Marc Boucher <[EMAIL PROTECTED]> writes:
> At 07:24 01/08/2002 +0200, Marc Boucher wrote:
> > The code is almost completely rewritten.
> Sorry, but while rewriting the code, I forgot to increase the memory size
> of the block containing the headers. That's WRONG (buffer overflow).
> That's the cost of working overnight. ;)
>
> In fact the old code only needed 2 corrections to work properly. It was my
> fault of not seeing the second one that pushed me to rewrite the whole thing.
> Here is the correct patch with only slight modifications on the original code.
I would rather that you sent patches to me than to the wwoffle-users
list. It is not really intended for discussion of bugs, especially if
the patches don't work :-)
Unfortunately the final patch that you sent is still incorrect because
the pointer 'p' points to a string that is not terminated. This means
that the strstr() function will keep searching until it core dumps if
the 'expires=' string is not preset.
Can you send me an example of the type of cookie that failed and
prompted this patch. My reading of RFC 2109 "HTTP State Management
Mechanism" says that the old cookie format is fixed, so I would expect
the 'expires=' string to be in a fixed place relative to the ','.
That is why I used 10 characters, anything else is invalid.
I think that I now know why none of the Browsers handle more than one
cookie on a line. The cookie RFC says that more than one cookie can
appear in a comma separated list but also says that an old cookie
format uses commas internally. This just makes it difficult to handle
correctly.
--
Andrew.
----------------------------------------------------------------------
Andrew M. Bishop [EMAIL PROTECTED]
http://www.gedanken.demon.co.uk/
WWWOFFLE users page:
http://www.gedanken.demon.co.uk/wwwoffle/version-2.7/user.html
