diff options
author | Daniel Stenberg <daniel@haxx.se> | 2010-12-23 22:52:32 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2010-12-23 22:52:32 +0100 |
commit | 49465fffdb37b91ee5a0ad2601ea9657e5cd8915 (patch) | |
tree | 3be874f5ec5ccf85a2ab2a1f8d6b8f2f030d727e /tests | |
parent | 5825aa149dc74050bb329b4491b556c6095ac4a8 (diff) |
cookies: tricked dotcounter fixed
Providing multiple dots in a series in the domain field (domain=..com) could
trick the cookie engine to wrongly accept the cookie believing it to be
fine. Since the tailmatching would then match all .com sites, the cookie would
then be sent to all of them.
The code now requires at least one letter between each dot for them to be
counted. Edited test case 61 to verify this.
Diffstat (limited to 'tests')
-rw-r--r-- | tests/data/test61 | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/tests/data/test61 b/tests/data/test61 index f2a6a4ee7..da05616c1 100644 --- a/tests/data/test61 +++ b/tests/data/test61 @@ -22,6 +22,7 @@ SET-COOKIE: test2=yes; domain=host.foo.com; expires=Fri Feb 2 11:56:27 GMT 2035 Set-Cookie: test3=maybe; domain=foo.com; path=/moo; secure
Set-Cookie: test4=no; domain=nope.foo.com; path=/moo; secure
Set-Cookie: test5=name; domain=anything.com; path=/ ; secure
+Set-Cookie: fake=fooledyou; domain=..com; path=/;
Content-Length: 4
boo |