moparisthebest
/
curl
mirror of https://github.com/moparisthebest/curl
1
0
Fork 0
Code Issues Releases Wiki Activity
20,128 Commits 10 Branches 144 Tags 113 MiB
Commit Graph

6 Commits

Author SHA1 Message Date
Tim Ruehsen 8a75dbeb23 cookies: only use full host matches for hosts used as IP address 
By not detecting and rejecting domain names for partial literal IP
addresses properly when parsing received HTTP cookies, libcurl can be
fooled to both send cookies to wrong sites and to allow arbitrary sites
to set cookies for others.

CVE-2014-3613

Bug: http://curl.haxx.se/docs/adv_20140910A.html
 2014-09-10 07:32:36 +02:00
Yang Tse b0dfbf305a tests: specify 'text' mode for some output files in verify section 2013-03-18 20:45:35 +01:00
Fabian Keil 276452ca10 Add a HOSTIP precheck for tests 31 and 1105 
They currently only work for 127.0.0.1 which
is hardcoded and can't be easily changed.
 2012-11-19 10:58:14 +01:00
Daniel Stenberg c75ece4442 cookies: change the URL in the cookie jar file header 2012-07-03 11:27:45 +02:00
Daniel Stenberg 4f47fc4e14 - John P. McCaskey posted a bug report that showed how libcurl did wrong when 
saving received cookies with no given path, if the path in the request had a
  query part. That is means a question mark (?) and characters on the right
  side of that. I wrote test case 1105 and fixed this problem.
 2009-09-26 20:51:51 +00:00
Daniel Stenberg 8d39a31e89 added test 1105 (disabled) - it repeats a cookie path bug we need to fix 2009-09-26 11:46:41 +00:00