From a62b2962a87d5861c5438b93c670a5b42cb6337b Mon Sep 17 00:00:00 2001
From: "chleun.moon" <chleun.moon@samsung.com>
Date: Tue, 4 Sep 2018 20:00:10 +0900
Subject: [PATCH] cookie-jar: bail if hostname is an empty string
 (CVE-2018-12910)

https://nvd.nist.gov/vuln/detail/CVE-2018-12910

Change-Id: Icd72ec579aaf2e4d372be33ebb9346a34565d097
Signed-off-by: Cheoleun Moon <chleun.moon@samsung.com>
---
 libsoup/soup-cookie-jar.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libsoup/soup-cookie-jar.c b/libsoup/soup-cookie-jar.c
index eac9cd9..fddf2ec 100755
--- a/libsoup/soup-cookie-jar.c
+++ b/libsoup/soup-cookie-jar.c
@@ -307,7 +307,7 @@ get_cookies (SoupCookieJar *jar, SoupURI *uri, gboolean for_http, gboolean copy_
 
 	priv = SOUP_COOKIE_JAR_GET_PRIVATE (jar);
 
-	if (!uri->host)
+	if (!uri->host || !uri->host[0])
 		return NULL;
 
 	/* The logic here is a little weird, but the plan is that if
-- 
2.7.4