cookie_loadfiles(x) Curl_nop_stmt
125 #define Curl_cookie_init(x,y,z,w) NULL
126 #define Curl_cookie_cleanup(x) Curl_nop_stmt
127 #define Curl_flush_cookies(x,y) Curl_nop_stmt
128 #else
129 void Curl_flush_cookies(struct Curl_easy *data, bool cleanup);
130 void Curl_cookie_cleanup(struct CookieInfo *c);
131 struct CookieInfo *Curl_cookie_init(struct Curl_easy *data,
132                                     const char *file, struct CookieInfo *inc,
133                                     bool newsession);
134 struct curl_slist *Curl_cookie_list(struct Curl_easy *data);
135 void Curl_cookie_loadfiles(struct Curl_easy *data);
136 #endif
137 
138 #endif /* HEADER_CURL_COOKIE_H */
139