Toshaan Bharvani
1 year ago
commit
c5154bef22
24 changed files with 7221 additions and 0 deletions
@ -0,0 +1,133 @@
@@ -0,0 +1,133 @@
|
||||
From 2281afef6757ed66c9e8a9a737aa91cb9e2950ef Mon Sep 17 00:00:00 2001 |
||||
From: Kamil Dudka <kdudka@redhat.com> |
||||
Date: Fri, 30 Apr 2021 18:14:45 +0200 |
||||
Subject: [PATCH 1/2] http2: fix resource leaks in set_transfer_url() |
||||
|
||||
... detected by Coverity: |
||||
|
||||
Error: RESOURCE_LEAK (CWE-772): |
||||
lib/http2.c:480: alloc_fn: Storage is returned from allocation function "curl_url". [Note: The source code implementation of the function has been overridden by a builtin model.] |
||||
lib/http2.c:480: var_assign: Assigning: "u" = storage returned from "curl_url()". |
||||
lib/http2.c:486: noescape: Resource "u" is not freed or pointed-to in "curl_url_set". [Note: The source code implementation of the function has been overridden by a builtin model.] |
||||
lib/http2.c:488: leaked_storage: Variable "u" going out of scope leaks the storage it points to. |
||||
|
||||
Error: RESOURCE_LEAK (CWE-772): |
||||
lib/http2.c:480: alloc_fn: Storage is returned from allocation function "curl_url". [Note: The source code implementation of the function has been overridden by a builtin model.] |
||||
lib/http2.c:480: var_assign: Assigning: "u" = storage returned from "curl_url()". |
||||
lib/http2.c:493: noescape: Resource "u" is not freed or pointed-to in "curl_url_set". [Note: The source code implementation of the function has been overridden by a builtin model.] |
||||
lib/http2.c:495: leaked_storage: Variable "u" going out of scope leaks the storage it points to. |
||||
|
||||
Error: RESOURCE_LEAK (CWE-772): |
||||
lib/http2.c:480: alloc_fn: Storage is returned from allocation function "curl_url". [Note: The source code implementation of the function has been overridden by a builtin model.] |
||||
lib/http2.c:480: var_assign: Assigning: "u" = storage returned from "curl_url()". |
||||
lib/http2.c:500: noescape: Resource "u" is not freed or pointed-to in "curl_url_set". [Note: The source code implementation of the function has been overridden by a builtin model.] |
||||
lib/http2.c:502: leaked_storage: Variable "u" going out of scope leaks the storage it points to. |
||||
|
||||
Error: RESOURCE_LEAK (CWE-772): |
||||
lib/http2.c:480: alloc_fn: Storage is returned from allocation function "curl_url". [Note: The source code implementation of the function has been overridden by a builtin model.] |
||||
lib/http2.c:480: var_assign: Assigning: "u" = storage returned from "curl_url()". |
||||
lib/http2.c:505: noescape: Resource "u" is not freed or pointed-to in "curl_url_get". [Note: The source code implementation of the function has been overridden by a builtin model.] |
||||
lib/http2.c:507: leaked_storage: Variable "u" going out of scope leaks the storage it points to. |
||||
|
||||
Closes #6986 |
||||
|
