From 565d0ca2b19682e41878e473d3895f89ba3412cf Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 20 Dec 2022 10:07:36 +0100
Subject: [PATCH] http: fix the ::1 comparison for IPv6 localhost for cookies

When checking if there is a "secure context", which it is if the
connection is to localhost even if the protocol is HTTP, the comparison
for ::1 was done incorrectly and included brackets.

Reported-by: BratSinot on github

Fixes #10120
Closes #10121

Conflict: context adapt
Reference: https://github.com/curl/curl/commit/565d0ca2b19682e41878e473d3895f89ba3412cf
---
 lib/http.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/http.c b/lib/http.c
index 328dafa..1afbad0 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -2729,7 +2729,7 @@ CURLcode Curl_http_cookies(struct Curl_easy *data,
         conn->handler->protocol&CURLPROTO_HTTPS ||
         strcasecompare("localhost", host) ||
         !strcmp(host, "127.0.0.1") ||
-        !strcmp(host, "[::1]") ? TRUE : FALSE;
+        !strcmp(host, "::1") ? TRUE : FALSE;
       Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE);
       co = Curl_cookie_getlist(data, data->cookies, host, data->state.up.path,
                                secure_context);
@@ -3604,7 +3604,7 @@ CURLcode Curl_http_header(struct Curl_easy *data, struct connectdata *conn,
       conn->handler->protocol&CURLPROTO_HTTPS ||
       strcasecompare("localhost", host) ||
       !strcmp(host, "127.0.0.1") ||
-      !strcmp(host, "[::1]") ? TRUE : FALSE;
+      !strcmp(host, "::1") ? TRUE : FALSE;
 
     Curl_share_lock(data, CURL_LOCK_DATA_COOKIE,
                     CURL_LOCK_ACCESS_SINGLE);
-- 
2.33.0