cookie: fix tailmatching to prevent cross-domain leakage (2eb8dcf2) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP curl

Commit 2eb8dcf2 authored Apr 11, 2013 by

Yamada Yasuharu Committed by Daniel Stenberg Apr 11, 2013

cookie: fix tailmatching to prevent cross-domain leakage

Cookies set for 'example.com' could accidentaly also be sent by libcurl
to the 'bexample.com' (ie with a prefix to the first domain name).

This is a security vulnerabilty, CVE-2013-1944.

Bug: http://curl.haxx.se/docs/adv_20130412.html

parent 96ffe645

Hide whitespace changes

Inline Side-by-side

Please register or to comment