Skip to content
Commit 8a75dbeb authored by Tim Rühsen's avatar Tim Rühsen Committed by Daniel Stenberg
Browse files

cookies: only use full host matches for hosts used as IP address 

By not detecting and rejecting domain names for partial literal IP
addresses properly when parsing received HTTP cookies, libcurl can be
fooled to both send cookies to wrong sites and to allow arbitrary sites
to set cookies for others.

CVE-2014-3613

Bug: http://curl.haxx.se/docs/adv_20140910A.html
parent 1ccfabb6
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment