49 lines
1.6 KiB
Diff
49 lines
1.6 KiB
Diff
From 2b0994c29a721c91c572cff7808c572a24d251eb Mon Sep 17 00:00:00 2001
|
|
From: Daniel Stenberg <daniel@haxx.se>
|
|
Date: Thu, 23 Nov 2023 08:15:47 +0100
|
|
Subject: [PATCH] cookie: lowercase the domain names before PSL checks
|
|
|
|
Reported-by: Harry Sintonen
|
|
|
|
Closes #12387
|
|
---
|
|
lib/cookie.c | 24 ++++++++++++++++--------
|
|
1 file changed, 16 insertions(+), 8 deletions(-)
|
|
|
|
diff --git a/lib/cookie.c b/lib/cookie.c
|
|
index 568cf537ad1b1f..9095cea3e97f22 100644
|
|
--- a/lib/cookie.c
|
|
+++ b/lib/cookie.c
|
|
@@ -1027,15 +1027,23 @@ Curl_cookie_add(struct Curl_easy *data,
|
|
#ifdef USE_LIBPSL
|
|
/* Check if the domain is a Public Suffix and if yes, ignore the cookie. */
|
|
if(domain && co->domain && !isip(co->domain)) {
|
|
- const psl_ctx_t *psl = Curl_psl_use(data);
|
|
- int acceptable;
|
|
-
|
|
- if(psl) {
|
|
- acceptable = psl_is_cookie_domain_acceptable(psl, domain, co->domain);
|
|
- Curl_psl_release(data);
|
|
+ bool acceptable = FALSE;
|
|
+ char lcase[256];
|
|
+ char lcookie[256];
|
|
+ size_t dlen = strlen(domain);
|
|
+ size_t clen = strlen(co->domain);
|
|
+ if((dlen < sizeof(lcase)) && (clen < sizeof(lcookie))) {
|
|
+ const psl_ctx_t *psl = Curl_psl_use(data);
|
|
+ if(psl) {
|
|
+ /* the PSL check requires lowercase domain name and pattern */
|
|
+ Curl_strntolower(lcase, domain, dlen + 1);
|
|
+ Curl_strntolower(lcookie, co->domain, clen + 1);
|
|
+ acceptable = psl_is_cookie_domain_acceptable(psl, lcase, lcookie);
|
|
+ Curl_psl_release(data);
|
|
+ }
|
|
+ else
|
|
+ acceptable = !bad_domain(domain);
|
|
}
|
|
- else
|
|
- acceptable = !bad_domain(domain);
|
|
|
|
if(!acceptable) {
|
|
infof(data, "cookie '%s' dropped, domain '%s' must not "
|