From 5b5e2f7318bff3244def7c5865db47657dcf877b Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 26 Feb 2025 07:54:15 +0100
Subject: [PATCH] cookie: do prefix matching case-sensitively

According to section 4.1.3.1 and 4.1.3.2 of
draft-ietf-httpbis-rfc6265bis-19

Ref: https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-19#section-4.1.3.1

Closes #16494
---
 lib/cookie.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/cookie.c b/lib/cookie.c
index 9ef7375327..519fcdc4af 100644
--- a/lib/cookie.c
+++ b/lib/cookie.c
@@ -536,9 +536,9 @@ parse_cookie_header(struct Curl_easy *data,
        * "the rest". Prefixes must start with '__' and end with a '-', so
        * only test for names where that can possibly be true.
        */
-      if(strncasecompare("__Secure-", Curl_str(&name), 9))
+      if(!strncmp("__Secure-", Curl_str(&name), 9))
         co->prefix_secure = TRUE;
-      else if(strncasecompare("__Host-", Curl_str(&name), 7))
+      else if(!strncmp("__Host-", Curl_str(&name), 7))
         co->prefix_host = TRUE;
 
       /*
-- 
2.47.3