[vlc-commits] httpcookies: fix heap read overflow (fixes #12674)

[Rémi Denis-Courmont]

vlc | branch: master | Rémi Denis-Courmont <remi at remlab.net> | Sun Nov  2 17:06:40 2014 +0200| [24b37f4859f716c86ad2649837b32184818a5da0] | committer: Rémi Denis-Courmont

httpcookies: fix heap read overflow (fixes #12674)

Cc: Antti Ajanki <antti.ajanki at iki.fi>

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=24b37f4859f716c86ad2649837b32184818a5da0
---

 src/misc/httpcookies.c |   14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/src/misc/httpcookies.c b/src/misc/httpcookies.c
index 4536880..7bd9850 100644
--- a/src/misc/httpcookies.c
+++ b/src/misc/httpcookies.c
@@ -332,10 +332,16 @@ static bool cookie_domain_matches( const http_cookie_t * cookie, const char *hos
 
     size_t host_len = strlen(host);
     size_t cookie_domain_len = strlen(cookie->psz_domain);
-    int i = host_len - cookie_domain_len;
-    bool is_suffix = ( i > 0 ) &&
-        vlc_ascii_strcasecmp( &host[i], cookie->psz_domain ) == 0;
-    bool has_dot_before_suffix = host[i-1] == '.';
+    bool is_suffix = false, has_dot_before_suffix = false;
+
+    if( host_len > cookie_domain_len )
+    {
+        size_t i = host_len - cookie_domain_len;
+
+        is_suffix = vlc_ascii_strcasecmp( &host[i], cookie->psz_domain ) == 0;
+        has_dot_before_suffix = host[i-1] == '.';
+    }
+
     bool host_is_ipv4 = strspn(host, "0123456789.") == host_len;
     bool host_is_ipv6 = strchr(host, ':') != NULL;
     return is_suffix && has_dot_before_suffix &&