cookies: only use full host matches for hosts used as IP address

By not detecting and rejecting domain names for partial literal IP addresses properly when parsing received HTTP cookies, libcurl can be fooled to both send cookies to wrong sites and to allow arbitrary sites to set cookies for others. CVE-2014-3613 Bug: http://curl.haxx.se/docs/adv_20140910A.html
author: Tim Ruehsen <tim.ruehsen@gmx.de> 2014-08-19 21:01:28 +0200
committer: Daniel Stenberg <daniel@haxx.se> 2014-09-10 07:32:36 +0200
commit: 8a75dbeb2305297640453029b7905ef51b87e8dd (patch)
tree: bcde17d8f36ceb90239db5eaa8f2dcb412875e66 /tests/data/test1105
parent: 1ccfabb66d9fab9bc99b68d558692ddacbb587f4 (diff)
1 files changed, 1 insertions, 2 deletions
diff --git a/tests/data/test1105 b/tests/data/test1105
index 25f194c15..95647753f 100644
--- a/tests/data/test1105
+++ b/tests/data/test1105
@@ -59,8 +59,7 @@ userid=myname&password=mypassword
 # This file was generated by libcurl! Edit at your own risk.
 
 127.0.0.1	FALSE	/we/want/	FALSE	0	foobar	name
-.127.0.0.1	TRUE	"/silly/"	FALSE	0	mismatch	this
-.0.0.1	TRUE	/	FALSE	0	partmatch	present
+127.0.0.1	FALSE	"/silly/"	FALSE	0	mismatch	this
 </file>
 </verify>
 </testcase>
author	Tim Ruehsen <tim.ruehsen@gmx.de>	2014-08-19 21:01:28 +0200
committer	Daniel Stenberg <daniel@haxx.se>	2014-09-10 07:32:36 +0200
commit	8a75dbeb2305297640453029b7905ef51b87e8dd (patch)
tree	bcde17d8f36ceb90239db5eaa8f2dcb412875e66 /tests/data/test1105
parent	1ccfabb66d9fab9bc99b68d558692ddacbb587f4 (diff)