upstream/oracle/userland-gate: components/curl/patches/014-CVE-2014-3613-part2.patch@6efd64347fb0


From ceab2ea8f0c0fc4c4be219240ccf99ddc2de7b22 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <[email protected]>
Date: Tue, 19 Aug 2014 21:11:20 +0200
Subject: [PATCH 2/2] cookies: reject incoming cookies set for TLDs

Test 61 was modified to verify this.

Reported-by: Tim Ruehsen
---
 lib/cookie.c      | 6 ++++++
 tests/data/test61 | 1 +
 2 files changed, 7 insertions(+)

This problem has been fixed upstream in curl version 7.38.0

--- lib/cookie.c.orig	2014-09-02 16:45:06.782110349 -0700
+++ lib/cookie.c	2014-09-02 16:46:23.252037990 -0700
@@ -314,6 +314,7 @@
         }
         else if(Curl_raw_equal("domain", name)) {
           bool is_ip;
+          const char *dotp;
 
           /* note that this name may or may not have a preceding dot, but
              we don't care about that, we treat the names the same anyway */
@@ -360,6 +361,11 @@
 
             is_ip = isip(domain ? domain : whatptr);
 
+            /* check for more dots */
+            dotp = strchr(whatptr, '.');
+            if(!dotp)
+              domain=":";
+
             if(!domain
                || (is_ip && !strcmp(whatptr, domain))
                || (!is_ip && tailmatch(whatptr, domain))) {
--- tests/data/test61.orig	2014-09-02 16:22:41.267624972 -0700
+++ tests/data/test61	2014-09-02 16:47:10.419615833 -0700
@@ -23,6 +23,7 @@
 Set-Cookie: test4=no; domain=nope.foo.com; path=/moo; secure
 Set-Cookie: test5=name; domain=anything.com; path=/ ; secure
 Set-Cookie: fake=fooledyou; domain=..com; path=/;
+Set-Cookie: supercookie=fooledyou; domain=.com; path=/;
 Content-Length: 4
 
 boo

author	Rich Burridge <rich.burridge@oracle.com>
	Wed, 10 Sep 2014 08:54:16 -0700
changeset 2077	6efd64347fb0
permissions	-rw-r--r--