WARNING! Gitlab maintenance operation scheduled for Thursday, 18 June between 19:00 and 20:00 (CET). During this time window, short service interruptions (less than 5 minutes) may occur. Thank you in advance for your understanding.

Commit b45fd893 authored May 01, 2019 by Daniel Gustafsson

cookie: Guard against possible NULL ptr deref



In case the name pointer isn't set (due to memory pressure most likely)
we need to skip the prefix matching and reject with a badcookie to avoid
a possible NULL pointer dereference.

Closes #3820 #3821
Reported-by: Jonathan Moerman
Reviewed-by: Daniel Stenberg <daniel@haxx.se>

parent b898b4c0

lib/cookie.c

+7 −5

Original line number	Diff line number	Diff line
		@@ -874,11 +874,13 @@ Curl_cookie_add(struct Curl_easy *data,
		co->name = strdup(ptr);
		if(!co->name)
		badcookie = TRUE;
		else {
		/* For Netscape file format cookies we check prefix on the name */
		if(strncasecompare("__Secure-", co->name, 9))
		co->prefix \|= COOKIE_PREFIX__SECURE;
		else if(strncasecompare("__Host-", co->name, 7))
		co->prefix \|= COOKIE_PREFIX__HOST;
		}
		break;
		case 6:
		co->value = strdup(ptr);

Admin message