Home Explore Help
Register Sign In
OWEALs
/
curl
mirror of https://github.com/curl/curl.git
2
0
Fork 0
Files Issues 8 Wiki
Browse Source

cookie: if psl fails, reject the cookie

A libpsl install without data and no built-in database is now considered
bad enough to reject all cookies since they cannot be checked. It is
somewhat of a user error, but still.

Reported-by: Dan Fandrich
Closes #13033
Daniel Stenberg 1 month ago
parent
e3905de819
commit
9454757508
1 changed files with 3 additions and 1 deletions
Split View Show Diff Stats
  1. 3 1
      lib/cookie.c

+ 3 - 1
lib/cookie.c
View File 

@@ -426,6 +426,7 @@ static void remove_expired(struct CookieInfo *cookies)
 
   }
 
 }
 
 
+#ifndef USE_LIBPSL
 
 /* Make sure domain contains a dot or is localhost. */
 
 static bool bad_domain(const char *domain, size_t len)
 
 {
 
@@ -443,6 +444,7 @@ static bool bad_domain(const char *domain, size_t len)
 
   }
 
   return TRUE;
 
 }
 
+#endif
 
 
 /*
 
   RFC 6265 section 4.1.1 says a server should accept this range:
 
@@ -1040,7 +1042,7 @@ Curl_cookie_add(struct Curl_easy *data,
 
         Curl_psl_release(data);
 
       }
 
       else
 
-        acceptable = !bad_domain(domain, strlen(domain));
 
+        infof(data, "libpsl problem, rejecting cookie for satety");
 
     }
 
 
     if(!acceptable) {