From 8a75dbeb2305297640453029b7905ef51b87e8dd Mon Sep 17 00:00:00 2001
From: Tim Ruehsen <tim.ruehsen@gmx.de>
Date: Tue, 19 Aug 2014 21:01:28 +0200
Subject: cookies: only use full host matches for hosts used as IP address

By not detecting and rejecting domain names for partial literal IP
addresses properly when parsing received HTTP cookies, libcurl can be
fooled to both send cookies to wrong sites and to allow arbitrary sites
to set cookies for others.

CVE-2014-3613

Bug: http://curl.haxx.se/docs/adv_20140910A.html
---
 tests/data/test8 | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'tests/data/test8')

diff --git a/tests/data/test8 b/tests/data/test8
index 4d5454153..030fd55eb 100644
--- a/tests/data/test8
+++ b/tests/data/test8
@@ -42,7 +42,8 @@ Set-Cookie: duplicate=test; domain=.0.0.1; domain=.0.0.1; path=/donkey;
 Set-Cookie: cookie=yes; path=/we;
 Set-Cookie: cookie=perhaps; path=/we/want;
 Set-Cookie: nocookie=yes; path=/WE;
-Set-Cookie: blexp=yesyes; domain=.0.0.1; domain=.0.0.1; expiry=totally bad;
+Set-Cookie: blexp=yesyes; domain=%HOSTIP; domain=%HOSTIP; expiry=totally bad;
+Set-Cookie: partialip=nono; domain=.0.0.1;
 
 </file>
 <precheck>
-- 
cgit v1.2.3