Skip to content

Possible null dereference in cookie.c #3820

New issue
New issue
Closed
Closed
Possible null dereference in cookie.c#3820
Labels
cookies
@JMoerman

Description

@JMoerman
JMoerman
opened on Apr 30, 2019

I had to look for bugs in curl using Coverity for an assignment and encountered this in cookie.c:

curl/lib/cookie.c

Lines 875 to 878 in b898b4c

if(!co->name)
badcookie = TRUE;
/* For Netscape file format cookies we check prefix on the name */
if(strncasecompare("__Secure-", co->name, 9))

According to the first if statement co->name can be null and co->name is passed to strncasecompare (Curl_strncasecompare) which does not check for null and dereferences this parameter.

int Curl_strncasecompare(const char *first, const char *second, size_t max)
{
  while(*first && *second && max) {
...

Encountered when analyzing 9e8f28a, still present in b898b4c (which currently is the latest commit in master).

I don't think that it is a huge issue, but it doesn't seem to be a false positive and could potentially cause a crash.

Metadata

Metadata

Assignees

No one assigned

    Labels

    cookies

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions