CVE-2023-38546: cookie injection with none file

When `curl_easy_duphandle()` is used to duplicate an easy handle it is possible to inject cookies into that duplicated handle if a file `none` exists in the current working directory. ## PoC / Steps to reproduce: 1. Open 2 terminals 1. compile F2699218 1. in terminal 1: `nc -l -p 8888 127.0.0.1` 1. in terminal 2: * `echo -e "127.0.0.1\tTRUE\t/\tFALSE\t0\tname\tvalue" > none` * `/path/to/poc_cookieinj` (`poc_cookieinj` does not have to be in the same directory as the file `none`) ## Supporting Material/References: The flaw is in `Curl_cookie_init()` ``` if(!inc) { /* we didn't get a struct, create one */ c = calloc(1, sizeof(struct CookieInfo)); if(!c) return NULL; /* failed to get memory */ c->filename = strdup(file?file:"none"); /* copy the name just in case */ if(!c->filename) goto fail; /* failed to get memory */ ``` and in `curl_easy_duphandle()` the injection happens ``` if(data->cookies) { /* If cookies are enabled in the parent handle, we enable them in the clone as well! */ outcurl->cookies = Curl_cookie_init(data, data->cookies->filename, outcurl->cookies, data->set.cookiesession); if(!outcurl->cookies) goto fail; } ``` ## Impact cookies injection into an http request