!353 cookie: treat cookie name case sensitively

From: @sherlock2010 
Reviewed-by: @jiangheng12 
Signed-off-by: @jiangheng12

backport-cookie-treat-cookie-name-case-sensitively.patch

@@ -0,0 +1,71 @@
+From 9919149aef67014150e2a1c75a7aa2c79204e30d Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Wed, 6 Nov 2024 11:26:25 +0100
+Subject: [PATCH] cookie: treat cookie name case sensitively
+
+Extend test 31 to verify
+
+Reported-by: delogicsreal on github
+Fixes #15492
+Closes #15493
+
+Conflict:context adapt
+Reference:https://github.com/curl/curl/commit/9919149aef67014150e2a1c75a7aa2c79204e30d
+---
+ lib/cookie.c      | 4 ++--
+ tests/data/test31 | 3 +++
+ 2 files changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/lib/cookie.c b/lib/cookie.c
+index ca8c3c596..e37d58f1d 100644
+--- a/lib/cookie.c
++++ b/lib/cookie.c
+@@ -989,7 +989,7 @@ replace_existing(struct Curl_easy *data,
+   myhash = cookiehash(co->domain);
+   clist = c->cookies[myhash];
+   while(clist) {
+-    if(strcasecompare(clist->name, co->name)) {
++    if(!strcmp(clist->name, co->name)) {
+       /* the names are identical */
+       bool matching_domains = FALSE;
+ 
+@@ -1029,7 +1029,7 @@ replace_existing(struct Curl_easy *data,
+       }
+     }
+ 
+-    if(!replace_co && strcasecompare(clist->name, co->name)) {
++    if(!replace_co && !strcmp(clist->name, co->name)) {
+       /* the names are identical */
+ 
+       if(clist->domain && co->domain) {
+diff --git a/tests/data/test31 b/tests/data/test31
+index d9d073996..2d411b5cd 100644
+--- a/tests/data/test31
++++ b/tests/data/test31
+@@ -26,6 +26,7 @@ Set-Cookie: blankdomain=sure; domain=; path=/
+ %if !hyper
+ Set-Cookie: foobar=name; domain=anything.com; path=/ ; secure
+ Set-Cookie:ismatch=this  ; domain=test31.curl; path=/silly/
++Set-Cookie:ISMATCH=this  ; domain=test31.curl; path=/silly/
+ Set-Cookie: overwrite=this  ; domain=test31.curl; path=/overwrite/
+ Set-Cookie: overwrite=this2  ; domain=test31.curl; path=/overwrite
+ Set-Cookie: sec1value=secure1  ; domain=test31.curl; path=/secure1/ ; secure
+@@ -75,6 +76,7 @@ Set-Cookie: securewithspace=after    ; secure =
+ %else
+ Set-Cookie: foobar=name; domain=anything.com; path=/ ; secure
+ Set-Cookie: ismatch=this  ; domain=test31.curl; path=/silly/
++Set-Cookie:ISMATCH=this  ; domain=test31.curl; path=/silly/
+ Set-Cookie: overwrite=this  ; domain=test31.curl; path=/overwrite/
+ Set-Cookie: overwrite=this2  ; domain=test31.curl; path=/overwrite
+ Set-Cookie: sec1value=secure1  ; domain=test31.curl; path=/secure1/ ; secure
+@@ -181,6 +183,7 @@ test31.curl	FALSE	/we/want/	FALSE	2118138987	nodomain	value
+ #HttpOnly_.test31.curl	TRUE	/p2/	FALSE	0	httpo2	value2
+ #HttpOnly_.test31.curl	TRUE	/p1/	FALSE	0	httpo1	value1
+ .test31.curl	TRUE	/overwrite	FALSE	0	overwrite	this2
++.test31.curl	TRUE	/silly/	FALSE	0	ISMATCH	this
+ .test31.curl	TRUE	/silly/	FALSE	0	ismatch	this
+ test31.curl	FALSE	/	FALSE	0	blankdomain	sure
+ </file>
+-- 
+2.33.0
+

curl.spec

@@ -7,7 +7,7 @@
 
 Name:           curl
 Version:        8.4.0
-Release:        12
+Release:        13
 Summary:        Curl is used in command lines or scripts to transfer data
 License:        curl
 URL:            https://curl.se/
@@ -37,6 +37,7 @@ Patch28:        backport-url-allow-DoH-transfers-to-override-max-connection-limi
 Patch29:        backport-pre-CVE-2024-9681.patch
 Patch30:        backport-CVE-2024-9681.patch
 Patch31:        backport-multi-check-that-the-multi-handle-is-valid-in-curl_m.patch
+Patch32:        backport-cookie-treat-cookie-name-case-sensitively.patch
 
 BuildRequires:  automake brotli-devel coreutils gcc groff krb5-devel
 BuildRequires:  libidn2-devel libnghttp2-devel libpsl-devel
@@ -222,6 +223,12 @@ rm -rf ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %{_mandir}/man3/*
 
 %changelog
+* Mon Dec 09 2024 zhouyihang <zhouyihang3@h-partners.com> - 8.4.0-13
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:cookie: treat cookie name case sensitively
+
 * Sat Nov 30 2024 zhouyihang <zhouyihang3@h-partners.com> - 8.4.0-12
 - Type:bugfix
 - CVE:NA