summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorchleun.moon <chleun.moon@samsung.com>2018-09-04 20:00:10 +0900
committerchleun.moon <chleun.moon@samsung.com>2018-09-04 20:00:15 +0900
commita62b2962a87d5861c5438b93c670a5b42cb6337b (patch)
tree535b27649c2bb8ac10c525b5960035b07ecfb3f4
parentf12dfb9a8b56572461e3a0a54db3fa6296ae3021 (diff)
downloadlibsoup-tizen_5.0.tar.gz
libsoup-tizen_5.0.tar.bz2
libsoup-tizen_5.0.zip
cookie-jar: bail if hostname is an empty string (CVE-2018-12910)submit/tizen_5.0/20181101.000007submit/tizen/20180905.001920accepted/tizen/unified/20180905.140127accepted/tizen/5.0/unified/20181102.025625tizen_5.0accepted/tizen_5.0_unified
https://nvd.nist.gov/vuln/detail/CVE-2018-12910 Change-Id: Icd72ec579aaf2e4d372be33ebb9346a34565d097 Signed-off-by: Cheoleun Moon <chleun.moon@samsung.com>
Diffstat
-rwxr-xr-xlibsoup/soup-cookie-jar.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/libsoup/soup-cookie-jar.c b/libsoup/soup-cookie-jar.c
index eac9cd96..fddf2ec8 100755
--- a/libsoup/soup-cookie-jar.c
+++ b/libsoup/soup-cookie-jar.c
@@ -307,7 +307,7 @@ get_cookies (SoupCookieJar *jar, SoupURI *uri, gboolean for_http, gboolean copy_
priv = SOUP_COOKIE_JAR_GET_PRIVATE (jar);
- if (!uri->host)
+ if (!uri->host || !uri->host[0])
return NULL;
/* The logic here is a little weird, but the plan is that if
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-21 20:50:21 +0000