Commit b45fd893 authored by Daniel Gustafsson's avatar Daniel Gustafsson
Browse files

cookie: Guard against possible NULL ptr deref 



In case the name pointer isn't set (due to memory pressure most likely)
we need to skip the prefix matching and reject with a badcookie to avoid
a possible NULL pointer dereference.

Closes #3820 #3821
Reported-by: Jonathan Moerman
Reviewed-by: default avatarDaniel Stenberg <daniel@haxx.se>
parent b898b4c0

lib/cookie.c

+7 −5
Original line number Diff line number Diff line
@@ -874,11 +874,13 @@ Curl_cookie_add(struct Curl_easy *data, 
        co->name = strdup(ptr);

        if(!co->name)

          badcookie = TRUE;

        else {

          /* For Netscape file format cookies we check prefix on the name */

          if(strncasecompare("__Secure-", co->name, 9))

            co->prefix |= COOKIE_PREFIX__SECURE;

          else if(strncasecompare("__Host-", co->name, 7))

            co->prefix |= COOKIE_PREFIX__HOST;

        }

        break;

      case 6:

        co->value = strdup(ptr);