cookie: avoid saving a cookie file if no transfer was done
Because parts of the cookie loading happens on transfer start the
in-memory cookie jar risks being incomplete and then a save might
wrongly truncate the target file.
Added test 1902 to verify.
Reported-by: divinity76 on github
Fixes #18621
Closes #18622
diff --git a/lib/cookie.c b/lib/cookie.c
index 35d3326..90d375a 100644
--- a/lib/cookie.c
+++ b/lib/cookie.c
@@ -1658,18 +1658,18 @@
{
CURLcode res;
- if(data->set.str[STRING_COOKIEJAR]) {
- Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE);
-
+ Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE);
+ /* only save the cookie file if a transfer was started (data->state.url is
+ set), as otherwise the cookies were not completely initialized and there
+ might be cookie files that weren't loaded so saving the file is the wrong
+ thing. */
+ if(data->set.str[STRING_COOKIEJAR] && data->state.url) {
/* if we have a destination file for all the cookies to get dumped to */
res = cookie_output(data, data->cookies, data->set.str[STRING_COOKIEJAR]);
if(res)
infof(data, "WARNING: failed to save cookies in %s: %s",
data->set.str[STRING_COOKIEJAR], curl_easy_strerror(res));
}
- else {
- Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE);
- }
if(cleanup && (!data->share || (data->cookies != data->share->cookies))) {
Curl_cookie_cleanup(data->cookies);
diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am
index 4523de4..dfff012 100644
--- a/tests/data/Makefile.am
+++ b/tests/data/Makefile.am
@@ -232,7 +232,7 @@
\
test1800 test1801 \
\
-test1900 test1901 test1903 test1904 test1905 test1906 test1907 \
+test1900 test1901 test1902 test1903 test1904 test1905 test1906 test1907 \
test1908 test1909 test1910 test1911 test1912 test1913 test1914 test1915 \
test1916 test1917 test1918 test1919 \
\
diff --git a/tests/data/test1902 b/tests/data/test1902
new file mode 100644
index 0000000..7bf70e9
--- /dev/null
+++ b/tests/data/test1902
@@ -0,0 +1,43 @@
+<testcase>
+<info>
+<keywords>
+cookies
+</keywords>
+</info>
+
+# Client-side
+<client>
+
+<name>
+set COOKIEFILE and COOKIEJAR but make no transfer
+</name>
+<features>
+cookies
+</features>
+<tool>
+lib%TESTNUMBER
+</tool>
+
+<command>
+%LOGDIR/cookie%TESTNUMBER
+</command>
+<file name="%LOGDIR/cookie%TESTNUMBER">
+# Netscape HTTP Cookie File
+# https://curl.se/docs/http-cookies.html
+# This file was generated by libcurl! Edit at your own risk.
+
+example.com FALSE / FALSE 0 has_js 1
+</file>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<file name="%LOGDIR/cookie%TESTNUMBER">
+# Netscape HTTP Cookie File
+# https://curl.se/docs/http-cookies.html
+# This file was generated by libcurl! Edit at your own risk.
+
+example.com FALSE / FALSE 0 has_js 1
+</file>
+</verify>
+</testcase>
diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc
index 40ec0d1..00273f9 100644
--- a/tests/libtest/Makefile.inc
+++ b/tests/libtest/Makefile.inc
@@ -90,7 +90,7 @@
lib1591.c lib1592.c lib1593.c lib1594.c lib1597.c \
lib1598.c lib1599.c \
lib1662.c \
- lib1900.c lib1901.c lib1903.c lib1905.c lib1906.c lib1907.c \
+ lib1900.c lib1901.c lib1902.c lib1903.c lib1905.c lib1906.c lib1907.c \
lib1908.c lib1910.c lib1911.c lib1912.c lib1913.c \
lib1915.c lib1916.c lib1918.c lib1919.c \
lib1933.c lib1934.c lib1935.c lib1936.c lib1937.c lib1938.c lib1939.c \
diff --git a/tests/libtest/lib1902.c b/tests/libtest/lib1902.c
new file mode 100644
index 0000000..8e5929e
--- /dev/null
+++ b/tests/libtest/lib1902.c
@@ -0,0 +1,48 @@
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * SPDX-License-Identifier: curl
+ *
+ ***************************************************************************/
+#include "first.h"
+
+#include "memdebug.h"
+
+static CURLcode test_lib1902(const char *URL)
+{
+ CURLcode res = CURLE_OK;
+ CURL *curl;
+
+ curl_global_init(CURL_GLOBAL_ALL);
+
+ curl = curl_easy_init();
+ if(curl) {
+ easy_setopt(curl, CURLOPT_COOKIEFILE, URL);
+ easy_setopt(curl, CURLOPT_COOKIEJAR, URL);
+
+ /* Do not perform any actual network operation,
+ the issue occur when not calling curl.*perform */
+ }
+
+test_cleanup:
+ curl_easy_cleanup(curl);
+ curl_global_cleanup();
+ return res;
+}
