projects / platform / upstream / curl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 96ffe64) | patch
cookie: fix tailmatching to prevent cross-domain leakage
authorYAMADA Yasuharu <yasuharu.yamada@access-company.com>
Wed, 10 Apr 2013 22:17:15 +0000 (00:17 +0200)
committerDaniel Stenberg <daniel@haxx.se>
Thu, 11 Apr 2013 21:52:12 +0000 (23:52 +0200)
commit2eb8dcf26cb37f09cffe26909a646e702dbcab66
treebb1b22e9302afec2abe6e795533b9860ab691298tree | snapshot
parent96ffe645fd2494f14780f7c105fcfeeb8ca7d94fcommit | diff
cookie: fix tailmatching to prevent cross-domain leakage

Cookies set for 'example.com' could accidentaly also be sent by libcurl
to the 'bexample.com' (ie with a prefix to the first domain name).

This is a security vulnerabilty, CVE-2013-1944.

Bug: http://curl.haxx.se/docs/adv_20130412.html
lib/cookie.c diff | blob | history
Domain: Network & Connectivity / Data Network;