diff options
| -rw-r--r-- | lib/cookie.c | 12 | ||||
| -rw-r--r-- | tests/data/test61 | 1 |
2 files changed, 8 insertions, 5 deletions
diff --git a/lib/cookie.c b/lib/cookie.c index c6460a100..d40cbb8f8 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -270,6 +270,7 @@ Curl_cookie_add(struct SessionHandle *data, we don't care about that, we treat the names the same anyway */ const char *domptr=whatptr; + const char *nextptr; int dotcount=1; /* Count the dots, we need to make sure that there are enough @@ -280,12 +281,13 @@ Curl_cookie_add(struct SessionHandle *data, domptr++; do { - domptr = strchr(domptr, '.'); - if(domptr) { - domptr++; - dotcount++; + nextptr = strchr(domptr, '.'); + if(nextptr) { + if(domptr != nextptr) + dotcount++; + domptr = nextptr+1; } - } while(domptr); + } while(nextptr); /* The original Netscape cookie spec defined that this domain name MUST have three dots (or two if one of the seven holy TLDs), diff --git a/tests/data/test61 b/tests/data/test61 index f2a6a4ee7..da05616c1 100644 --- a/tests/data/test61 +++ b/tests/data/test61 @@ -22,6 +22,7 @@ SET-COOKIE: test2=yes; domain=host.foo.com; expires=Fri Feb 2 11:56:27 GMT 2035 Set-Cookie: test3=maybe; domain=foo.com; path=/moo; secure
Set-Cookie: test4=no; domain=nope.foo.com; path=/moo; secure
Set-Cookie: test5=name; domain=anything.com; path=/ ; secure
+Set-Cookie: fake=fooledyou; domain=..com; path=/;
Content-Length: 4
boo |