File curl-CVE-2014-3620.patch of Package curl.openSUSE_Leap_42.3_Update
From fd7ae600adf23a9a1ed619165c5058bdec216e9c Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 19 Aug 2014 21:11:20 +0200
Subject: [PATCH] cookies: reject incoming cookies set for TLDs
Test 61 was modified to verify this.
CVE-2014-3620
Reported-by: Tim Ruehsen
URL: http://curl.haxx.se/docs/adv_20140910B.html
---
lib/cookie.c | 6 ++++++
tests/data/test61 | 1 +
2 files changed, 7 insertions(+)
Index: curl-7.37.0/lib/cookie.c
===================================================================
--- curl-7.37.0.orig/lib/cookie.c 2014-09-10 17:22:55.987567327 +0200
+++ curl-7.37.0/lib/cookie.c 2014-09-10 17:22:59.382608188 +0200
@@ -463,6 +463,7 @@ Curl_cookie_add(struct SessionHandle *da
}
else if(Curl_raw_equal("domain", name)) {
bool is_ip;
+ const char *dotp;
/* Now, we make sure that our host is within the given domain,
or the given domain is not valid and thus cannot be set. */
@@ -472,6 +473,11 @@ Curl_cookie_add(struct SessionHandle *da
is_ip = isip(domain ? domain : whatptr);
+ /* check for more dots */
+ dotp = strchr(whatptr, '.');
+ if(!dotp)
+ domain=":";
+
if(!domain
|| (is_ip && !strcmp(whatptr, domain))
|| (!is_ip && tailmatch(whatptr, domain))) {
Index: curl-7.37.0/tests/data/test61
===================================================================
--- curl-7.37.0.orig/tests/data/test61 2014-09-10 17:22:59.383608199 +0200
+++ curl-7.37.0/tests/data/test61 2014-09-10 17:23:23.325896381 +0200
@@ -23,6 +23,7 @@ Set-Cookie: test3=maybe; domain=foo.com;
Set-Cookie: test4=no; domain=nope.foo.com; path=/moo; secure
Set-Cookie: test5=name; domain=anything.com; path=/ ; secure
Set-Cookie: fake=fooledyou; domain=..com; path=/;
++Set-Cookie: supercookie=fooledyou; domain=.com; path=/;^M
Content-Length: 4
boo