cookie-jar: bail if hostname is an empty string (CVE-2018-12910)submit/tizen_4.0/20180905.001853accepted/tizen/4.0/unified/20180906.095308tizen_4.0accepted/tizen_4.0_unified

https://nvd.nist.gov/vuln/detail/CVE-2018-12910

Change-Id: Icd72ec579aaf2e4d372be33ebb9346a34565d097
Signed-off-by: Cheoleun Moon <chleun.moon@samsung.com>

1 files changed, 4 insertions, 4 deletions

diff --git a/libsoup/soup-cookie-jar.c b/libsoup/soup-cookie-jar.c
index eac9cd96..c8eb960a 100755
--- a/libsoup/soup-cookie-jar.c
+++ b/libsoup/soup-cookie-jar.c
@@ -176,7 +176,7 @@ soup_cookie_jar_class_init (SoupCookieJarClass *jar_class)
 			      G_STRUCT_OFFSET (SoupCookieJarClass, changed),
 			      NULL, NULL,
 			      NULL,
-			      G_TYPE_NONE, 2, 
+			      G_TYPE_NONE, 2,
 			      SOUP_TYPE_COOKIE | G_SIGNAL_TYPE_STATIC_SCOPE,
 			      SOUP_TYPE_COOKIE | G_SIGNAL_TYPE_STATIC_SCOPE);
 
@@ -229,7 +229,7 @@ soup_cookie_jar_class_init (SoupCookieJarClass *jar_class)
  * Since: 2.24
  **/
 SoupCookieJar *
-soup_cookie_jar_new (void) 
+soup_cookie_jar_new (void)
 {
 	return g_object_new (SOUP_TYPE_COOKIE_JAR, NULL);
 }
@@ -307,7 +307,7 @@ get_cookies (SoupCookieJar *jar, SoupURI *uri, gboolean for_http, gboolean copy_
 
 	priv = SOUP_COOKIE_JAR_GET_PRIVATE (jar);
 
-	if (!uri->host)
+	if (!uri->host || !uri->host[0])
 		return NULL;
 
 	/* The logic here is a little weird, but the plan is that if
@@ -834,7 +834,7 @@ soup_cookie_jar_get_accept_policy (SoupCookieJar *jar)
  * soup_cookie_jar_set_accept_policy:
  * @jar: a #SoupCookieJar
  * @policy: a #SoupCookieJarAcceptPolicy
- * 
+ *
  * Sets @policy as the cookie acceptance policy for @jar.
  *
  * Since: 2.30