1 |
Hand-applied and refreshed by sarnold. |
2 |
|
3 |
From 5b1bca89609f67fcd27cea0e9f382c8c1caad041 Mon Sep 17 00:00:00 2001 |
4 |
From: YAMADA Yasuharu <yasuharu.yamada@access-company.com> |
5 |
Date: Wed, 10 Apr 2013 11:22:09 +0200 |
6 |
Subject: [PATCH] cookie: fix tailmatching to prevent cross-domain leakage |
7 |
|
8 |
Cookies set for 'example.com' could accidentaly also be sent by libcurl |
9 |
to the 'bexample.com' (ie with a prefix to the first domain name). |
10 |
|
11 |
--- |
12 |
lib/cookie.c | 24 +++++++++++++++++++----- |
13 |
1 file changed, 19 insertions(+), 5 deletions(-) |
14 |
|
15 |
Index: b/lib/cookie.c |
16 |
=================================================================== |
17 |
--- a/lib/cookie.c |
18 |
+++ b/lib/cookie.c |
19 |
@@ -122,15 +122,29 @@ |
20 |
free(co); |
21 |
} |
22 |
|
23 |
-static bool tailmatch(const char *little, const char *bigone) |
24 |
+static bool tailmatch(const char *cooke_domain, const char *hostname) |
25 |
{ |
26 |
- size_t littlelen = strlen(little); |
27 |
- size_t biglen = strlen(bigone); |
28 |
+ size_t cookie_domain_len = strlen(cooke_domain); |
29 |
+ size_t hostname_len = strlen(hostname); |
30 |
|
31 |
- if(littlelen > biglen) |
32 |
+ if(hostname_len < cookie_domain_len) |
33 |
return FALSE; |
34 |
|
35 |
- return (bool)Curl_raw_equal(little, bigone+biglen-littlelen); |
36 |
+ if(!Curl_raw_equal(cooke_domain, hostname+hostname_len-cookie_domain_len)) |
37 |
+ return FALSE; |
38 |
+ |
39 |
+ /* A lead char of cookie_domain is not '.'. |
40 |
+ RFC6265 4.1.2.3. The Domain Attribute says: |
41 |
+ For example, if the value of the Domain attribute is |
42 |
+ "example.com", the user agent will include the cookie in the Cookie |
43 |
+ header when making HTTP requests to example.com, www.example.com, and |
44 |
+ www.corp.example.com. |
45 |
+ */ |
46 |
+ if(hostname_len == cookie_domain_len) |
47 |
+ return TRUE; |
48 |
+ if('.' == *(hostname + hostname_len - cookie_domain_len - 1)) |
49 |
+ return TRUE; |
50 |
+ return FALSE; |
51 |
} |
52 |
|
53 |
/* |