Dylan Salisbury's fix to prevent us from accepting cookies from TLD only
This commit is contained in:
Daniel Stenberg
16
lib/cookie.c
16
lib/cookie.c
@@ -223,14 +223,9 @@ Curl_cookie_add(struct SessionHandle *data,
|
|||||||
|
|
||||||
const char *domptr=whatptr;
|
const char *domptr=whatptr;
|
||||||
int dotcount=1;
|
int dotcount=1;
|
||||||
unsigned int i;
|
|
||||||
|
|
||||||
static const char *seventhree[]= {
|
/* Count the dots, we need to make sure that there are enough
|
||||||
"com", "edu", "net", "org", "gov", "mil", "int"
|
of them. */
|
||||||
};
|
|
||||||
|
|
||||||
/* Count the dots, we need to make sure that there are THREE dots
|
|
||||||
in the normal domains, or TWO in the seventhree-domains. */
|
|
||||||
|
|
||||||
if('.' == whatptr[0])
|
if('.' == whatptr[0])
|
||||||
/* don't count the initial dot, assume it */
|
/* don't count the initial dot, assume it */
|
||||||
@@ -244,13 +239,6 @@ Curl_cookie_add(struct SessionHandle *data,
|
|||||||
}
|
}
|
||||||
} while(domptr);
|
} while(domptr);
|
||||||
|
|
||||||
for(i=0;
|
|
||||||
i<sizeof(seventhree)/sizeof(seventhree[0]); i++) {
|
|
||||||
if(tailmatch(seventhree[i], whatptr)) {
|
|
||||||
dotcount++; /* we allow one dot less for these */
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
/* The original Netscape cookie spec defined that this domain name
|
/* The original Netscape cookie spec defined that this domain name
|
||||||
MUST have three dots (or two if one of the seven holy TLDs),
|
MUST have three dots (or two if one of the seven holy TLDs),
|
||||||
but it seems that these kinds of cookies are in use "out there"
|
but it seems that these kinds of cookies are in use "out there"
|
||||||
|
|||||||
Reference in New Issue
Block a user