Hello cURL hackers,

I noticed that the cookie tailmatch() function returns true if following
case:
- cookie comain is example.com or .example.com.
- hostname is abcexample.com

Because tailmatch() does not check whether the charactor of ab'c'example.com

position is '.'.
So, the current cURL receives/sends a cookie for invalid host.

RFC6265 4.1.2.3. The Domain Attribute says:
  For example, if the value of the Domain attribute is
  "example.com", the user agent will include the cookie in the Cookie
  header when making HTTP requests to example.com, www.example.com, and
  www.corp.example.com.

I think this says "the user agent DO NOT make HTTP request to abcexample.com
".

An attached patch fixs this problem.

-- 
.
________________________________________
The contents of this e-mail message and any attachments are confidential and are intended solely for the addressee. The information may also be legally privileged. 
This transmission is sent in trust, and the sole purpose of delivery to the intended recipient. If you have received this transmission in error, any use, reproduction or dissemination of this transmission is strictly prohibited. 
If you are not the intended recipient, please immediately notify the sender by reply e-mailer and delete this message and its attachments, if any.
Thank you for your cooperation.
________________________________________

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html