Let server_set_cookie() accept quoted expiration dates.

The way I interpret RFC 2109 10.1.2, server's aren't
actually supposed to quote the expiration date,
but some do it anyway.

Fixes #2920829, reported anonymously.

diff --git a/parsers.c b/parsers.c
index 1fb9983..c2020c7 100644 (file)
--- a/parsers.c
+++ b/parsers.c
@@ -1,4 +1,4 @@
-const char parsers_rcs[] = "$Id: parsers.c,v 1.208 2009/09/06 14:10:07 fabiankeil Exp $";
+const char parsers_rcs[] = "$Id: parsers.c,v 1.209 2009/09/06 14:11:06 fabiankeil Exp $";
 /*********************************************************************
  *
  * File        :  $Source: /cvsroot/ijbswa/current/parsers.c,v $
@@ -3811,6 +3811,17 @@ static jb_err server_set_cookie(struct client_state *csp, char **header)
          {
             char *expiration_date = cur_tag + 8; /* Skip "[Ee]xpires=" */
 
+            if ((expiration_date[0] == '"')
+             && (expiration_date[1] != '\0'))
+            {
+               /*
+                * Skip quotation mark. RFC 2109 10.1.2 seems to hint
+                * that the expiration date isn't supposed to be quoted,
+                * but some servers do it anyway.
+                */
+               expiration_date++;
+            }
+
             /* Did we detect the date properly? */
             if (JB_ERR_OK != parse_header_time(expiration_date, &cookie_time))
             {