cookies: getlist() now holds deep copies of all cookies

Previously it only held references to them, which was reckless as the thread lock was released so the cookies could get modified by other handles that share the same cookie jar over the share interface. CVE-2016-8623 Bug: https://curl.haxx.se/docs/adv_20161102I.html Reported-by: Cure53
author: Daniel Stenberg <daniel@haxx.se> 2016-10-04 23:26:13 +0200
committer: Daniel Stenberg <daniel@haxx.se> 2016-10-31 08:46:35 +0100
commit: c5be3d7267c725dbd093ff3a883e07ee8cf2a1d5 (patch)
tree: 796903dc1b07470871b957ffd4a20d22038bc2a5 /lib/http.c
parent: fba28277ca17cb102209772e8bb214854a05cc6a (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/http.c b/lib/http.c
index 65c145a13..e6e7d377a 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -2384,7 +2384,7 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
         }
         co = co->next; /* next cookie please */
       }
-      Curl_cookie_freelist(store, FALSE); /* free the cookie list */
+      Curl_cookie_freelist(store);
     }
     if(addcookies && !result) {
       if(!count)
author	Daniel Stenberg <daniel@haxx.se>	2016-10-04 23:26:13 +0200
committer	Daniel Stenberg <daniel@haxx.se>	2016-10-31 08:46:35 +0100
commit	c5be3d7267c725dbd093ff3a883e07ee8cf2a1d5 (patch)
tree	796903dc1b07470871b957ffd4a20d22038bc2a5 /lib/http.c
parent	fba28277ca17cb102209772e8bb214854a05cc6a (diff)