cookie: Guard against possible NULL ptr deref

In case the name pointer isn't set (due to memory pressure most likely) we need to skip the prefix matching and reject with a badcookie to avoid a possible NULL pointer dereference. Closes #3820 #3821 Reported-by: Jonathan Moerman Reviewed-by: Daniel Stenberg <daniel@haxx.se>
author: Daniel Gustafsson <daniel@yesql.se> 2019-05-01 13:14:15 +0200
committer: Daniel Gustafsson <daniel@yesql.se> 2019-05-01 13:14:15 +0200
commit: b45fd8938e534091b4be2051093c6f38b8771ec8 (patch)
tree: dc11565c69790cc131bfccfa2689a0cb24444609
parent: b898b4c06cf8f821fbcd27808f42115b16a151b0 (diff)
download: curl-b45fd8938e534091b4be2051093c6f38b8771ec8.tar.gz
1 files changed, 7 insertions, 5 deletions
diff --git a/lib/cookie.c b/lib/cookie.c
index d26fd03f7..15bb28166 100644
--- a/lib/cookie.c
+++ b/lib/cookie.c
@@ -874,11 +874,13 @@ Curl_cookie_add(struct Curl_easy *data,
         co->name = strdup(ptr);
         if(!co->name)
           badcookie = TRUE;
-        /* For Netscape file format cookies we check prefix on the name */
-        if(strncasecompare("__Secure-", co->name, 9))
-          co->prefix |= COOKIE_PREFIX__SECURE;
-        else if(strncasecompare("__Host-", co->name, 7))
-          co->prefix |= COOKIE_PREFIX__HOST;
+        else {
+          /* For Netscape file format cookies we check prefix on the name */
+          if(strncasecompare("__Secure-", co->name, 9))
+            co->prefix |= COOKIE_PREFIX__SECURE;
+          else if(strncasecompare("__Host-", co->name, 7))
+            co->prefix |= COOKIE_PREFIX__HOST;
+        }
         break;
       case 6:
         co->value = strdup(ptr);
author	Daniel Gustafsson <daniel@yesql.se>	2019-05-01 13:14:15 +0200
committer	Daniel Gustafsson <daniel@yesql.se>	2019-05-01 13:14:15 +0200
commit	b45fd8938e534091b4be2051093c6f38b8771ec8 (patch)
tree	dc11565c69790cc131bfccfa2689a0cb24444609
parent	b898b4c06cf8f821fbcd27808f42115b16a151b0 (diff)
download	curl-b45fd8938e534091b4be2051093c6f38b8771ec8.tar.gz