mirror/curl
2
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2025-03-19 15:40:42 +08:00
Code Issues Packages Projects Releases Wiki Activity

cookie: if psl fails, reject the cookie

Browse Source 
A libpsl install without data and no built-in database is now considered
bad enough to reject all cookies since they cannot be checked. It is
somewhat of a user error, but still.

Reported-by: Dan Fandrich
Closes #13033
This commit is contained in:
Daniel Stenberg 2024-03-03 18:41:52 +01:00
parent e3905de819
commit 9454757508
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/cookie.c
View File

@ -426,6 +426,7 @@ static void remove_expired(struct CookieInfo *cookies)
}
}
#ifndef USE_LIBPSL
/* Make sure domain contains a dot or is localhost. */
static bool bad_domain(const char *domain, size_t len)
{
@ -443,6 +444,7 @@ static bool bad_domain(const char *domain, size_t len)
}
return TRUE;
}
#endif
/*
RFC 6265 section 4.1.1 says a server should accept this range:
@ -1040,7 +1042,7 @@ Curl_cookie_add(struct Curl_easy *data,
Curl_psl_release(data);
}
else
acceptable = !bad_domain(domain, strlen(domain));
infof(data, "libpsl problem, rejecting cookie for satety");
}
if(!acceptable) {