cookies: reject incoming cookies set for TLDs
Test 61 was modified to verify this. CVE-2014-3620 Reported-by: Tim Ruehsen URL: http://curl.haxx.se/docs/adv_20140910B.html
This commit is contained in:
Родитель
8a75dbeb23
Коммит
a76825a5ef
|
@ -463,6 +463,7 @@ Curl_cookie_add(struct SessionHandle *data,
|
|||
}
|
||||
else if(Curl_raw_equal("domain", name)) {
|
||||
bool is_ip;
|
||||
const char *dotp;
|
||||
|
||||
/* Now, we make sure that our host is within the given domain,
|
||||
or the given domain is not valid and thus cannot be set. */
|
||||
|
@ -472,6 +473,11 @@ Curl_cookie_add(struct SessionHandle *data,
|
|||
|
||||
is_ip = isip(domain ? domain : whatptr);
|
||||
|
||||
/* check for more dots */
|
||||
dotp = strchr(whatptr, '.');
|
||||
if(!dotp)
|
||||
domain=":";
|
||||
|
||||
if(!domain
|
||||
|| (is_ip && !strcmp(whatptr, domain))
|
||||
|| (!is_ip && tailmatch(whatptr, domain))) {
|
||||
|
|
|
@ -23,6 +23,7 @@ Set-Cookie: test3=maybe; domain=foo.com; path=/moo; secure
|
|||
Set-Cookie: test4=no; domain=nope.foo.com; path=/moo; secure
|
||||
Set-Cookie: test5=name; domain=anything.com; path=/ ; secure
|
||||
Set-Cookie: fake=fooledyou; domain=..com; path=/;
|
||||
Set-Cookie: supercookie=fooledyou; domain=.com; path=/;^M
|
||||
Content-Length: 4
|
||||
|
||||
boo
|
||||
|
|
Загрузка…
Ссылка в новой задаче