moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2024-12-22 08:08:50 -05:00
Code Issues Releases Wiki Activity

cookies: reject incoming cookies set for TLDs

Browse Source 
Test 61 was modified to verify this.

CVE-2014-3620

Reported-by: Tim Ruehsen
URL: http://curl.haxx.se/docs/adv_20140910B.html
This commit is contained in:
Daniel Stenberg 2014-08-19 21:11:20 +02:00
parent 8a75dbeb23
commit a76825a5ef
2 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/cookie.c
View File

@ -463,6 +463,7 @@ Curl_cookie_add(struct SessionHandle *data,
} }
else if(Curl_raw_equal("domain", name)) { else if(Curl_raw_equal("domain", name)) {
bool is_ip; bool is_ip;
const char *dotp;
/* Now, we make sure that our host is within the given domain, /* Now, we make sure that our host is within the given domain,
or the given domain is not valid and thus cannot be set. */ or the given domain is not valid and thus cannot be set. */
@ -472,6 +473,11 @@ Curl_cookie_add(struct SessionHandle *data,
is_ip = isip(domain ? domain : whatptr); is_ip = isip(domain ? domain : whatptr);
/* check for more dots */
dotp = strchr(whatptr, '.');
if(!dotp)
domain=":";
if(!domain if(!domain
|| (is_ip && !strcmp(whatptr, domain)) || (is_ip && !strcmp(whatptr, domain))
|| (!is_ip && tailmatch(whatptr, domain))) { || (!is_ip && tailmatch(whatptr, domain))) {

1
tests/data/test61
View File

@ -23,6 +23,7 @@ Set-Cookie: test3=maybe; domain=foo.com; path=/moo; secure
Set-Cookie: test4=no; domain=nope.foo.com; path=/moo; secure Set-Cookie: test4=no; domain=nope.foo.com; path=/moo; secure
Set-Cookie: test5=name; domain=anything.com; path=/ ; secure Set-Cookie: test5=name; domain=anything.com; path=/ ; secure
Set-Cookie: fake=fooledyou; domain=..com; path=/; Set-Cookie: fake=fooledyou; domain=..com; path=/;
Set-Cookie: supercookie=fooledyou; domain=.com; path=/;^M
Content-Length: 4 Content-Length: 4
boo boo