cookie: treat a blank domain in Set-Cookie: as non-existing

This matches what RFC 6265 section 5.2.3 says.

Extended test 31 to verify.

Fixes #9164
Reported-by: Gwen Shapira
Closes #9177

diff --git a/lib/cookie.c b/lib/cookie.c
index 622fa678a4dc37a1a7afca3acf8872a9e5e5f3ce..5a4d9e9725f623fbd4b8a3fcc4d3faac6ca55f9d 100644 (file)
--- a/lib/cookie.c
+++ b/lib/cookie.c
@@ -637,7 +637,7 @@ Curl_cookie_add(struct Curl_easy *data,
             break;
           }
         }
-        else if(strcasecompare("domain", name)) {
+        else if(strcasecompare("domain", name) && whatptr[0]) {
           bool is_ip;
 
           /*

diff --git a/tests/data/test31 b/tests/data/test31
index ac277264d89679c5753edcba48107a039940e15e..6dfd2d268d16fea42cbeb121985ca413deda0482 100644 (file)
--- a/tests/data/test31
+++ b/tests/data/test31
@@ -22,6 +22,7 @@ Server: test-server/fake
 Content-Length: 4\r
 Content-Type: text/html\r
 Funny-head: yesyes\r
+Set-Cookie: blankdomain=sure; domain=; path=/
 %if !hyper
 Set-Cookie: foobar=name; domain=anything.com; path=/ ; secure\r
 Set-Cookie:ismatch=this  ; domain=test31.curl; path=/silly/\r
@@ -162,6 +163,7 @@ test31.curl FALSE   /we/want/       FALSE   2118138987      nodomain        value
 #HttpOnly_.test31.curl TRUE    /p1/    FALSE   0       httpo1  value1
 .test31.curl   TRUE    /overwrite      FALSE   0       overwrite       this2
 .test31.curl   TRUE    /silly/ FALSE   0       ismatch this
+test31.curl    FALSE   /       FALSE   0       blankdomain     sure
 </file>
 </verify>
 </testcase>