-
Notifications
You must be signed in to change notification settings - Fork 87
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[PA-6145]: Applied Curl Patch CVE-2023-46218
- Loading branch information
Showing
2 changed files
with
46 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,45 @@ | ||
| From 2b0994c29a721c91c572cff7808c572a24d251eb Thu Nov 23 00:00:00 2023 | ||
| From: Daniel Stenberg <[email protected]> | ||
| Date: Thu, 23 Nov 2023 23:28:32 +0200 | ||
| Subject: [PATCH] cookie: lowercase the domain names before PSL checks | ||
|
|
||
| Reported-by: Harry Sintonen | ||
|
|
||
| Closes #12387 | ||
| --- | ||
| diff --git a/lib/cookie.c b/lib/cookie.c | ||
| index c457b2d95..fc3f2bd98 100644 | ||
| --- a/lib/cookie.c | ||
| +++ b/lib/cookie.c | ||
| @@ -1049,15 +1049,23 @@ Curl_cookie_add(struct Curl_easy *data, | ||
| * dereference it. | ||
| */ | ||
| if(data && (domain && co->domain && !Curl_host_is_ipnum(co->domain))) { | ||
| - const psl_ctx_t *psl = Curl_psl_use(data); | ||
| - int acceptable; | ||
| - | ||
| - if(psl) { | ||
| - acceptable = psl_is_cookie_domain_acceptable(psl, domain, co->domain); | ||
| - Curl_psl_release(data); | ||
| + bool acceptable = FALSE; | ||
| + char lcase[256]; | ||
| + char lcookie[256]; | ||
| + size_t dlen = strlen(domain); | ||
| + size_t clen = strlen(co->domain); | ||
| + if((dlen < sizeof(lcase)) && (clen < sizeof(lcookie))) { | ||
| + const psl_ctx_t *psl = Curl_psl_use(data); | ||
| + if(psl) { | ||
| + /* the PSL check requires lowercase domain name and pattern */ | ||
| + Curl_strntolower(lcase, domain, dlen + 1); | ||
| + Curl_strntolower(lcookie, co->domain, clen + 1); | ||
| + acceptable = psl_is_cookie_domain_acceptable(psl, lcase, lcookie); | ||
| + Curl_psl_release(data); | ||
| + } | ||
| + else | ||
| + acceptable = !bad_domain(domain, strlen(domain)); | ||
| } | ||
| - else | ||
| - acceptable = !bad_domain(domain); | ||
|
|
||
| if(!acceptable) { | ||
| infof(data, "cookie '%s' dropped, domain '%s' must not " |