diff options
| author | Tim Rühsen <tim.ruehsen@gmx.de> | 2016-03-02 11:07:16 +0100 |
|---|---|---|
| committer | Kamil Dudka <kdudka@redhat.com> | 2016-03-08 15:27:43 +0100 |
| commit | c140bd7891488993f09ff7454e106b724e9b85d5 (patch) | |
| tree | 02c9d59302ffe99059a2ff46283144792b6b7108 | |
| parent | cb222bcfef3d95e1fb04ca85b2e82e62bb92dfd3 (diff) | |
cookie: do not refuse cookies for localhost
Closes #658
| -rw-r--r-- | RELEASE-NOTES | 2 | ||||
| -rw-r--r-- | lib/cookie.c | 10 | ||||
| -rw-r--r-- | tests/data/test1136 | 1 |
3 files changed, 9 insertions, 4 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 3a6026581..19bc94990 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -31,6 +31,7 @@ This release includes the following bugfixes: o gtls: fix for builds lacking encrypted key file support [11] o SCP: use libssh2_scp_recv2 to support > 2GB files on windows [12] o CURLOPT_CONNECTTIMEOUT_MS.3: Fix example to use milliseconds option [13] + o cookie: do not refuse cookies to localhost [14] This release includes the following known bugs: @@ -62,3 +63,4 @@ References to bug reports and discussions on issues: [11] = https://curl.haxx.se/bug/?i=651 [12] = https://curl.haxx.se/bug/?i=451 [13] = https://curl.haxx.se/bug/?i=653 + [14] = https://curl.haxx.se/bug/?i=658 diff --git a/lib/cookie.c b/lib/cookie.c index 558b6a7f2..de871b75e 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -797,10 +797,12 @@ Curl_cookie_add(struct SessionHandle *data, #ifdef USE_LIBPSL /* Check if the domain is a Public Suffix and if yes, ignore the cookie. This needs a libpsl compiled with builtin data. */ - if(co->domain && !isip(co->domain) && (psl = psl_builtin()) != NULL) { - if(psl_is_public_suffix(psl, co->domain)) { - infof(data, "cookie '%s' dropped, domain '%s' is a public suffix\n", - co->name, co->domain); + if(domain && co->domain && !isip(co->domain)) { + if(((psl = psl_builtin()) != NULL) + && !psl_is_cookie_domain_acceptable(psl, domain, co->domain)) { + infof(data, + "cookie '%s' dropped, domain '%s' must not set cookies for '%s'\n", + co->name, domain, co->domain); freecookie(co); return NULL; } diff --git a/tests/data/test1136 b/tests/data/test1136 index e42ca06a6..d3327e843 100644 --- a/tests/data/test1136 +++ b/tests/data/test1136 @@ -58,6 +58,7 @@ http://www.example.ck/1136 http://www.ck/1136 http://z-1.compute-1.amazonaws.com .www.example.ck TRUE / FALSE 0 test2 allowed2 .www.ck TRUE / FALSE 0 test4 allowed4 +.z-1.compute-1.amazonaws.com TRUE / FALSE 0 test5 forbidden5 </file> </verify> </testcase> |