aboutsummaryrefslogtreecommitdiff
path: root/tests/libtest/sethostname.c
diff options
context:
space:
mode:
authorTim Ruehsen <tim.ruehsen@gmx.de>2014-08-19 21:01:28 +0200
committerDaniel Stenberg <daniel@haxx.se>2014-09-10 07:32:36 +0200
commit8a75dbeb2305297640453029b7905ef51b87e8dd (patch)
treebcde17d8f36ceb90239db5eaa8f2dcb412875e66 /tests/libtest/sethostname.c
parent1ccfabb66d9fab9bc99b68d558692ddacbb587f4 (diff)
cookies: only use full host matches for hosts used as IP address
By not detecting and rejecting domain names for partial literal IP addresses properly when parsing received HTTP cookies, libcurl can be fooled to both send cookies to wrong sites and to allow arbitrary sites to set cookies for others. CVE-2014-3613 Bug: http://curl.haxx.se/docs/adv_20140910A.html
Diffstat (limited to 'tests/libtest/sethostname.c')
0 files changed, 0 insertions, 0 deletions