From: chleun.moon <chleun.moon@samsung.com>
Date: Tue, 4 Sep 2018 11:00:10 +0000 (+0900)
Subject: cookie-jar: bail if hostname is an empty string (CVE-2018-12910)
X-Git-Tag: accepted/tizen/5.0/unified/20181102.025625^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=a62b2962a87d5861c5438b93c670a5b42cb6337b;p=platform%2Fupstream%2Flibsoup.git

cookie-jar: bail if hostname is an empty string (CVE-2018-12910)

https://nvd.nist.gov/vuln/detail/CVE-2018-12910

Change-Id: Icd72ec579aaf2e4d372be33ebb9346a34565d097
Signed-off-by: Cheoleun Moon <chleun.moon@samsung.com>
---

diff --git a/libsoup/soup-cookie-jar.c b/libsoup/soup-cookie-jar.c
index eac9cd9..fddf2ec 100755
--- a/libsoup/soup-cookie-jar.c
+++ b/libsoup/soup-cookie-jar.c
@@ -307,7 +307,7 @@ get_cookies (SoupCookieJar *jar, SoupURI *uri, gboolean for_http, gboolean copy_
 
 	priv = SOUP_COOKIE_JAR_GET_PRIVATE (jar);
 
-	if (!uri->host)
+	if (!uri->host || !uri->host[0])
 		return NULL;
 
 	/* The logic here is a little weird, but the plan is that if