cookies: extend domain checks to non psl builds (3773de37) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP curl

lib/cookie.c

+8 −5

Original line number	Diff line number	Diff line
		@@ -803,6 +803,8 @@ Curl_cookie_add(struct Curl_easy *data,
		co->domain = strdup(ptr);
		if(!co->domain)
		badcookie = TRUE;
		else if(bad_domain(co->domain))
		badcookie = TRUE;
		break;
		case 1:
		/* This field got its explanation on the 23rd of May 2001 by
		@@ -906,18 +908,20 @@ Curl_cookie_add(struct Curl_easy *data,
		if(!noexpire)
		remove_expired(c);

		#ifdef USE_LIBPSL
		/* Check if the domain is a Public Suffix and if yes, ignore the cookie. */
		if(domain && co->domain && !isip(co->domain)) {
		const psl_ctx_t *psl = Curl_psl_use(data);
		int acceptable;
		#ifdef USE_LIBPSL
		const psl_ctx_t *psl = Curl_psl_use(data);

		/* Check if the domain is a Public Suffix and if yes, ignore the cookie. */
		if(psl) {
		acceptable = psl_is_cookie_domain_acceptable(psl, domain, co->domain);
		Curl_psl_release(data);
		}
		else
		acceptable = !bad_domain(domain);
		#endif
		/* Without libpsl, do the best we can. */
		acceptable = !bad_domain(co->domain);

		if(!acceptable) {
		infof(data, "cookie '%s' dropped, domain '%s' must not "
		@@ -926,7 +930,6 @@ Curl_cookie_add(struct Curl_easy *data,
		return NULL;
		}
		}
		#endif

		myhash = cookiehash(co->domain);
		clist = c->cookies[myhash];

+1 −0

Original line number	Diff line number	Diff line
		@@ -46,6 +46,7 @@ Set-Cookie: trailingspace = removed; path=/we/want;
		Set-Cookie: nocookie=yes; path=/WE;
		Set-Cookie: blexp=yesyes; domain=%HOSTIP; domain=%HOSTIP; expiry=totally bad;
		Set-Cookie: partialip=nono; domain=.0.0.1;
		Set-Cookie: chocolate=chip; domain=curl; path=/we/want;

		</file>
		<precheck>