YAMADA Yasuharu 2eb8dcf26c cookie: fix tailmatching to prevent cross-domain leakage ...

Cookies set for 'example.com' could accidentaly also be sent by libcurl
to the 'bexample.com' (ie with a prefix to the first domain name).

This is a security vulnerabilty, CVE-2013-1944.

Bug: http://curl.haxx.se/docs/adv_20130412.html

2013-04-11 23:52:12 +02:00

34 KiB

Raw Blame History

View Raw