summaryrefslogtreecommitdiffstats
path: root/meta/recipes-support/curl/curl/CVE-2014-3620.patch
blob: d11f1908af0a003474838793fdfa5d2109735114 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
From fd7ae600adf23a9a1ed619165c5058bdec216e9c Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 19 Aug 2014 21:11:20 +0200
Subject: [PATCH] cookies: reject incoming cookies set for TLDs

Test 61 was modified to verify this.

CVE-2014-3620

Reported-by: Tim Ruehsen
URL: http://curl.haxx.se/docs/adv_20140910B.html

Upstream-Status: Backport

Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
---
 lib/cookie.c      | 6 ++++++
 tests/data/test61 | 1 +
 2 files changed, 7 insertions(+)

diff --git a/lib/cookie.c b/lib/cookie.c
index 46904ac..375485f 100644
--- a/lib/cookie.c
+++ b/lib/cookie.c
@@ -461,19 +461,25 @@ Curl_cookie_add(struct SessionHandle *data,
             break;
           }
         }
         else if(Curl_raw_equal("domain", name)) {
           bool is_ip;
+          const char *dotp;
 
           /* Now, we make sure that our host is within the given domain,
              or the given domain is not valid and thus cannot be set. */
 
           if('.' == whatptr[0])
             whatptr++; /* ignore preceding dot */
 
           is_ip = isip(domain ? domain : whatptr);
 
+          /* check for more dots */
+          dotp = strchr(whatptr, '.');
+          if(!dotp)
+            domain=":";
+
           if(!domain
              || (is_ip && !strcmp(whatptr, domain))
              || (!is_ip && tailmatch(whatptr, domain))) {
             strstore(&co->domain, whatptr);
             if(!co->domain) {
diff --git a/tests/data/test61 b/tests/data/test61
index d2de279..e6dbbb9 100644
--- a/tests/data/test61
+++ b/tests/data/test61
@@ -21,10 +21,11 @@ Set-Cookie: test=yes; httponly; domain=foo.com; expires=Fri Feb 2 11:56:27 GMT 2
 SET-COOKIE: test2=yes; domain=host.foo.com; expires=Fri Feb 2 11:56:27 GMT 2035
 Set-Cookie: test3=maybe; domain=foo.com; path=/moo; secure
 Set-Cookie: test4=no; domain=nope.foo.com; path=/moo; secure
 Set-Cookie: test5=name; domain=anything.com; path=/ ; secure
 Set-Cookie: fake=fooledyou; domain=..com; path=/;
+Set-Cookie: supercookie=fooledyou; domain=.com; path=/;^M
 Content-Length: 4
 
 boo
 </data>
 </reply>
-- 
2.1.0