httpcookies: fix heap read overflow (fixes #12674)

Cc: Antti Ajanki <antti.ajanki@iki.fi>

httpcookies: fix heap read overflow (fixes #12674)
Cc: Antti Ajanki <antti.ajanki@iki.fi>
24b37f48 · Rémi Denis-Courmont · 3d95e735 · 24b37f48
Commit 24b37f48 authored Nov 02, 2014 by Rémi Denis-Courmont
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 4 deletions

src/misc/httpcookies.c src/misc/httpcookies.c +10 -4

No files found.
--- a/src/misc/httpcookies.c
+++ b/src/misc/httpcookies.c
@@ -332,10 +332,16 @@ static bool cookie_domain_matches( const http_cookie_t * cookie, const char *hos

    size_t host_len = strlen(host);
    size_t cookie_domain_len = strlen(cookie->psz_domain);
-    int i = host_len - cookie_domain_len;
-    bool is_suffix = ( i > 0 ) &&
-        vlc_ascii_strcasecmp( &host[i], cookie->psz_domain ) == 0;
-    bool has_dot_before_suffix = host[i-1] == '.';
+    bool is_suffix = false, has_dot_before_suffix = false;
+
+    if( host_len > cookie_domain_len )
+    {
+        size_t i = host_len - cookie_domain_len;
+
+        is_suffix = vlc_ascii_strcasecmp( &host[i], cookie->psz_domain ) == 0;
+        has_dot_before_suffix = host[i-1] == '.';
+    }
+
    bool host_is_ipv4 = strspn(host, "0123456789.") == host_len;
    bool host_is_ipv6 = strchr(host, ':') != NULL;
    return is_suffix && has_dot_before_suffix &&