44 lines
1.7 KiB
Diff
44 lines
1.7 KiB
Diff
From f7aeff58a369d3cd2caac4f3becd7c683ba900c7 Mon Sep 17 00:00:00 2001
|
|
From: Daniel Gustafsson <daniel@yesql.se>
|
|
Date: Fri, 12 Mar 2021 02:34:03 +0100
|
|
Subject: [PATCH] cookies: Fix potential NULL pointer deref with PSL
|
|
|
|
Curl_cookie_init can be called with data being NULL, and this can in turn
|
|
be passed to Curl_cookie_add, meaning that both functions must be careful
|
|
to only use data where it's checked for being a NULL pointer. The libpsl
|
|
support code does however dereference data without checking, so if we are
|
|
indeed having an unset data pointer we cannot PSL check the cookiedomain.
|
|
|
|
This is currently not a reachable dereference, as the only caller with a
|
|
NULL data isn't passing a file to initialize cookies from, but since the
|
|
API has this contract let's ensure we hold it.
|
|
|
|
Closes #6731
|
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
|
Conflict:NA
|
|
Reference:https://github.com/curl/curl/commit/f7aeff58a369d3cd2caac4f3becd7c683ba900c7
|
|
---
|
|
lib/cookie.c | 8 ++++++--
|
|
1 file changed, 6 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/lib/cookie.c b/lib/cookie.c
|
|
index 09fd092ac3da25..c7229c001a86d1 100644
|
|
--- a/lib/cookie.c
|
|
+++ b/lib/cookie.c
|
|
@@ -951,8 +951,12 @@ Curl_cookie_add(struct Curl_easy *data,
|
|
remove_expired(c);
|
|
|
|
#ifdef USE_LIBPSL
|
|
- /* Check if the domain is a Public Suffix and if yes, ignore the cookie. */
|
|
- if(domain && co->domain && !isip(co->domain)) {
|
|
+ /*
|
|
+ * Check if the domain is a Public Suffix and if yes, ignore the cookie. We
|
|
+ * must also check that the data handle isn't NULL since the psl code will
|
|
+ * dereference it.
|
|
+ */
|
|
+ if(data && (domain && co->domain && !isip(co->domain))) {
|
|
const psl_ctx_t *psl = Curl_psl_use(data);
|
|
int acceptable;
|
|
|