{"author":"Jay Satiro","author_email":"raysatiro@yahoo.com","author_time":1735024717,"commit_time":1735323368,"committer":"Jay Satiro","committer_email":"raysatiro@yahoo.com","hash":"39e21794a78dc111b3bee7ad916a4dc34c40d32f","message":"cookie: fix crash in netscape cookie parsing\n\n- Parse the input string without modifying it.\n\nPrior to this change a segfault could occur if the input string was\nconst because the tokenizer modified the input string. For example if\nthe user set CURLOPT_COOKIELIST to a const string then libcurl would\nlikely cause a crash when modifying that string. Even if the string was\nnot const or a crash did not occur there was still the incorrect and\nunexpected modification of the user's input string.\n\nThis issue was caused by 30da1f59 (precedes 8.11.0) which refactored\nsome options parsing and eliminated the copy of the input string. Also,\nan earlier commit f88cc654 incorrectly cast the input pointer when\npassing it to strtok.\n\nCo-authored-by: Daniel Stenberg\n\nCloses https://github.com/curl/curl/pull/15826\n","parents":["fabfa8e4024473035b3e5c3c30c330be726d9bb4"],"tree_hash":"f02820c5e2370dab94634d0eca88a6a7edbb88d4"}