romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-05-19 15:46:25 +03:00
Code Issues Projects Releases Packages Wiki Activity

cookie: treat a blank domain in Set-Cookie: as non-existing

Browse source 
This matches what RFC 6265 section 5.2.3 says.

Extended test 31 to verify.

Fixes #9164
Reported-by: Gwen Shapira
Closes #9177
This commit is contained in:
Daniel Stenberg 2022-07-19 00:05:43 +02:00
parent c2e72c7812
commit 4c0ac2aa59
No known key found for this signature in database
GPG key ID: 5CC908FDB71E12C2
2 changed files with 3 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
lib/cookie.c
View file

@ -637,7 +637,7 @@ Curl_cookie_add(struct Curl_easy *data,
break;
}
}
else if(strcasecompare("domain", name)) {
else if(strcasecompare("domain", name) && whatptr[0]) {
bool is_ip;
/*

2
tests/data/test31
View file

@ -22,6 +22,7 @@ Server: test-server/fake
Content-Length: 4
Content-Type: text/html
Funny-head: yesyes
Set-Cookie: blankdomain=sure; domain=; path=/
%if !hyper
Set-Cookie: foobar=name; domain=anything.com; path=/ ; secure
Set-Cookie:ismatch=this ; domain=test31.curl; path=/silly/
@ -162,6 +163,7 @@ test31.curl FALSE /we/want/ FALSE 2118138987 nodomain value
#HttpOnly_.test31.curl TRUE /p1/ FALSE 0 httpo1 value1
.test31.curl TRUE /overwrite FALSE 0 overwrite this2
.test31.curl TRUE /silly/ FALSE 0 ismatch this
test31.curl FALSE / FALSE 0 blankdomain sure
</file>
</verify>
</testcase>