[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 113/219: cookie: Guard against possible NULL ptr de
From: |
gnunet |
Subject: |
[GNUnet-SVN] [gnurl] 113/219: cookie: Guard against possible NULL ptr deref |
Date: |
Wed, 22 May 2019 19:17:32 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit b45fd8938e534091b4be2051093c6f38b8771ec8
Author: Daniel Gustafsson <address@hidden>
AuthorDate: Wed May 1 13:14:15 2019 +0200
cookie: Guard against possible NULL ptr deref
In case the name pointer isn't set (due to memory pressure most likely)
we need to skip the prefix matching and reject with a badcookie to avoid
a possible NULL pointer dereference.
Closes #3820 #3821
Reported-by: Jonathan Moerman
Reviewed-by: Daniel Stenberg <address@hidden>
---
lib/cookie.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/lib/cookie.c b/lib/cookie.c
index d26fd03f7..15bb28166 100644
--- a/lib/cookie.c
+++ b/lib/cookie.c
@@ -874,11 +874,13 @@ Curl_cookie_add(struct Curl_easy *data,
co->name = strdup(ptr);
if(!co->name)
badcookie = TRUE;
- /* For Netscape file format cookies we check prefix on the name */
- if(strncasecompare("__Secure-", co->name, 9))
- co->prefix |= COOKIE_PREFIX__SECURE;
- else if(strncasecompare("__Host-", co->name, 7))
- co->prefix |= COOKIE_PREFIX__HOST;
+ else {
+ /* For Netscape file format cookies we check prefix on the name */
+ if(strncasecompare("__Secure-", co->name, 9))
+ co->prefix |= COOKIE_PREFIX__SECURE;
+ else if(strncasecompare("__Host-", co->name, 7))
+ co->prefix |= COOKIE_PREFIX__HOST;
+ }
break;
case 6:
co->value = strdup(ptr);
--
To stop receiving notification emails like this one, please contact
address@hidden
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] [gnurl] 113/219: cookie: Guard against possible NULL ptr deref,
gnunet <=