aboutsummaryrefslogtreecommitdiff
path: root/tests/data
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2010-12-23 22:52:32 +0100
committerDaniel Stenberg <daniel@haxx.se>2010-12-23 22:52:32 +0100
commit49465fffdb37b91ee5a0ad2601ea9657e5cd8915 (patch)
tree3be874f5ec5ccf85a2ab2a1f8d6b8f2f030d727e /tests/data
parent5825aa149dc74050bb329b4491b556c6095ac4a8 (diff)
cookies: tricked dotcounter fixed
Providing multiple dots in a series in the domain field (domain=..com) could trick the cookie engine to wrongly accept the cookie believing it to be fine. Since the tailmatching would then match all .com sites, the cookie would then be sent to all of them. The code now requires at least one letter between each dot for them to be counted. Edited test case 61 to verify this.
Diffstat (limited to 'tests/data')
-rw-r--r--tests/data/test611
1 files changed, 1 insertions, 0 deletions
diff --git a/tests/data/test61 b/tests/data/test61
index f2a6a4ee7..da05616c1 100644
--- a/tests/data/test61
+++ b/tests/data/test61
@@ -22,6 +22,7 @@ SET-COOKIE: test2=yes; domain=host.foo.com; expires=Fri Feb 2 11:56:27 GMT 2035
Set-Cookie: test3=maybe; domain=foo.com; path=/moo; secure
Set-Cookie: test4=no; domain=nope.foo.com; path=/moo; secure
Set-Cookie: test5=name; domain=anything.com; path=/ ; secure
+Set-Cookie: fake=fooledyou; domain=..com; path=/;
Content-Length: 4
boo