lynx-dev invalid cookie (probably a bug: prefix from /path?querry)

[Leonid Pauzner]

I run into the following problem:

the cookie---  path=/cgi-bin/cgi_washers; domain=guru.yandex.ru;
the url------  http://guru.yandex.ru/cgi-bin/cgi_washers?SID=979938904...

Lynx treat this url differently on sending and accepting stages:
/cgi-bin/cgi_washers is a valid prefix on sending the cookie,
but invalid prefix on receiving the same cookie - I got a warning:

Confirm: Accept invalid cookie path=/cgi-bin/cgi_washers as a prefix of 
'/cgi-bin'? (n) - YES.


This asymmetry is due to plain strncmp() check in the first case, and
some logic in LYCookie.c around the line 1900, after HTParse():

    if (((path = HTParse(address, "",
                         PARSE_PATH|PARSE_PUNCTUATION)) != NULL) &&
        (ptr = strrchr(path, '/')) != NULL) {
        if (ptr == path) {
            *(ptr+1) = '\0';    /* Leave a single '/' alone */
        } else {
            *ptr = '\0';
        }
    }

This is Lynx 2.8.3dev.18 but the problem seems not fixed yet.
The trace attached.

Leonid.


=================   Lynx.Trace   ============================


LYCookie: Searching for 'guru.yandex.ru:80', 
'/cgi-bin/cgi_washers?SID=979938904-A=1144-A=1096-A=1080-A=1111-A=1124-A=1100-R_PR=5-R_PO=13-R_WE=0-R_SI=0-TOP10=5967,5836,5984,5820,5947,5983,5968,5819,5888,6070-VIS=60-CMD=next_q'.
Checking cookie 0x817afb0 yandexuid=938082975628737
        guru.yandex.ru .yandex.ru 1 
/cgi-bin/cgi_washers?SID=979938904-A=1144-A=1096-A=1080-A=1111-A=1124-A=1100-R_PR=5-R_PO=13-R_WE=0-R_SI=0-TOP10=5967,5836,5984,5820,5947,5983,5968,5819,5888,6070-VIS=60-CMD=next_q
 / 0
Checking cookie 0x8224c10 PF[0]=%2d
        guru.yandex.ru guru.yandex.ru 1 
/cgi-bin/cgi_washers?SID=979938904-A=1144-A=1096-A=1080-A=1111-A=1124-A=1100-R_PR=5-R_PO=13-R_WE=0-R_SI=0-TOP10=5967,5836,5984,5820,5947,5983,5968,5819,5888,6070-VIS=60-CMD=next_q
 /cgi-bin/cgi_washers 0
HTTP: Sending Cookie2: $Version ="1"
HTTP: Sending Cookie: yandexuid=938082975628737; PF[0]=%2d; 
$Path="/cgi-bin/cgi_washers"; $Domain="guru.yandex.ru"
Composing Proxy Authorization for 
proxy.mccme.ru:3128/http://guru.yandex.ru/cgi-bin/cgi_washers?SID=979938904-A=1144-A=1096-A=1080-A=1111-A=1124-A=1100-R_PR=5-R_PO=13-R_WE=0-R_SI=0-TOP10=5967,5836,5984,5820,5947,5983,5968,5819,5888,6070-VIS=60-CMD=next_q
HTAASetup_lookup: No template matched 
`http://guru.yandex.ru/cgi-bin/cgi_washers?SID=979938904-A=1144-A=1096-A=1080-A=1111-A=1124-A=1100-R_PR=5-R_PO=13-R_WE=0-R_SI=0-TOP10=5967,5836,5984,5820,5947,5983,5968,5819,5888,6070-VIS=60-CMD=next_q'
 (so probably not protected)
HTTP: Not sending proxy authorization (yet).
Writing:
GET 
http://guru.yandex.ru/cgi-bin/cgi_washers?SID=979938904-A=1144-A=1096-A=1080-A=1111-A=1124-A=1100-R_PR=5-R_PO=13-R_WE=0-R_SI=0-TOP10=5967,5836,5984,5820,5947,5983,5968,5819,5888,6070-VIS=60-CMD=next_q
 HTTP/1.0
Host: guru.yandex.ru
Accept: text/html, text/plain, audio/mod, image/*, video/*, video/mpeg, 
application/pgp, application/pgp, application/pdf, message/partial, 
message/external-body, x-be2, application/andrew-inset, text/richtext, 
text/enriched, x-sun-attachment
Accept: audio-file, postscript-file, default, mail-file, sun-deskset-message, 
application/x-metamail-patch, text/sgml, */*;q=0.01
Accept-Encoding: gzip, compress
Accept-Language: en,ru
Accept-Charset: windows-1251, *;q=0.5, iso-8859-1;q=0.01, us-ascii;q=0.01
User-Agent: Lynx/2.8.3dev.18 libwww-FM/2.14
Cookie2: $Version="1"
Cookie: yandexuid=938082975628737; PF[0]=%2d; $Path="/cgi-bin/cgi_washers"; 
$Domain="guru.yandex.ru"

----------------------------------
Sending HTTP request.
HTTP: WRITE delivered OK
HTTP request sent; waiting for response.
HTTP: Trying to read 1535
HTTP: Read 1410
HTTP: Rx: HTTP/1.1 200 OK
HTTP: Scanned 2 fields from line_buffer
--- Talking HTTP1.
HTTP/1.1 200 OK
HTFormat: Constructing stream stack for www/mime to www/present
HTFormat: Looking up presentation for www/mime to www/present
HTFormat: comparing image/* and www/mime for half match
HTFormat: comparing video/* and www/mime for half match
StreamStack: found weak wildcard match: www/present
FindPresentation: found exact match: www/mime
StreamStack: found exact match: www/mime
StreamStack: Returning "MIMEParser"
HTMIME:  Date: Fri, 19 Jan 2001 21:20:03 GMT
Server: Apache/1.3.12 (Unix) PHP/3.0.16 rus/PL29.4
X-Pad: avoid browser bug
Set-Cookie: PF[0]=%2d; expires=Saturday, 19-Jan-02 21:20:04 GMT; 
path=/cgi-bin/cgi_washers; domain=guru.yandex.ru; Version=1;
...
HTParse: 
aName:`http://guru.yandex.ru/cgi-bin/cgi_washers?SID=979938904-A=1144-A=1096-A=1080-A=1111-A=1124-A=1100-R_PR=5-R_PO=13-R_WE=0-R_SI=0-TOP10=5967,5836,5984,5820,5947,5983,5968,5819,5888,6070-VIS=60-CMD=next_q'
   relatedName:`'
HTParse:      result:guru.yandex.ru
HTParse: 
aName:`http://guru.yandex.ru/cgi-bin/cgi_washers?SID=979938904-A=1144-A=1096-A=1080-A=1111-A=1124-A=1100-R_PR=5-R_PO=13-R_WE=0-R_SI=0-TOP10=5967,5836,5984,5820,5947,5983,5968,5819,5888,6070-VIS=60-CMD=next_q'
   relatedName:`'
HTParse: (ABS)
HTParse:      
result:/cgi-bin/cgi_washers?SID=979938904-A=1144-A=1096-A=1080-A=1111-A=1124-A=1100-R_PR=5-R_PO=13-R_WE=0-R_SI=0-TOP10=5967,5836,5984,5820,5947,5983,5968,5819,5888,6070-VIS=60-CMD=next_q
LYSetCookie called with host 'guru.yandex.ru', path '/cgi-bin',
    and Set-Cookie: 'PF[0]=%2d; expires=Saturday, 19-Jan-02 21:20:04 GMT; 
path=/cgi-bin/cgi_washers; domain=guru.yandex.ru; Version=1;'
LYmktime: Parsing 'Saturday, 19-Jan-02 21:20:04 GMT'
LYmktime: clock=1011475204, ctime=Sun Jan 20 00:20:04 2002
LYProcessSetCookie: attr=value pair: 'PF[0]=%2d'
                    expires: 1011475204, Sun Jan 20 00:20:04 2002

Confirm: Accept invalid cookie path=/cgi-bin/cgi_washers as a prefix of 
'/cgi-bin'? (n) - YES.




; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden