Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CURLOPT_COOKIEFILE: insist on "" for enable-without-file #9654

Closed
wants to merge 3 commits into from

Conversation

bagder
Copy link
Member

@bagder bagder commented Oct 5, 2022

The former way that also suggested using a non-existing file to just enable the cookie engine could lead to developers maybe a bit carelessly guessing a file name that will not exist, and then in a future due to circumstances, such a file could be made to exist and then accidentally libcurl would read cookies not actually meant to.

Reported-by: Trail of bits

The former way that also suggested using a non-existing file to just
enable the cookie engine could lead to developers maybe a bit carelessly
guessing a file name that will not exist, and then in a future due to
circumstances, such a file could be made to exist and then accidentally
libcurl would read cookies not actually meant to.

Reported-by: Trail of bits
jay
jay approved these changes Oct 5, 2022
docs/libcurl/opts/CURLOPT_COOKIEFILE.3 Outdated Show resolved Hide resolved
@bagder bagder closed this in ea3ce80 Oct 6, 2022
@bagder bagder deleted the bagder/CURLOPT_COOKIEFILE branch Oct 6, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants