From: Daniel Stenberg <daniel@haxx.se>
Date: Sun, 3 Mar 2024 17:41:52 +0000 (+0100)
Subject: cookie: if psl fails, reject the cookie
X-Git-Tag: curl-8_7_0~95
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=945475750814e119f817ff73fb71f1435aee87b1;p=thirdparty%2Fcurl.git

cookie: if psl fails, reject the cookie

A libpsl install without data and no built-in database is now considered
bad enough to reject all cookies since they cannot be checked. It is
somewhat of a user error, but still.

Reported-by: Dan Fandrich
Closes #13033
---

diff --git a/lib/cookie.c b/lib/cookie.c
index d10dd572ba..c1ed2913c4 100644
--- a/lib/cookie.c
+++ b/lib/cookie.c
@@ -426,6 +426,7 @@ static void remove_expired(struct CookieInfo *cookies)
   }
 }
 
+#ifndef USE_LIBPSL
 /* Make sure domain contains a dot or is localhost. */
 static bool bad_domain(const char *domain, size_t len)
 {
@@ -443,6 +444,7 @@ static bool bad_domain(const char *domain, size_t len)
   }
   return TRUE;
 }
+#endif
 
 /*
   RFC 6265 section 4.1.1 says a server should accept this range:
@@ -1040,7 +1042,7 @@ Curl_cookie_add(struct Curl_easy *data,
         Curl_psl_release(data);
       }
       else
-        acceptable = !bad_domain(domain, strlen(domain));
+        infof(data, "libpsl problem, rejecting cookie for satety");
     }
 
     if(!acceptable) {