generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

cookies: only use full host matches for hosts used as IP address

Browse Source 
By not detecting and rejecting domain names for partial literal IP
addresses properly when parsing received HTTP cookies, libcurl can be
fooled to both send cookies to wrong sites and to allow arbitrary sites
to set cookies for others.

CVE-2014-3613

Bug: http://curl.haxx.se/docs/adv_20140910A.html
This commit is contained in:
Tim Ruehsen
2014-08-19 21:01:28 +02:00
committed by Daniel Stenberg
parent 1ccfabb66d
commit 8a75dbeb23
4 changed files with 71 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
tests/data/test8
View File

@@ -42,7 +42,8 @@ Set-Cookie: duplicate=test; domain=.0.0.1; domain=.0.0.1; path=/donkey;
Set-Cookie: cookie=yes; path=/we;
Set-Cookie: cookie=perhaps; path=/we/want;
Set-Cookie: nocookie=yes; path=/WE;
Set-Cookie: blexp=yesyes; domain=.0.0.1; domain=.0.0.1; expiry=totally bad;
Set-Cookie: blexp=yesyes; domain=%HOSTIP; domain=%HOSTIP; expiry=totally bad;
Set-Cookie: partialip=nono; domain=.0.0.1;
</file>
<precheck>