From a76825a5efa6b41d3a1d4f275dada2f017f6f566 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 19 Aug 2014 21:11:20 +0200 Subject: cookies: reject incoming cookies set for TLDs Test 61 was modified to verify this. CVE-2014-3620 Reported-by: Tim Ruehsen URL: http://curl.haxx.se/docs/adv_20140910B.html --- tests/data/test61 | 1 + 1 file changed, 1 insertion(+) (limited to 'tests/data') diff --git a/tests/data/test61 b/tests/data/test61 index d2de2790a..e6dbbb901 100644 --- a/tests/data/test61 +++ b/tests/data/test61 @@ -23,6 +23,7 @@ Set-Cookie: test3=maybe; domain=foo.com; path=/moo; secure Set-Cookie: test4=no; domain=nope.foo.com; path=/moo; secure Set-Cookie: test5=name; domain=anything.com; path=/ ; secure Set-Cookie: fake=fooledyou; domain=..com; path=/; +Set-Cookie: supercookie=fooledyou; domain=.com; path=/;^M Content-Length: 4 boo -- cgit v1.2.3