diff options
author | chleun.moon <chleun.moon@samsung.com> | 2018-09-04 20:00:10 +0900 |
---|---|---|
committer | chleun.moon <chleun.moon@samsung.com> | 2018-09-04 20:00:15 +0900 |
commit | a62b2962a87d5861c5438b93c670a5b42cb6337b (patch) | |
tree | 535b27649c2bb8ac10c525b5960035b07ecfb3f4 | |
parent | f12dfb9a8b56572461e3a0a54db3fa6296ae3021 (diff) | |
download | libsoup-a62b2962a87d5861c5438b93c670a5b42cb6337b.tar.gz libsoup-a62b2962a87d5861c5438b93c670a5b42cb6337b.tar.bz2 libsoup-a62b2962a87d5861c5438b93c670a5b42cb6337b.zip |
cookie-jar: bail if hostname is an empty string (CVE-2018-12910)submit/tizen_5.0/20181101.000007submit/tizen/20180905.001920accepted/tizen/unified/20180905.140127accepted/tizen/5.0/unified/20181102.025625tizen_5.0accepted/tizen_5.0_unified
https://nvd.nist.gov/vuln/detail/CVE-2018-12910
Change-Id: Icd72ec579aaf2e4d372be33ebb9346a34565d097
Signed-off-by: Cheoleun Moon <chleun.moon@samsung.com>
-rwxr-xr-x | libsoup/soup-cookie-jar.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/libsoup/soup-cookie-jar.c b/libsoup/soup-cookie-jar.c index eac9cd96..fddf2ec8 100755 --- a/libsoup/soup-cookie-jar.c +++ b/libsoup/soup-cookie-jar.c @@ -307,7 +307,7 @@ get_cookies (SoupCookieJar *jar, SoupURI *uri, gboolean for_http, gboolean copy_ priv = SOUP_COOKIE_JAR_GET_PRIVATE (jar); - if (!uri->host) + if (!uri->host || !uri->host[0]) return NULL; /* The logic here is a little weird, but the plan is that if |