httpcookies: fix heap read overflow (fixes #12674)

author Rémi Denis-Courmont <remi@remlab.net>

Sun, 2 Nov 2014 15:06:40 +0000 (17:06 +0200)

committer Rémi Denis-Courmont <remi@remlab.net>

Sun, 2 Nov 2014 19:37:58 +0000 (21:37 +0200)
author Rémi Denis-Courmont <remi@remlab.net>
Sun, 2 Nov 2014 15:06:40 +0000 (17:06 +0200)
committer Rémi Denis-Courmont <remi@remlab.net>
Sun, 2 Nov 2014 19:37:58 +0000 (21:37 +0200)
diff --git a/src/misc/httpcookies.c b/src/misc/httpcookies.c

index 453688096ff0a612fe6f8fd00043d3df2550cb79..7bd9850df6f4c8f4d2ebf0d6339db12859e2b50e 100644 (file)
--- a/src/misc/httpcookies.c
+++ b/src/misc/httpcookies.c
@@ -332,10 +332,16 @@ static bool cookie_domain_matches( const http_cookie_t * cookie, const char *hos
  
      size_t host_len = strlen(host);
      size_t cookie_domain_len = strlen(cookie->psz_domain);
-    int i = host_len - cookie_domain_len;
-    bool is_suffix = ( i > 0 ) &&
-        vlc_ascii_strcasecmp( &host[i], cookie->psz_domain ) == 0;
-    bool has_dot_before_suffix = host[i-1] == '.';
+    bool is_suffix = false, has_dot_before_suffix = false;
+
+    if( host_len > cookie_domain_len )
+    {
+        size_t i = host_len - cookie_domain_len;
+
+        is_suffix = vlc_ascii_strcasecmp( &host[i], cookie->psz_domain ) == 0;
+        has_dot_before_suffix = host[i-1] == '.';
+    }
+
      bool host_is_ipv4 = strspn(host, "0123456789.") == host_len;
      bool host_is_ipv6 = strchr(host, ':') != NULL;
      return is_suffix && has_dot_before_suffix &&
author	Rémi Denis-Courmont <remi@remlab.net>
	Sun, 2 Nov 2014 15:06:40 +0000 (17:06 +0200)
committer	Rémi Denis-Courmont <remi@remlab.net>
	Sun, 2 Nov 2014 19:37:58 +0000 (21:37 +0200)