author | Petr Nyc <Petr.Nyc@Oracle.COM> |
Wed, 08 Oct 2014 05:29:12 -0700 | |
branch | s11u2-sru |
changeset 3375 | 3724eda7445e |
parent 3314 | d9e2a20bc0aa |
permissions | -rw-r--r-- |
3314
d9e2a20bc0aa
19548009 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
1 |
From ceab2ea8f0c0fc4c4be219240ccf99ddc2de7b22 Mon Sep 17 00:00:00 2001 |
d9e2a20bc0aa
19548009 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
2 |
From: Daniel Stenberg <[email protected]> |
d9e2a20bc0aa
19548009 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
3 |
Date: Tue, 19 Aug 2014 21:11:20 +0200 |
d9e2a20bc0aa
19548009 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
4 |
Subject: [PATCH 2/2] cookies: reject incoming cookies set for TLDs |
d9e2a20bc0aa
19548009 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
5 |
|
d9e2a20bc0aa
19548009 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
6 |
Test 61 was modified to verify this. |
d9e2a20bc0aa
19548009 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
7 |
|
d9e2a20bc0aa
19548009 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
8 |
Reported-by: Tim Ruehsen |
d9e2a20bc0aa
19548009 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
9 |
--- |
d9e2a20bc0aa
19548009 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
10 |
lib/cookie.c | 6 ++++++ |
d9e2a20bc0aa
19548009 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
11 |
tests/data/test61 | 1 + |
d9e2a20bc0aa
19548009 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
12 |
2 files changed, 7 insertions(+) |
d9e2a20bc0aa
19548009 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
13 |
|
d9e2a20bc0aa
19548009 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
14 |
This problem has been fixed upstream in curl version 7.38.0 |
d9e2a20bc0aa
19548009 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
15 |
|
d9e2a20bc0aa
19548009 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
16 |
--- lib/cookie.c.orig 2014-09-04 10:48:44.170722741 -0700 |
d9e2a20bc0aa
19548009 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
17 |
+++ lib/cookie.c 2014-09-04 10:44:28.980086252 -0700 |
d9e2a20bc0aa
19548009 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
18 |
@@ -303,6 +303,7 @@ |
d9e2a20bc0aa
19548009 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
19 |
} |
d9e2a20bc0aa
19548009 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
20 |
else if(Curl_raw_equal("domain", name)) { |
d9e2a20bc0aa
19548009 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
21 |
bool is_ip; |
d9e2a20bc0aa
19548009 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
22 |
+ const char *dotp; |
d9e2a20bc0aa
19548009 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
23 |
|
d9e2a20bc0aa
19548009 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
24 |
/* note that this name may or may not have a preceeding dot, but |
d9e2a20bc0aa
19548009 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
25 |
we don't care about that, we treat the names the same anyway */ |
d9e2a20bc0aa
19548009 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
26 |
@@ -347,6 +348,11 @@ |
d9e2a20bc0aa
19548009 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
27 |
|
d9e2a20bc0aa
19548009 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
28 |
is_ip = isip(domain ? domain : whatptr); |
d9e2a20bc0aa
19548009 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
29 |
|
d9e2a20bc0aa
19548009 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
30 |
+ /* check for more dots */ |
d9e2a20bc0aa
19548009 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
31 |
+ dotp = strchr(whatptr, '.'); |
d9e2a20bc0aa
19548009 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
32 |
+ if(!dotp) |
d9e2a20bc0aa
19548009 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
33 |
+ domain=":"; |
d9e2a20bc0aa
19548009 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
34 |
+ |
d9e2a20bc0aa
19548009 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
35 |
if(!domain |
d9e2a20bc0aa
19548009 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
36 |
|| (is_ip && !strcmp(whatptr, domain)) |
d9e2a20bc0aa
19548009 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
37 |
|| (!is_ip && tailmatch(whatptr, domain))) { |
d9e2a20bc0aa
19548009 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
38 |
--- tests/data/test61.orig 2014-09-04 10:50:40.756783312 -0700 |
d9e2a20bc0aa
19548009 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
39 |
+++ tests/data/test61 2014-09-04 10:53:06.461671210 -0700 |
d9e2a20bc0aa
19548009 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
40 |
@@ -22,6 +22,8 @@ |
d9e2a20bc0aa
19548009 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
41 |
Set-Cookie: test3=maybe; domain=foo.com; path=/moo; secure |
d9e2a20bc0aa
19548009 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
42 |
Set-Cookie: test4=no; domain=nope.foo.com; path=/moo; secure |
d9e2a20bc0aa
19548009 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
43 |
Set-Cookie: test5=name; domain=anything.com; path=/ ; secure |
d9e2a20bc0aa
19548009 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
44 |
+Set-Cookie: fake=fooledyou; domain=..com; path=/; |
d9e2a20bc0aa
19548009 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
45 |
+Set-Cookie: supercookie=fooledyou; domain=.com; path=/; |
d9e2a20bc0aa
19548009 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
46 |
Content-Length: 4 |
d9e2a20bc0aa
19548009 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
47 |
|
d9e2a20bc0aa
19548009 problem in LIBRARY/CURL
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
48 |
boo |