cookies: reject incoming cookies set for TLDs

Test 61 was modified to verify this. CVE-2014-3620 Reported-by: Tim Ruehsen URL: http://curl.haxx.se/docs/adv_20140910B.html
author: Daniel Stenberg <daniel@haxx.se> 2014-08-19 21:11:20 +0200
committer: Daniel Stenberg <daniel@haxx.se> 2014-09-10 07:32:36 +0200
commit: a76825a5efa6b41d3a1d4f275dada2f017f6f566 (patch)
tree: c1c48922e1b81e969a27a119793e6b27a2beae5f /lib/cookie.c
parent: 8a75dbeb2305297640453029b7905ef51b87e8dd (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/cookie.c b/lib/cookie.c
index 46904ac57..375485f54 100644
--- a/lib/cookie.c
+++ b/lib/cookie.c
@@ -463,6 +463,7 @@ Curl_cookie_add(struct SessionHandle *data,
         }
         else if(Curl_raw_equal("domain", name)) {
           bool is_ip;
+          const char *dotp;
 
           /* Now, we make sure that our host is within the given domain,
              or the given domain is not valid and thus cannot be set. */
@@ -472,6 +473,11 @@ Curl_cookie_add(struct SessionHandle *data,
 
           is_ip = isip(domain ? domain : whatptr);
 
+          /* check for more dots */
+          dotp = strchr(whatptr, '.');
+          if(!dotp)
+            domain=":";
+
           if(!domain
              || (is_ip && !strcmp(whatptr, domain))
              || (!is_ip && tailmatch(whatptr, domain))) {
author	Daniel Stenberg <daniel@haxx.se>	2014-08-19 21:11:20 +0200
committer	Daniel Stenberg <daniel@haxx.se>	2014-09-10 07:32:36 +0200
commit	a76825a5efa6b41d3a1d4f275dada2f017f6f566 (patch)
tree	c1c48922e1b81e969a27a119793e6b27a2beae5f /lib/cookie.c
parent	8a75dbeb2305297640453029b7905ef51b87e8dd (diff)