1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-18 07:25:14 -05:00
Commit Graph

6 Commits

Author SHA1 Message Date
Tim Ruehsen
8a75dbeb23 cookies: only use full host matches for hosts used as IP address
By not detecting and rejecting domain names for partial literal IP
addresses properly when parsing received HTTP cookies, libcurl can be
fooled to both send cookies to wrong sites and to allow arbitrary sites
to set cookies for others.

CVE-2014-3613

Bug: http://curl.haxx.se/docs/adv_20140910A.html
2014-09-10 07:32:36 +02:00
Yang Tse
b0dfbf305a tests: specify 'text' mode for some output files in verify section 2013-03-18 20:45:35 +01:00
Fabian Keil
276452ca10 Add a HOSTIP precheck for tests 31 and 1105
They currently only work for 127.0.0.1 which
is hardcoded and can't be easily changed.
2012-11-19 10:58:14 +01:00
Daniel Stenberg
c75ece4442 cookies: change the URL in the cookie jar file header 2012-07-03 11:27:45 +02:00
Daniel Stenberg
4f47fc4e14 - John P. McCaskey posted a bug report that showed how libcurl did wrong when
saving received cookies with no given path, if the path in the request had a
  query part. That is means a question mark (?) and characters on the right
  side of that. I wrote test case 1105 and fixed this problem.
2009-09-26 20:51:51 +00:00
Daniel Stenberg
8d39a31e89 added test 1105 (disabled) - it repeats a cookie path bug we need to fix 2009-09-26 11:46:41 +00:00