diff --git a/src/psl.c b/src/psl.c index 9c3dfc3..899455f 100644 --- a/src/psl.c +++ b/src/psl.c @@ -66,6 +66,7 @@ #include #include #include +#include #ifdef WITH_LIBICU # include @@ -883,6 +884,15 @@ const char *psl_get_version(void) #endif } +/* return whether hostname is an IP address or not */ +static int _isip(const char *hostname) +{ + struct in_addr addr; + struct in6_addr addr6; + + return inet_pton(AF_INET, hostname, &addr) || inet_pton(AF_INET6, hostname, &addr6); +} + /** * psl_is_cookie_domain_acceptable: * @psl: PSL context pointer @@ -920,6 +930,9 @@ int psl_is_cookie_domain_acceptable(const psl_ctx_t *psl, const char *hostname, if (!strcmp(hostname, cookie_domain)) return 1; /* an exact match is acceptable (and pretty common) */ + if (_isip(hostname)) + return 0; /* Hostname is an IP address and these must match fully (RFC 6265, 5.1.3) */ + cookie_domain_length = strlen(cookie_domain); hostname_length = strlen(hostname); diff --git a/tests/test-is-cookie-domain-acceptable.c b/tests/test-is-cookie-domain-acceptable.c index 79b8f34..dd1f934 100644 --- a/tests/test-is-cookie-domain-acceptable.c +++ b/tests/test-is-cookie-domain-acceptable.c @@ -68,6 +68,13 @@ static void test_psl(void) { "www.example.com", "example.org", 0 }, { "www.sa.gov.au", "sa.gov.au", 0 }, /* not accepted by normalization (PSL rule '*.ar') */ { "www.educ.ar", "educ.ar", 1 }, /* PSL exception rule '!educ.ar' */ + /* RFC6265 5.1.3: Having IP addresses, request and domain IP must be identical */ + { "192.1.123.2", ".1.123.2", 0 }, /* IPv4 address, partial match */ + { "192.1.123.2", "192.1.123.2", 1 }, /* IPv4 address, full match */ + { "::1", "::1", 1 }, /* IPv6 address, full match */ + { "2a00:1450:4013:c01::8b", ":1450:4013:c01::8b", 0 }, /* IPv6 address, partial match */ + { "::ffff:192.1.123.2", "::ffff:192.1.123.2", 1 }, /* IPv6 address dotted-quad, full match */ + { "::ffff:192.1.123.2", ".1.123.2", 0 }, /* IPv6 address dotted-quad, partial match */ }; unsigned it; psl_ctx_t *psl;