Hello cURL hackers, I noticed that the cookie tailmatch() function returns true if following case: - cookie comain is example.com or .example.com. - hostname is abcexample.com
Because tailmatch() does not check whether the charactor of ab'c'example.com position is '.'. So, the current cURL receives/sends a cookie for invalid host. RFC6265 4.1.2.3. The Domain Attribute says: For example, if the value of the Domain attribute is "example.com", the user agent will include the cookie in the Cookie header when making HTTP requests to example.com, www.example.com, and www.corp.example.com. I think this says "the user agent DO NOT make HTTP request to abcexample.com ". An attached patch fixs this problem. -- . ________________________________________ The contents of this e-mail message and any attachments are confidential and are intended solely for the addressee. The information may also be legally privileged. This transmission is sent in trust, and the sole purpose of delivery to the intended recipient. If you have received this transmission in error, any use, reproduction or dissemination of this transmission is strictly prohibited. If you are not the intended recipient, please immediately notify the sender by reply e-mailer and delete this message and its attachments, if any. Thank you for your cooperation. ________________________________________
cookie_tailmatch.diff
Description: Binary data
------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