||||
Upstream-commit: 31931704707324af4b4edb24cc877829f7e9949e |
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com> |
||||
--- |
||||
lib/http2.c | 24 +++++++++++++++++------- |
||||
1 file changed, 17 insertions(+), 7 deletions(-) |
||||
|
||||
diff --git a/lib/http2.c b/lib/http2.c |
||||
index ce9a0d3..d5ba89b 100644 |
||||
--- a/lib/http2.c |
||||
+++ b/lib/http2.c |
||||
@@ -500,32 +500,42 @@ static int set_transfer_url(struct Curl_easy *data, |
||||
CURLU *u = curl_url(); |
||||
CURLUcode uc; |
||||
char *url; |
||||
+ int rc = 0; |
||||
|
||||
v = curl_pushheader_byname(hp, ":scheme"); |
||||
if(v) { |
||||
uc = curl_url_set(u, CURLUPART_SCHEME, v, 0); |
||||
- if(uc) |
||||
- return 1; |
||||
+ if(uc) { |
||||
+ rc = 1; |
||||
+ goto fail; |
||||
+ } |
||||
} |
||||
|
||||
v = curl_pushheader_byname(hp, ":authority"); |
||||
if(v) { |
||||
uc = curl_url_set(u, CURLUPART_HOST, v, 0); |
||||
- if(uc) |
||||
- return 2; |
||||
+ if(uc) { |
||||
+ rc = 2; |
||||
+ goto fail; |
||||
+ } |
||||
} |
||||
|
||||
v = curl_pushheader_byname(hp, ":path"); |
||||
if(v) { |
||||
uc = curl_url_set(u, CURLUPART_PATH, v, 0); |
||||
- if(uc) |
||||
- return 3; |
||||
+ if(uc) { |
||||
+ rc = 3; |
||||
+ goto fail; |
||||
+ } |
||||
} |
||||
|
||||
uc = curl_url_get(u, CURLUPART_URL, &url, 0); |
||||
if(uc) |
||||
- return 4; |
||||
+ rc = 4; |
||||
+ fail: |
||||
curl_url_cleanup(u); |
||||
+ if(rc) |
||||
+ return rc; |
||||
|
||||
if(data->state.url_alloc) |
||||
free(data->state.url); |
||||
-- |
||||
2.30.2 |
||||
|
||||
|
||||
From 92ad72983f8462be1d5a5228672657ddf4d7ed72 Mon Sep 17 00:00:00 2001 |
||||
From: Kamil Dudka <kdudka@redhat.com> |
||||
Date: Fri, 30 Apr 2021 18:18:02 +0200 |
||||
Subject: [PATCH 2/2] http2: fix a resource leak in push_promise() |
||||
|
||||
... detected by Coverity: |
||||
|
||||
Error: RESOURCE_LEAK (CWE-772): |
||||
lib/http2.c:532: alloc_fn: Storage is returned from allocation function "duphandle". |
||||
lib/http2.c:532: var_assign: Assigning: "newhandle" = storage returned from "duphandle(data)". |
||||
lib/http2.c:552: noescape: Resource "newhandle" is not freed or pointed-to in "set_transfer_url". |
||||
lib/http2.c:555: leaked_storage: Variable "newhandle" going out of scope leaks the storage it points to. |
||||
|
||||
Closes #6986 |
||||
|
||||
Upstream-commit: 3a6058cb976981ec1db870f9657c73c9a1162822 |
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com> |
||||
--- |
||||
lib/http2.c | 1 + |
||||
1 file changed, 1 insertion(+) |
||||
|
||||
diff --git a/lib/http2.c b/lib/http2.c |
||||
index d5ba89b..d0f69ea 100644 |
||||
--- a/lib/http2.c |
||||
+++ b/lib/http2.c |
||||
@@ -581,6 +581,7 @@ static int push_promise(struct Curl_easy *data, |
||||
|
||||
rv = set_transfer_url(newhandle, &heads); |
||||
if(rv) { |
||||
+ (void)Curl_close(&newhandle); |
||||
rv = CURL_PUSH_DENY; |
||||
goto fail; |
||||
} |
||||
-- |
||||
2.30.2 |
||||
|
@ -0,0 +1,31 @@
@@ -0,0 +1,31 @@
|
||||
From 886f7458bbf005299f3f8224103d1903cd6fa7a4 Mon Sep 17 00:00:00 2001 |
||||
From: Harry Sintonen <sintonen@iki.fi> |
||||
Date: Fri, 7 May 2021 13:09:57 +0200 |
||||
Subject: [PATCH] telnet: check sscanf() for correct number of matches |
||||
|
||||
CVE-2021-22898 |
||||
|
||||
Bug: https://curl.se/docs/CVE-2021-22898.html |
||||
|
||||
Upstream-commit: 39ce47f219b09c380b81f89fe54ac586c8db6bde |
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com> |
||||
--- |
||||
lib/telnet.c | 2 +- |
||||
1 file changed, 1 insertion(+), 1 deletion(-) |
||||
|
||||
diff --git a/lib/telnet.c b/lib/telnet.c |
||||
index f96a4cb..4551435 100644 |
||||
--- a/lib/telnet.c |
||||
+++ b/lib/telnet.c |
||||
@@ -921,7 +921,7 @@ static void suboption(struct Curl_easy *data) |
||||
size_t tmplen = (strlen(v->data) + 1); |
||||
/* Add the variable only if it fits */ |
||||
if(len + tmplen < (int)sizeof(temp)-6) { |
||||
- if(sscanf(v->data, "%127[^,],%127s", varname, varval)) { |
||||
+ if(sscanf(v->data, "%127[^,],%127s", varname, varval) == 2) { |
||||
msnprintf((char *)&temp[len], sizeof(temp) - len, |
||||
"%c%s%c%s", CURL_NEW_ENV_VAR, varname, |
||||
CURL_NEW_ENV_VALUE, varval); |
||||
-- |
||||
2.31.1 |
||||
|
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,44 @@
@@ -0,0 +1,44 @@
|
||||
From 39b68b3f82535d06e50443db4c191dbaa00df4eb Mon Sep 17 00:00:00 2001 |
||||
From: Patrick Monnerat <patrick@monnerat.net> |
||||
Date: Fri, 23 Apr 2021 00:33:46 +0200 |
||||
Subject: [PATCH] vtls: reset ssl use flag upon negotiation failure |
||||
|
||||
Fixes the segfault in ldaps disconnect. |
||||
|
||||
Reported-by: Illarion Taev |
||||
Fixes #6934 |
||||
Closes #6937 |
||||
|
||||
Upstream-commit: a4554b2c5e7c5788c8198001598818599c60ff7d |
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com> |
||||
--- |
||||
lib/vtls/vtls.c | 6 +++++- |
||||
1 file changed, 5 insertions(+), 1 deletion(-) |
||||
|
||||
diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c |
||||
index 22cfb88..fa8a6fa 100644 |
||||
--- a/lib/vtls/vtls.c |
||||
+++ b/lib/vtls/vtls.c |
||||
@@ -315,6 +315,8 @@ Curl_ssl_connect(struct Curl_easy *data, struct connectdata *conn, |
||||
|
||||
if(!result) |
||||
Curl_pgrsTime(data, TIMER_APPCONNECT); /* SSL is connected */ |
||||
+ else |
||||
+ conn->ssl[sockindex].use = FALSE; |
||||
|
||||
return result; |
||||
} |
||||
@@ -338,7 +340,9 @@ Curl_ssl_connect_nonblocking(struct Curl_easy *data, struct connectdata *conn, |
||||
/* mark this is being ssl requested from here on. */ |
||||
conn->ssl[sockindex].use = TRUE; |
||||
result = Curl_ssl->connect_nonblocking(data, conn, sockindex, done); |
||||
- if(!result && *done) |
||||
+ if(result) |
||||
+ conn->ssl[sockindex].use = FALSE; |
||||
+ else if(*done) |
||||
Curl_pgrsTime(data, TIMER_APPCONNECT); /* SSL is connected */ |
||||
return result; |
||||
} |
||||
-- |
||||
2.31.1 |
||||
|
@ -0,0 +1,279 @@
@@ -0,0 +1,279 @@
|
||||
From 30c7b4dd01734b6ba20bfc7790b9fe8bc0500214 Mon Sep 17 00:00:00 2001 |
||||
From: Daniel Stenberg <daniel@haxx.se> |
||||
Date: Sat, 19 Jun 2021 00:42:28 +0200 |
||||
Subject: [PATCH] vtls: fix connection reuse checks for issuer cert and case |
||||
sensitivity |
||||
|
||||
CVE-2021-22924 |
||||
|
||||
Reported-by: Harry Sintonen |
||||
Bug: https://curl.se/docs/CVE-2021-22924.html |
||||
|
||||
Upstream-commit: 5ea3145850ebff1dc2b13d17440300a01ca38161 |
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com> |
||||
--- |
||||
lib/url.c | 10 ++++++---- |
||||
lib/urldata.h | 4 ++-- |
||||
lib/vtls/gtls.c | 10 +++++----- |
||||
lib/vtls/nss.c | 4 ++-- |
||||
lib/vtls/openssl.c | 18 +++++++++--------- |
||||
lib/vtls/vtls.c | 26 +++++++++++++++++++++----- |
||||
6 files changed, 45 insertions(+), 27 deletions(-) |
||||
|
||||
diff --git a/lib/url.c b/lib/url.c |
||||
index 9f2c9f2..bdcb095 100644 |
||||
--- a/lib/url.c |
||||
+++ b/lib/url.c |
||||
@@ -3723,6 +3723,8 @@ static CURLcode create_conn(struct Curl_easy *data, |
||||
*/ |
||||
data->set.ssl.primary.CApath = data->set.str[STRING_SSL_CAPATH]; |
||||
data->set.ssl.primary.CAfile = data->set.str[STRING_SSL_CAFILE]; |
||||
+ data->set.ssl.primary.issuercert = data->set.str[STRING_SSL_ISSUERCERT]; |
||||
+ data->set.ssl.primary.issuercert_blob = data->set.blobs[BLOB_SSL_ISSUERCERT]; |
||||
data->set.ssl.primary.random_file = data->set.str[STRING_SSL_RANDOM_FILE]; |
||||
data->set.ssl.primary.egdsocket = data->set.str[STRING_SSL_EGDSOCKET]; |
||||
data->set.ssl.primary.cipher_list = |
||||
@@ -3747,8 +3749,11 @@ static CURLcode create_conn(struct Curl_easy *data, |
||||
data->set.proxy_ssl.primary.pinned_key = |
||||
data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY]; |
||||
data->set.proxy_ssl.primary.cert_blob = data->set.blobs[BLOB_CERT_PROXY]; |
||||
+ data->set.proxy_ssl.primary.issuercert = |
||||
+ data->set.str[STRING_SSL_ISSUERCERT_PROXY]; |
||||
+ data->set.proxy_ssl.primary.issuercert_blob = |
||||
+ data->set.blobs[BLOB_SSL_ISSUERCERT_PROXY]; |
||||
data->set.proxy_ssl.CRLfile = data->set.str[STRING_SSL_CRLFILE_PROXY]; |
||||
- data->set.proxy_ssl.issuercert = data->set.str[STRING_SSL_ISSUERCERT_PROXY]; |
||||
data->set.proxy_ssl.cert_type = data->set.str[STRING_CERT_TYPE_PROXY]; |
||||
data->set.proxy_ssl.key = data->set.str[STRING_KEY_PROXY]; |
||||
data->set.proxy_ssl.key_type = data->set.str[STRING_KEY_TYPE_PROXY]; |
||||
@@ -3757,7 +3762,6 @@ static CURLcode create_conn(struct Curl_easy *data, |
||||
data->set.proxy_ssl.key_blob = data->set.blobs[BLOB_KEY_PROXY]; |
||||
#endif |
||||
data->set.ssl.CRLfile = data->set.str[STRING_SSL_CRLFILE]; |
||||
- data->set.ssl.issuercert = data->set.str[STRING_SSL_ISSUERCERT]; |
||||
data->set.ssl.cert_type = data->set.str[STRING_CERT_TYPE]; |
||||
data->set.ssl.key = data->set.str[STRING_KEY]; |
||||
data->set.ssl.key_type = data->set.str[STRING_KEY_TYPE]; |
||||
@@ -3771,9 +3775,7 @@ static CURLcode create_conn(struct Curl_easy *data, |
||||
data->set.proxy_ssl.password = data->set.str[STRING_TLSAUTH_PASSWORD_PROXY]; |
||||
#endif |
||||
#endif |
||||
- |
||||
data->set.ssl.key_blob = data->set.blobs[BLOB_KEY]; |
||||
- data->set.ssl.issuercert_blob = data->set.blobs[BLOB_SSL_ISSUERCERT]; |
||||
|
||||
if(!Curl_clone_primary_ssl_config(&data->set.ssl.primary, |
||||
&conn->ssl_config)) { |
||||
diff --git a/lib/urldata.h b/lib/urldata.h |
||||
index 2bb7d81..7cf63d0 100644 |
||||
--- a/lib/urldata.h |
||||
+++ b/lib/urldata.h |
||||
@@ -246,6 +246,7 @@ struct ssl_primary_config { |
||||
long version_max; /* max supported version the client wants to use*/ |
||||
char *CApath; /* certificate dir (doesn't work on windows) */ |
||||
char *CAfile; /* certificate to verify peer against */ |
||||
+ char *issuercert; /* optional issuer certificate filename */ |
||||
char *clientcert; |
||||
char *random_file; /* path to file containing "random" data */ |
||||
char *egdsocket; /* path to file containing the EGD daemon socket */ |
||||
@@ -253,6 +254,7 @@ struct ssl_primary_config { |
||||
char *cipher_list13; /* list of TLS 1.3 cipher suites to use */ |
||||
char *pinned_key; |
||||
struct curl_blob *cert_blob; |
||||
+ struct curl_blob *issuercert_blob; |
||||
char *curves; /* list of curves to use */ |
||||
BIT(verifypeer); /* set TRUE if this is desired */ |
||||
BIT(verifyhost); /* set TRUE if CN/SAN must match hostname */ |
||||
@@ -264,8 +266,6 @@ struct ssl_config_data { |
||||
struct ssl_primary_config primary; |
||||
long certverifyresult; /* result from the certificate verification */ |
||||
char *CRLfile; /* CRL to check certificate revocation */ |
||||
- char *issuercert;/* optional issuer certificate filename */ |
||||
- struct curl_blob *issuercert_blob; |
||||
curl_ssl_ctx_callback fsslctx; /* function to initialize ssl ctx */ |
||||
void *fsslctxp; /* parameter for call back */ |
||||
char *cert_type; /* format for certificate (default: PEM)*/ |
||||
diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c |
||||
index ea54fe3..ccc5ce8 100644 |
||||
--- a/lib/vtls/gtls.c |
||||
+++ b/lib/vtls/gtls.c |
||||
@@ -849,7 +849,7 @@ gtls_connect_step3(struct Curl_easy *data, |
||||
if(!chainp) { |
||||
if(SSL_CONN_CONFIG(verifypeer) || |
||||
SSL_CONN_CONFIG(verifyhost) || |
||||
- SSL_SET_OPTION(issuercert)) { |
||||
+ SSL_CONN_CONFIG(issuercert)) { |
||||
#ifdef HAVE_GNUTLS_SRP |
||||
if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP |
||||
&& SSL_SET_OPTION(username) != NULL |
||||
@@ -1033,21 +1033,21 @@ gtls_connect_step3(struct Curl_easy *data, |
||||
gnutls_x509_crt_t format */ |
||||
gnutls_x509_crt_import(x509_cert, chainp, GNUTLS_X509_FMT_DER); |
||||
|
||||
- if(SSL_SET_OPTION(issuercert)) { |
||||
+ if(SSL_CONN_CONFIG(issuercert)) { |
||||
gnutls_x509_crt_init(&x509_issuer); |
||||
- issuerp = load_file(SSL_SET_OPTION(issuercert)); |
||||
+ issuerp = load_file(SSL_CONN_CONFIG(issuercert)); |
||||
gnutls_x509_crt_import(x509_issuer, &issuerp, GNUTLS_X509_FMT_PEM); |
||||
rc = gnutls_x509_crt_check_issuer(x509_cert, x509_issuer); |
||||
gnutls_x509_crt_deinit(x509_issuer); |
||||
unload_file(issuerp); |
||||
if(rc <= 0) { |
||||
failf(data, "server certificate issuer check failed (IssuerCert: %s)", |
||||
- SSL_SET_OPTION(issuercert)?SSL_SET_OPTION(issuercert):"none"); |
||||
+ SSL_CONN_CONFIG(issuercert)?SSL_CONN_CONFIG(issuercert):"none"); |
||||
gnutls_x509_crt_deinit(x509_cert); |
||||
return CURLE_SSL_ISSUER_ERROR; |
||||
} |
||||
infof(data, "\t server certificate issuer check OK (Issuer Cert: %s)\n", |
||||
- SSL_SET_OPTION(issuercert)?SSL_SET_OPTION(issuercert):"none"); |
||||
+ SSL_CONN_CONFIG(issuercert)?SSL_CONN_CONFIG(issuercert):"none"); |
||||
} |
||||
|
||||
size = sizeof(certname); |
||||
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c |
||||
index ae3945c..b0b1e8c 100644 |
||||
--- a/lib/vtls/nss.c |
||||
+++ b/lib/vtls/nss.c |
||||
@@ -2156,9 +2156,9 @@ static CURLcode nss_do_connect(struct Curl_easy *data, |
||||
if(result) |
||||
goto error; |
||||
|
||||
- if(SSL_SET_OPTION(issuercert)) { |
||||
+ if(SSL_CONN_CONFIG(issuercert)) { |
||||
SECStatus ret = SECFailure; |
||||
- char *nickname = dup_nickname(data, SSL_SET_OPTION(issuercert)); |
||||
+ char *nickname = dup_nickname(data, SSL_CONN_CONFIG(issuercert)); |
||||
if(nickname) { |
||||
/* we support only nicknames in case of issuercert for now */ |
||||
ret = check_issuer_cert(backend->handle, nickname); |
||||
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c |
||||
index 2404393..be7b811 100644 |
||||
--- a/lib/vtls/openssl.c |
||||
+++ b/lib/vtls/openssl.c |
||||
@@ -3872,10 +3872,10 @@ static CURLcode servercert(struct Curl_easy *data, |
||||
deallocating the certificate. */ |
||||
|
||||
/* e.g. match issuer name with provided issuer certificate */ |
||||
- if(SSL_SET_OPTION(issuercert) || SSL_SET_OPTION(issuercert_blob)) { |
||||
- if(SSL_SET_OPTION(issuercert_blob)) |
||||
- fp = BIO_new_mem_buf(SSL_SET_OPTION(issuercert_blob)->data, |
||||
- (int)SSL_SET_OPTION(issuercert_blob)->len); |
||||
+ if(SSL_CONN_CONFIG(issuercert) || SSL_CONN_CONFIG(issuercert_blob)) { |
||||
+ if(SSL_CONN_CONFIG(issuercert_blob)) |
||||
+ fp = BIO_new_mem_buf(SSL_CONN_CONFIG(issuercert_blob)->data, |
||||
+ (int)SSL_CONN_CONFIG(issuercert_blob)->len); |
||||
else { |
||||
fp = BIO_new(BIO_s_file()); |
||||
if(fp == NULL) { |
||||
@@ -3889,10 +3889,10 @@ static CURLcode servercert(struct Curl_easy *data, |
||||
return CURLE_OUT_OF_MEMORY; |
||||
} |
||||
|
||||
- if(BIO_read_filename(fp, SSL_SET_OPTION(issuercert)) <= 0) { |
||||
+ if(BIO_read_filename(fp, SSL_CONN_CONFIG(issuercert)) <= 0) { |
||||
if(strict) |
||||
failf(data, "SSL: Unable to open issuer cert (%s)", |
||||
- SSL_SET_OPTION(issuercert)); |
||||
+ SSL_CONN_CONFIG(issuercert)); |
||||
BIO_free(fp); |
||||
X509_free(backend->server_cert); |
||||
backend->server_cert = NULL; |
||||
@@ -3904,7 +3904,7 @@ static CURLcode servercert(struct Curl_easy *data, |
||||
if(!issuer) { |
||||
if(strict) |
||||
failf(data, "SSL: Unable to read issuer cert (%s)", |
||||
- SSL_SET_OPTION(issuercert)); |
||||
+ SSL_CONN_CONFIG(issuercert)); |
||||
BIO_free(fp); |
||||
X509_free(issuer); |
||||
X509_free(backend->server_cert); |
||||
@@ -3915,7 +3915,7 @@ static CURLcode servercert(struct Curl_easy *data, |
||||
if(X509_check_issued(issuer, backend->server_cert) != X509_V_OK) { |
||||
if(strict) |
||||
failf(data, "SSL: Certificate issuer check failed (%s)", |
||||
- SSL_SET_OPTION(issuercert)); |
||||
+ SSL_CONN_CONFIG(issuercert)); |
||||
BIO_free(fp); |
||||
X509_free(issuer); |
||||
X509_free(backend->server_cert); |
||||
@@ -3924,7 +3924,7 @@ static CURLcode servercert(struct Curl_easy *data, |
||||
} |
||||
|
||||
infof(data, " SSL certificate issuer check ok (%s)\n", |
||||
- SSL_SET_OPTION(issuercert)); |
||||
+ SSL_CONN_CONFIG(issuercert)); |
||||
BIO_free(fp); |
||||
X509_free(issuer); |
||||
} |
||||
diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c |
||||
index fa8a6fa..1aa6fc8 100644 |
||||
--- a/lib/vtls/vtls.c |
||||
+++ b/lib/vtls/vtls.c |
||||
@@ -125,6 +125,16 @@ static bool blobcmp(struct curl_blob *first, struct curl_blob *second) |
||||
return !memcmp(first->data, second->data, first->len); /* same data */ |
||||
} |
||||
|
||||
+static bool safecmp(char *a, char *b) |
||||
+{ |
||||
+ if(a && b) |
||||
+ return !strcmp(a, b); |
||||
+ else if(!a && !b) |
||||
+ return TRUE; /* match */ |
||||
+ return FALSE; /* no match */ |
||||
+} |
||||
+ |
||||
+ |
||||
bool |
||||
Curl_ssl_config_matches(struct ssl_primary_config *data, |
||||
struct ssl_primary_config *needle) |
||||
@@ -135,11 +145,13 @@ Curl_ssl_config_matches(struct ssl_primary_config *data, |
||||
(data->verifyhost == needle->verifyhost) && |
||||
(data->verifystatus == needle->verifystatus) && |
||||
blobcmp(data->cert_blob, needle->cert_blob) && |
||||
- Curl_safe_strcasecompare(data->CApath, needle->CApath) && |
||||
- Curl_safe_strcasecompare(data->CAfile, needle->CAfile) && |
||||
- Curl_safe_strcasecompare(data->clientcert, needle->clientcert) && |
||||
- Curl_safe_strcasecompare(data->random_file, needle->random_file) && |
||||
- Curl_safe_strcasecompare(data->egdsocket, needle->egdsocket) && |
||||
+ blobcmp(data->issuercert_blob, needle->issuercert_blob) && |
||||
+ safecmp(data->CApath, needle->CApath) && |
||||
+ safecmp(data->CAfile, needle->CAfile) && |
||||
+ safecmp(data->issuercert, needle->issuercert) && |
||||
+ safecmp(data->clientcert, needle->clientcert) && |
