CVE: CVE-2018-12910
Upstream-Status: Backport
Signed-off-by: Ross Burton <ross.burton@intel.com>

From db2b0d5809d5f8226d47312b40992cadbcde439f Mon Sep 17 00:00:00 2001
From: Michael Catanzaro <mcatanzaro@igalia.com>
Date: Sun, 24 Jun 2018 19:46:19 -0500
Subject: [PATCH] cookie-jar: bail if hostname is an empty string

There are several other ways to fix the problem with this function, but
skipping over all of the code is probably the simplest.

Fixes #3
---
 libsoup/soup-cookie-jar.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libsoup/soup-cookie-jar.c b/libsoup/soup-cookie-jar.c
index 2369c8a7..b2b78909 100644
--- a/libsoup/soup-cookie-jar.c
+++ b/libsoup/soup-cookie-jar.c
@@ -307,7 +307,7 @@ get_cookies (SoupCookieJar *jar, SoupURI *uri, gboolean for_http, gboolean copy_
 
 	priv = soup_cookie_jar_get_instance_private (jar);
 
-	if (!uri->host)
+	if (!uri->host || !uri->host[0])
 		return NULL;
 
 	/* The logic here is a little weird, but the plan is that if
-- 
2.17.1