From d21dde51b84efef7254ae9932f9095a46945b809 Mon Sep 17 00:00:00 2001 From: Micah Cowan Date: Thu, 27 Aug 2009 00:40:48 -0700 Subject: [PATCH] Heed cookies from 401s. --- src/ChangeLog | 6 ++++ src/http.c | 36 ++++++++++++------------ tests/ChangeLog | 15 ++++++++++ tests/HTTPServer.pm | 3 +- tests/Test-cookies-401.px | 53 +++++++++++++++++++++++++++++++++++ tests/Test-cookies.px | 59 +++++++++++++++++++++++++++++++++++++++ tests/run-px | 2 ++ 7 files changed, 155 insertions(+), 19 deletions(-) create mode 100755 tests/Test-cookies-401.px create mode 100755 tests/Test-cookies.px diff --git a/src/ChangeLog b/src/ChangeLog index 9795bbc4..03795ef7 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,9 @@ +2009-08-27 Micah Cowan + + * http.c (gethttp): Make sure Wget heeds cookies when they + are sent with a 401 response; or any other sort of response for + that matter (#26775). + 2009-08-19 Micah Cowan * openssl.c (ssl_check_certificate): Only warn about an attack if diff --git a/src/http.c b/src/http.c index a469745c..a8705aa4 100644 --- a/src/http.c +++ b/src/http.c @@ -1871,6 +1871,24 @@ gethttp (struct url *u, struct http_stat *hs, int *dt, struct url *proxy, } } + /* Handle (possibly multiple instances of) the Set-Cookie header. */ + if (opt.cookies) + { + int scpos; + const char *scbeg, *scend; + /* The jar should have been created by now. */ + assert (wget_cookie_jar != NULL); + for (scpos = 0; + (scpos = resp_header_locate (resp, "Set-Cookie", scpos, + &scbeg, &scend)) != -1; + ++scpos) + { + char *set_cookie; BOUNDED_TO_ALLOCA (scbeg, scend, set_cookie); + cookie_handle_set_cookie (wget_cookie_jar, u->host, u->port, + u->path, set_cookie); + } + } + if (keep_alive) /* The server has promised that it will not close the connection when we're done. This means that we can register it. */ @@ -2099,24 +2117,6 @@ File %s already there; not retrieving.\n\n"), quote (hs->local_file)); hs->newloc = resp_header_strdup (resp, "Location"); hs->remote_time = resp_header_strdup (resp, "Last-Modified"); - /* Handle (possibly multiple instances of) the Set-Cookie header. */ - if (opt.cookies) - { - int scpos; - const char *scbeg, *scend; - /* The jar should have been created by now. */ - assert (wget_cookie_jar != NULL); - for (scpos = 0; - (scpos = resp_header_locate (resp, "Set-Cookie", scpos, - &scbeg, &scend)) != -1; - ++scpos) - { - char *set_cookie; BOUNDED_TO_ALLOCA (scbeg, scend, set_cookie); - cookie_handle_set_cookie (wget_cookie_jar, u->host, u->port, - u->path, set_cookie); - } - } - if (resp_header_copy (resp, "Content-Range", hdrval, sizeof (hdrval))) { wgint first_byte_pos, last_byte_pos, entity_length; diff --git a/tests/ChangeLog b/tests/ChangeLog index 785b36e4..9d367e84 100644 --- a/tests/ChangeLog +++ b/tests/ChangeLog @@ -1,3 +1,18 @@ +2009-08-27 Micah Cowan + + * run-px: Added Test-cookies.px, Test-cookies-401.px + + * Test-cookies.px: Basic testing to make sure Wget doesn't send + cookies; no path/domain checking. + + * Test-cookies.px: Test to make sure Wget heeds cookies when they + are sent with a 401 response (#26775). + + * HTTPServer.pm (send_response): Don't try to substitute port in + response body, if there isn't one. + (verify_request_headers): Avoid uninitialized warning when an + expected header isn't provided by Wget. + 2009-07-27 Micah Cowan * Test-restrict-ascii.px: New. diff --git a/tests/HTTPServer.pm b/tests/HTTPServer.pm index 58b1a363..627c1028 100644 --- a/tests/HTTPServer.pm +++ b/tests/HTTPServer.pm @@ -123,7 +123,7 @@ sub send_response { next; } # fill in content - $content = $self->_substitute_port($content); + $content = $self->_substitute_port($content) if defined $content; $resp->content($content); print STDERR "HTTP::Response with content: \n", $resp->as_string if $log; } @@ -221,6 +221,7 @@ sub verify_request_headers { my $rhdr = $req->header ($hdrname); my $ehdr = $url_rec->{'request_headers'}{$hdrname}; unless (defined $rhdr && $rhdr =~ $ehdr) { + $rhdr = '' unless defined $rhdr; print STDERR "\n*** Mismatch on $hdrname: $rhdr =~ $ehdr\n"; return undef; } diff --git a/tests/Test-cookies-401.px b/tests/Test-cookies-401.px new file mode 100755 index 00000000..bb0d60e9 --- /dev/null +++ b/tests/Test-cookies-401.px @@ -0,0 +1,53 @@ +#!/usr/bin/perl + +use strict; +use warnings; + +use HTTPTest; + + +############################################################################### + +my $content = "You got it.\n"; + +# code, msg, headers, content +my %urls = ( + '/one.txt' => { + code => "401", + msg => "Forbidden", + headers => { + "Set-Cookie" => "foo=bar", + }, + }, + '/two.txt' => { + code => "200", + msg => "Ok", + content => $content, + request_headers => { + "Cookie" => qr|foo=bar|, + }, + }, +); + +my $cmdline = $WgetTest::WGETPATH . " -d http://localhost:{{port}}/one.txt" + . " http://localhost:{{port}}/two.txt"; + +my $expected_error_code = 0; + +my %expected_downloaded_files = ( + 'two.txt' => { + content => $content, + }, +); + +############################################################################### + +my $the_test = HTTPTest->new (name => "Test-cookies-401", + input => \%urls, + cmdline => $cmdline, + errcode => $expected_error_code, + output => \%expected_downloaded_files); +exit $the_test->run(); + +# vim: et ts=4 sw=4 + diff --git a/tests/Test-cookies.px b/tests/Test-cookies.px new file mode 100755 index 00000000..ec22ef21 --- /dev/null +++ b/tests/Test-cookies.px @@ -0,0 +1,59 @@ +#!/usr/bin/perl + +use strict; +use warnings; + +use HTTPTest; + + +############################################################################### + +my $page1 = "Hello, world!\n"; +my $page2 = "Goodbye, Sam.\n"; + +# code, msg, headers, content +my %urls = ( + '/one.txt' => { + code => "200", + msg => "Ok", + headers => { + "Content-type" => "text/plain", + "Set-Cookie" => "foo=bar", + }, + content => $page1, + }, + '/two.txt' => { + code => "200", + msg => "Ok", + content => $page2, + request_headers => { + "Cookie" => qr|foo=bar|, + }, + }, +); + +my $cmdline = $WgetTest::WGETPATH . " http://localhost:{{port}}/one.txt" + . " http://localhost:{{port}}/two.txt"; + +my $expected_error_code = 0; + +my %expected_downloaded_files = ( + 'one.txt' => { + content => $page1, + }, + 'two.txt' => { + content => $page2, + }, +); + +############################################################################### + +my $the_test = HTTPTest->new (name => "Test-cookies", + input => \%urls, + cmdline => $cmdline, + errcode => $expected_error_code, + output => \%expected_downloaded_files); +exit $the_test->run(); + +# vim: et ts=4 sw=4 + diff --git a/tests/run-px b/tests/run-px index 17a52cdf..e4e7c7dc 100755 --- a/tests/run-px +++ b/tests/run-px @@ -14,6 +14,8 @@ my @tests = ( 'Test-auth-basic.px', 'Test-auth-no-challenge.px', 'Test-auth-no-challenge-url.px', + 'Test-cookies.px', + 'Test-cookies-401.px', 'Test-proxy-auth-basic.px', 'Test-proxied-https-auth.px', 'Test-N-HTTP-Content-Disposition.px', -- 2.39.2