cookies: reject incoming cookies set for TLDs

Test 61 was modified to verify this. CVE-2014-3620 Reported-by: Tim Ruehsen URL: http://curl.haxx.se/docs/adv_20140910B.html
2014-08-19 21:11:20 +02:00
parent 8a75dbeb23
commit a76825a5ef
2 changed files with 7 additions and 0 deletions
--- a/lib/cookie.c
+++ b/lib/cookie.c
@@ -463,6 +463,7 @@ Curl_cookie_add(struct SessionHandle *data,
        }
        else if(Curl_raw_equal("domain", name)) {
          bool is_ip;
+          const char *dotp;

          /* Now, we make sure that our host is within the given domain,
             or the given domain is not valid and thus cannot be set. */
@@ -472,6 +473,11 @@ Curl_cookie_add(struct SessionHandle *data,

          is_ip = isip(domain ? domain : whatptr);

+          /* check for more dots */
+          dotp = strchr(whatptr, '.');
+          if(!dotp)
+            domain=":";
+
          if(!domain
             || (is_ip && !strcmp(whatptr, domain))
             || (!is_ip && tailmatch(whatptr, domain))) {