diff options
author | Tim Ruehsen <tim.ruehsen@gmx.de> | 2014-08-19 21:01:28 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2014-09-10 07:32:36 +0200 |
commit | 8a75dbeb2305297640453029b7905ef51b87e8dd (patch) | |
tree | bcde17d8f36ceb90239db5eaa8f2dcb412875e66 /tests/data | |
parent | 1ccfabb66d9fab9bc99b68d558692ddacbb587f4 (diff) |
cookies: only use full host matches for hosts used as IP address
By not detecting and rejecting domain names for partial literal IP
addresses properly when parsing received HTTP cookies, libcurl can be
fooled to both send cookies to wrong sites and to allow arbitrary sites
to set cookies for others.
CVE-2014-3613
Bug: http://curl.haxx.se/docs/adv_20140910A.html
Diffstat (limited to 'tests/data')
-rw-r--r-- | tests/data/test1105 | 3 | ||||
-rw-r--r-- | tests/data/test31 | 55 | ||||
-rw-r--r-- | tests/data/test8 | 3 |
3 files changed, 31 insertions, 30 deletions
diff --git a/tests/data/test1105 b/tests/data/test1105 index 25f194c15..95647753f 100644 --- a/tests/data/test1105 +++ b/tests/data/test1105 @@ -59,8 +59,7 @@ userid=myname&password=mypassword # This file was generated by libcurl! Edit at your own risk. 127.0.0.1 FALSE /we/want/ FALSE 0 foobar name -.127.0.0.1 TRUE "/silly/" FALSE 0 mismatch this -.0.0.1 TRUE / FALSE 0 partmatch present +127.0.0.1 FALSE "/silly/" FALSE 0 mismatch this </file> </verify> </testcase> diff --git a/tests/data/test31 b/tests/data/test31 index 38af83bb6..dfcac0458 100644 --- a/tests/data/test31 +++ b/tests/data/test31 @@ -51,7 +51,8 @@ Set-Cookie: novalue; domain=reallysilly Set-Cookie: test=yes; domain=foo.com; expires=Sat Feb 2 11:56:27 GMT 2030
Set-Cookie: test2=yes; domain=se; expires=Sat Feb 2 11:56:27 GMT 2030
Set-Cookie: magic=yessir; path=/silly/; HttpOnly
-Set-Cookie: blexp=yesyes; domain=.0.0.1; domain=.0.0.1; expiry=totally bad;
+Set-Cookie: blexp=yesyes; domain=127.0.0.1; domain=127.0.0.1; expiry=totally bad;
+Set-Cookie: partialip=nono; domain=.0.0.1;
boo </data> @@ -95,34 +96,34 @@ Accept: */* # http://curl.haxx.se/docs/http-cookies.html # This file was generated by libcurl! Edit at your own risk. -.127.0.0.1 TRUE /silly/ FALSE 0 ismatch this -.127.0.0.1 TRUE /overwrite FALSE 0 overwrite this2 -.127.0.0.1 TRUE /secure1/ TRUE 0 sec1value secure1 -.127.0.0.1 TRUE /secure2/ TRUE 0 sec2value secure2 -.127.0.0.1 TRUE /secure3/ TRUE 0 sec3value secure3 -.127.0.0.1 TRUE /secure4/ TRUE 0 sec4value secure4 -.127.0.0.1 TRUE /secure5/ TRUE 0 sec5value secure5 -.127.0.0.1 TRUE /secure6/ TRUE 0 sec6value secure6 -.127.0.0.1 TRUE /secure7/ TRUE 0 sec7value secure7 -.127.0.0.1 TRUE /secure8/ TRUE 0 sec8value secure8 -.127.0.0.1 TRUE /secure9/ TRUE 0 secure very1 -#HttpOnly_.127.0.0.1 TRUE /p1/ FALSE 0 httpo1 value1 -#HttpOnly_.127.0.0.1 TRUE /p2/ FALSE 0 httpo2 value2 -#HttpOnly_.127.0.0.1 TRUE /p3/ FALSE 0 httpo3 value3 -#HttpOnly_.127.0.0.1 TRUE /p4/ FALSE 0 httpo4 value4 -#HttpOnly_.127.0.0.1 TRUE /p4/ FALSE 0 httponly myvalue1 -#HttpOnly_.127.0.0.1 TRUE /p4/ TRUE 0 httpandsec myvalue2 -#HttpOnly_.127.0.0.1 TRUE /p4/ TRUE 0 httpandsec2 myvalue3 -#HttpOnly_.127.0.0.1 TRUE /p4/ TRUE 0 httpandsec3 myvalue4 -#HttpOnly_.127.0.0.1 TRUE /p4/ TRUE 0 httpandsec4 myvalue5 -#HttpOnly_.127.0.0.1 TRUE /p4/ TRUE 0 httpandsec5 myvalue6 -#HttpOnly_.127.0.0.1 TRUE /p4/ TRUE 0 httpandsec6 myvalue7 -#HttpOnly_.127.0.0.1 TRUE /p4/ TRUE 0 httpandsec7 myvalue8 -#HttpOnly_.127.0.0.1 TRUE /p4/ TRUE 0 httpandsec8 myvalue9 -.127.0.0.1 TRUE / FALSE 0 partmatch present +127.0.0.1 FALSE /silly/ FALSE 0 ismatch this +127.0.0.1 FALSE /overwrite FALSE 0 overwrite this2 +127.0.0.1 FALSE /secure1/ TRUE 0 sec1value secure1 +127.0.0.1 FALSE /secure2/ TRUE 0 sec2value secure2 +127.0.0.1 FALSE /secure3/ TRUE 0 sec3value secure3 +127.0.0.1 FALSE /secure4/ TRUE 0 sec4value secure4 +127.0.0.1 FALSE /secure5/ TRUE 0 sec5value secure5 +127.0.0.1 FALSE /secure6/ TRUE 0 sec6value secure6 +127.0.0.1 FALSE /secure7/ TRUE 0 sec7value secure7 +127.0.0.1 FALSE /secure8/ TRUE 0 sec8value secure8 +127.0.0.1 FALSE /secure9/ TRUE 0 secure very1 +#HttpOnly_127.0.0.1 FALSE /p1/ FALSE 0 httpo1 value1 +#HttpOnly_127.0.0.1 FALSE /p2/ FALSE 0 httpo2 value2 +#HttpOnly_127.0.0.1 FALSE /p3/ FALSE 0 httpo3 value3 +#HttpOnly_127.0.0.1 FALSE /p4/ FALSE 0 httpo4 value4 +#HttpOnly_127.0.0.1 FALSE /p4/ FALSE 0 httponly myvalue1 +#HttpOnly_127.0.0.1 FALSE /p4/ TRUE 0 httpandsec myvalue2 +#HttpOnly_127.0.0.1 FALSE /p4/ TRUE 0 httpandsec2 myvalue3 +#HttpOnly_127.0.0.1 FALSE /p4/ TRUE 0 httpandsec3 myvalue4 +#HttpOnly_127.0.0.1 FALSE /p4/ TRUE 0 httpandsec4 myvalue5 +#HttpOnly_127.0.0.1 FALSE /p4/ TRUE 0 httpandsec5 myvalue6 +#HttpOnly_127.0.0.1 FALSE /p4/ TRUE 0 httpandsec6 myvalue7 +#HttpOnly_127.0.0.1 FALSE /p4/ TRUE 0 httpandsec7 myvalue8 +#HttpOnly_127.0.0.1 FALSE /p4/ TRUE 0 httpandsec8 myvalue9 +127.0.0.1 FALSE / FALSE 0 partmatch present 127.0.0.1 FALSE /we/want/ FALSE 2054030187 nodomain value #HttpOnly_127.0.0.1 FALSE /silly/ FALSE 0 magic yessir -.0.0.1 TRUE /we/want/ FALSE 0 blexp yesyes +127.0.0.1 FALSE /we/want/ FALSE 0 blexp yesyes </file> </verify> </testcase> diff --git a/tests/data/test8 b/tests/data/test8 index 4d5454153..030fd55eb 100644 --- a/tests/data/test8 +++ b/tests/data/test8 @@ -42,7 +42,8 @@ Set-Cookie: duplicate=test; domain=.0.0.1; domain=.0.0.1; path=/donkey; Set-Cookie: cookie=yes; path=/we; Set-Cookie: cookie=perhaps; path=/we/want; Set-Cookie: nocookie=yes; path=/WE; -Set-Cookie: blexp=yesyes; domain=.0.0.1; domain=.0.0.1; expiry=totally bad; +Set-Cookie: blexp=yesyes; domain=%HOSTIP; domain=%HOSTIP; expiry=totally bad; +Set-Cookie: partialip=nono; domain=.0.0.1; </file> <precheck> |