Google Git
Sign in
fuchsia / third_party / curl / 2eb8dcf26cb37f09cffe26909a646e702dbcab66
commit2eb8dcf26cb37f09cffe26909a646e702dbcab66[log] [tgz]
authorYAMADA Yasuharu <yasuharu.yamada@access-company.com>Thu Apr 11 00:17:15 2013 +0200
committerDaniel Stenberg <daniel@haxx.se>Thu Apr 11 23:52:12 2013 +0200
treebb1b22e9302afec2abe6e795533b9860ab691298
parent96ffe645fd2494f14780f7c105fcfeeb8ca7d94f [diff]
cookie: fix tailmatching to prevent cross-domain leakage

Cookies set for 'example.com' could accidentaly also be sent by libcurl
to the 'bexample.com' (ie with a prefix to the first domain name).

This is a security vulnerabilty, CVE-2013-1944.

Bug: http://curl.haxx.se/docs/adv_20130412.html
1 file changed
tree: bb1b22e9302afec2abe6e795533b9860ab691298
  1. CMake/
  2. docs/
  3. include/
  4. lib/
  5. m4/
  6. packages/
  7. perl/
  8. src/
  9. tests/
  10. vs/
  11. winbuild/
  12. .gitattributes
  13. .gitignore
  14. acinclude.m4
  15. buildconf
  16. buildconf.bat
  17. CHANGES
  18. CHANGES.0
  19. CMakeLists.txt
  20. configure.ac
  21. COPYING
  22. CTestConfig.cmake
  23. curl-config.in
  24. GIT-INFO
  25. install-sh
  26. libcurl.pc.in
  27. log2changes.pl
  28. MacOSX-Framework
  29. Makefile.am
  30. Makefile.dist
  31. maketgz
  32. missing
  33. mkinstalldirs
  34. README
  35. RELEASE-NOTES
  36. TODO-RELEASE