projects / platform / upstream / libsoup.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f12dfb9)
cookie-jar: bail if hostname is an empty string (CVE-2018-12910) 92/188392/1 accepted/tizen_5.0_unified tizen_5.0 accepted/tizen/5.0/unified/20181102.025625 accepted/tizen/unified/20180905.140127 submit/tizen/20180905.001920 submit/tizen_5.0/20181101.000007
authorchleun.moon <chleun.moon@samsung.com>
Tue, 4 Sep 2018 11:00:10 +0000 (20:00 +0900)
committerchleun.moon <chleun.moon@samsung.com>
Tue, 4 Sep 2018 11:00:15 +0000 (20:00 +0900)
https://nvd.nist.gov/vuln/detail/CVE-2018-12910

Change-Id: Icd72ec579aaf2e4d372be33ebb9346a34565d097
Signed-off-by: Cheoleun Moon <chleun.moon@samsung.com>
libsoup/soup-cookie-jar.c patch | blob | history

diff --git a/libsoup/soup-cookie-jar.c b/libsoup/soup-cookie-jar.c
index eac9cd9..fddf2ec 100755 (executable)
--- a/libsoup/soup-cookie-jar.c
+++ b/libsoup/soup-cookie-jar.c
@@ -307,7 +307,7 @@ get_cookies (SoupCookieJar *jar, SoupURI *uri, gboolean for_http, gboolean copy_
 
        priv = SOUP_COOKIE_JAR_GET_PRIVATE (jar);
 
-       if (!uri->host)
+       if (!uri->host || !uri->host[0])
                return NULL;
 
        /* The logic here is a little weird, but the plan is that if
Domain: Network & Connectivity / Data Network;