git.ipfire.org Git - thirdparty/curl.git/commit

]> git.ipfire.org Git - thirdparty/curl.git/commit

projects / thirdparty / curl.git / commit

author	Daniel Stenberg <daniel@haxx.se>
	Mon, 9 May 2022 14:47:06 +0000 (16:47 +0200)
committer	Daniel Stenberg <daniel@haxx.se>
	Mon, 9 May 2022 14:47:28 +0000 (16:47 +0200)
commit	7e92d12b4e6911f424678a133b19de670e183a59
tree	9628b1ffbd5394bbf3d5e9956dbdda9e28596fe5	tree
parent	f8cb6c610a8e1576f1f615918a8b0a8fbd0e4e85	commit \| diff

cookies: make bad_domain() not consider a trailing dot fine

The check for a dot in the domain must not consider a single trailing
dot to be fine, as then TLD + trailing dot is fine and curl will accept
setting cookies for it.

CVE-2022-27779

Reported-by: Axel Chong
Bug: https://curl.se/docs/CVE-2022-27779.html
Closes #8820

lib/cookie.c

diff | blob | blame | history

Mirror of https://github.com/curl/curl.git

RSS Atom