summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Gustafsson <daniel@yesql.se>2021-03-12 02:34:03 +0100
committerDaniel Gustafsson <daniel@yesql.se>2021-03-12 02:34:03 +0100
commitf7aeff58a369d3cd2caac4f3becd7c683ba900c7 (patch)
tree9df1c29e58acd3603ae2ef16f42cb49d64207b1d
parentb3ace846425052b10126000289295e60763c520e (diff)
downloadcurl-f7aeff58a369d3cd2caac4f3becd7c683ba900c7.tar.gz
cookies: Fix potential NULL pointer deref with PSL
Curl_cookie_init can be called with data being NULL, and this can in turn be passed to Curl_cookie_add, meaning that both functions must be careful to only use data where it's checked for being a NULL pointer. The libpsl support code does however dereference data without checking, so if we are indeed having an unset data pointer we cannot PSL check the cookiedomain. This is currently not a reachable dereference, as the only caller with a NULL data isn't passing a file to initialize cookies from, but since the API has this contract let's ensure we hold it. Closes #6731 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-rw-r--r--lib/cookie.c8
1 files changed, 6 insertions, 2 deletions
diff --git a/lib/cookie.c b/lib/cookie.c
index 09fd092ac..c7229c001 100644
--- a/lib/cookie.c
+++ b/lib/cookie.c
@@ -951,8 +951,12 @@ Curl_cookie_add(struct Curl_easy *data,
remove_expired(c);
#ifdef USE_LIBPSL
- /* Check if the domain is a Public Suffix and if yes, ignore the cookie. */
- if(domain && co->domain && !isip(co->domain)) {
+ /*
+ * Check if the domain is a Public Suffix and if yes, ignore the cookie. We
+ * must also check that the data handle isn't NULL since the psl code will
+ * dereference it.
+ */
+ if(data && (domain && co->domain && !isip(co->domain))) {
const psl_ctx_t *psl = Curl_psl_use(data);
int acceptable;