mirror of
https://github.com/curl/curl.git
synced 2024-12-15 06:40:09 +08:00
cookies: make bad_domain() not consider a trailing dot fine
The check for a dot in the domain must not consider a single trailing dot to be fine, as then TLD + trailing dot is fine and curl will accept setting cookies for it. CVE-2022-27779 Reported-by: Axel Chong Bug: https://curl.se/docs/CVE-2022-27779.html Closes #8820
This commit is contained in:
parent
f8cb6c610a
commit
7e92d12b4e
10
lib/cookie.c
10
lib/cookie.c
@ -427,7 +427,15 @@ static void remove_expired(struct CookieInfo *cookies)
|
||||
/* Make sure domain contains a dot or is localhost. */
|
||||
static bool bad_domain(const char *domain)
|
||||
{
|
||||
return !strchr(domain, '.') && !strcasecompare(domain, "localhost");
|
||||
if(strcasecompare(domain, "localhost"))
|
||||
return FALSE;
|
||||
else {
|
||||
/* there must be a dot present, but that dot must not be a trailing dot */
|
||||
char *dot = strchr(domain, '.');
|
||||
if(dot)
|
||||
return dot[1] ? FALSE : TRUE;
|
||||
}
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/*
|
||||
|
Loading…
Reference in New Issue
Block a user