cookies: extend domain checks to non psl builds

Ensure to perform the checks we have to enforce a sane domain in
the cookie request. The check for non-PSL enabled builds is quite
basic but it's better than nothing.

lib/cookie.c

@@ -803,6 +803,8 @@ Curl_cookie_add(struct Curl_easy *data,
         co->domain = strdup(ptr);
         if(!co->domain)
           badcookie = TRUE;
+        else if(bad_domain(co->domain))
+          badcookie = TRUE;
         break;
       case 1:
         /* This field got its explanation on the 23rd of May 2001 by
@@ -906,18 +908,20 @@ Curl_cookie_add(struct Curl_easy *data,
   if(!noexpire)
     remove_expired(c);
 
-#ifdef USE_LIBPSL
-  /* Check if the domain is a Public Suffix and if yes, ignore the cookie. */
   if(domain && co->domain && !isip(co->domain)) {
-    const psl_ctx_t *psl = Curl_psl_use(data);
     int acceptable;
+#ifdef USE_LIBPSL
+    const psl_ctx_t *psl = Curl_psl_use(data);
 
+    /* Check if the domain is a Public Suffix and if yes, ignore the cookie. */
     if(psl) {
       acceptable = psl_is_cookie_domain_acceptable(psl, domain, co->domain);
       Curl_psl_release(data);
     }
     else
-      acceptable = !bad_domain(domain);
+#endif
+    /* Without libpsl, do the best we can. */
+    acceptable = !bad_domain(co->domain);
 
     if(!acceptable) {
       infof(data, "cookie '%s' dropped, domain '%s' must not "
@@ -926,7 +930,6 @@ Curl_cookie_add(struct Curl_easy *data,
       return NULL;
     }
   }
-#endif
 
   myhash = cookiehash(co->domain);
   clist = c->cookies[myhash];

tests/data/test8

@@ -46,6 +46,7 @@ Set-Cookie: trailingspace    = removed; path=/we/want;
 Set-Cookie: nocookie=yes; path=/WE;
 Set-Cookie: blexp=yesyes; domain=%HOSTIP; domain=%HOSTIP; expiry=totally bad;
 Set-Cookie: partialip=nono; domain=.0.0.1;
+Set-Cookie: chocolate=chip; domain=curl; path=/we/want;
 
 </file>
 <precheck>