cookie: treat cookie name case sensitively

(cherry picked from commit 151d12ece23e52fa288aeda79ca98fe9e30ebb70)

backport-cookie-treat-cookie-name-case-sensitively.patch

@@ -0,0 +1,62 @@
+From 9919149aef67014150e2a1c75a7aa2c79204e30d Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Wed, 6 Nov 2024 11:26:25 +0100
+Subject: [PATCH] cookie: treat cookie name case sensitively
+
+Extend test 31 to verify
+
+Reported-by: delogicsreal on github
+Fixes #15492
+Closes #15493
+
+Conflict:context adapt
+Reference:https://github.com/curl/curl/commit/9919149aef67014150e2a1c75a7aa2c79204e30d
+---
+ lib/cookie.c      | 2 +-
+ tests/data/test31 | 3 +++
+ 2 files changed, 4 insertions(+), 1 deletions(-)
+
+diff --git a/lib/cookie.c b/lib/cookie.c
+index ca8c3c596..e37d58f1d 100644
+--- a/lib/cookie.c
++++ b/lib/cookie.c
+@@ -989,7 +989,7 @@ replace_existing(struct Curl_easy *data,
+   clist = c->cookies[myhash];
+   replace_old = FALSE;
+   while(clist) {
+-    if(strcasecompare(clist->name, co->name)) {
++    if(!strcmp(clist->name, co->name)) {
+       /* the names are identical */
+ 
+       if(clist->domain && co->domain) {
+diff --git a/tests/data/test31 b/tests/data/test31
+index d9d073996..2d411b5cd 100644
+--- a/tests/data/test31
++++ b/tests/data/test31
+@@ -26,6 +26,7 @@ Set-Cookie: blankdomain=sure; domain=; path=/
+ %if !hyper
+ Set-Cookie: foobar=name; domain=anything.com; path=/ ; secure
+ Set-Cookie:ismatch=this  ; domain=test31.curl; path=/silly/
++Set-Cookie:ISMATCH=this  ; domain=test31.curl; path=/silly/
+ Set-Cookie: overwrite=this  ; domain=test31.curl; path=/overwrite/
+ Set-Cookie: overwrite=this2  ; domain=test31.curl; path=/overwrite
+ Set-Cookie: sec1value=secure1  ; domain=test31.curl; path=/secure1/ ; secure
+@@ -75,6 +76,7 @@ Set-Cookie: securewithspace=after    ; secure =
+ %else
+ Set-Cookie: foobar=name; domain=anything.com; path=/ ; secure
+ Set-Cookie: ismatch=this  ; domain=test31.curl; path=/silly/
++Set-Cookie:ISMATCH=this  ; domain=test31.curl; path=/silly/
+ Set-Cookie: overwrite=this  ; domain=test31.curl; path=/overwrite/
+ Set-Cookie: overwrite=this2  ; domain=test31.curl; path=/overwrite
+ Set-Cookie: sec1value=secure1  ; domain=test31.curl; path=/secure1/ ; secure
+@@ -181,6 +183,7 @@ test31.curl	FALSE	/we/want/	FALSE	2118138987	nodomain	value
+ #HttpOnly_.test31.curl	TRUE	/p2/	FALSE	0	httpo2	value2
+ #HttpOnly_.test31.curl	TRUE	/p1/	FALSE	0	httpo1	value1
+ .test31.curl	TRUE	/overwrite	FALSE	0	overwrite	this2
++.test31.curl	TRUE	/silly/	FALSE	0	ISMATCH	this
+ .test31.curl	TRUE	/silly/	FALSE	0	ismatch	this
+ </file>
+ </verify>
+-- 
+2.33.0
+

curl.spec

@@ -6,7 +6,7 @@
 
 Name:           curl
 Version:        7.79.1
-Release:        34
+Release:        35
 Summary:        Curl is used in command lines or scripts to transfer data
 License:        MIT
 URL:            https://curl.haxx.se/
@@ -109,6 +109,7 @@ Patch95:        backport-CVE-2024-8096-gtls-fix-OCSP-stapling-management.patch
 Patch96:        backport-url-allow-DoH-transfers-to-override-max-connection-limit.patch
 Patch97:        backport-CVE-2024-9681.patch 
 Patch98:        backport-multi-check-that-the-multi-handle-is-valid-in-curl_m.patch
+Patch99:        backport-cookie-treat-cookie-name-case-sensitively.patch
 
 BuildRequires:  automake brotli-devel coreutils gcc groff krb5-devel
 BuildRequires:  libidn2-devel libnghttp2-devel libpsl-devel
@@ -277,6 +278,12 @@ rm -rf ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %{_mandir}/man3/*
 
 %changelog
+* Mon Dec 09 2024 zhouyihang <zhouyihang3@h-partners.com> - 7.79.1-35
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:cookie: treat cookie name case sensitively
+
 * Sat Nov 30 2024 zhouyihang <zhouyihang3@h-partners.com> - 7.79.1-34
 - Type:bugfix
 - CVE:NA