||||
+ safecmp(data->random_file, needle->random_file) && |
||||
+ safecmp(data->egdsocket, needle->egdsocket) && |
||||
Curl_safe_strcasecompare(data->cipher_list, needle->cipher_list) && |
||||
Curl_safe_strcasecompare(data->cipher_list13, needle->cipher_list13) && |
||||
Curl_safe_strcasecompare(data->curves, needle->curves) && |
||||
@@ -161,8 +173,10 @@ Curl_clone_primary_ssl_config(struct ssl_primary_config *source, |
||||
dest->sessionid = source->sessionid; |
||||
|
||||
CLONE_BLOB(cert_blob); |
||||
+ CLONE_BLOB(issuercert_blob); |
||||
CLONE_STRING(CApath); |
||||
CLONE_STRING(CAfile); |
||||
+ CLONE_STRING(issuercert); |
||||
CLONE_STRING(clientcert); |
||||
CLONE_STRING(random_file); |
||||
CLONE_STRING(egdsocket); |
||||
@@ -178,6 +192,7 @@ void Curl_free_primary_ssl_config(struct ssl_primary_config *sslc) |
||||
{ |
||||
Curl_safefree(sslc->CApath); |
||||
Curl_safefree(sslc->CAfile); |
||||
+ Curl_safefree(sslc->issuercert); |
||||
Curl_safefree(sslc->clientcert); |
||||
Curl_safefree(sslc->random_file); |
||||
Curl_safefree(sslc->egdsocket); |
||||
@@ -185,6 +200,7 @@ void Curl_free_primary_ssl_config(struct ssl_primary_config *sslc) |
||||
Curl_safefree(sslc->cipher_list13); |
||||
Curl_safefree(sslc->pinned_key); |
||||
Curl_safefree(sslc->cert_blob); |
||||
+ Curl_safefree(sslc->issuercert_blob); |
||||
Curl_safefree(sslc->curves); |
||||
} |
||||
|
||||
-- |
||||
2.31.1 |
||||
|
@ -0,0 +1,47 @@
@@ -0,0 +1,47 @@
|
||||
From 3dbac7fb8b39a4f9aa871401d9d2790f0583ba01 Mon Sep 17 00:00:00 2001 |
||||
From: Daniel Stenberg <daniel@haxx.se> |
||||
Date: Sat, 12 Jun 2021 18:25:15 +0200 |
||||
Subject: [PATCH] telnet: fix option parser to not send uninitialized contents |
||||
|
||||
CVE-2021-22925 |
||||
|
||||
Reported-by: Red Hat Product Security |
||||
Bug: https://curl.se/docs/CVE-2021-22925.html |
||||
|
||||
Upstream-commit: 894f6ec730597eb243618d33cc84d71add8d6a8a |
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com> |
||||
--- |
||||
lib/telnet.c | 17 +++++++++++------ |
||||
1 file changed, 11 insertions(+), 6 deletions(-) |
||||
|
||||
diff --git a/lib/telnet.c b/lib/telnet.c |
||||
index fdd137f..567c22c 100644 |
||||
--- a/lib/telnet.c |
||||
+++ b/lib/telnet.c |
||||
@@ -922,12 +922,17 @@ static void suboption(struct Curl_easy *data) |
||||
size_t tmplen = (strlen(v->data) + 1); |
||||
/* Add the variable only if it fits */ |
||||
if(len + tmplen < (int)sizeof(temp)-6) { |
||||
- if(sscanf(v->data, "%127[^,],%127s", varname, varval) == 2) { |
||||
- msnprintf((char *)&temp[len], sizeof(temp) - len, |
||||
- "%c%s%c%s", CURL_NEW_ENV_VAR, varname, |
||||
- CURL_NEW_ENV_VALUE, varval); |
||||
- len += tmplen; |
||||
- } |
||||
+ int rv; |
||||
+ char sep[2] = ""; |
||||
+ varval[0] = 0; |
||||
+ rv = sscanf(v->data, "%127[^,]%1[,]%127s", varname, sep, varval); |
||||
+ if(rv == 1) |
||||
+ len += msnprintf((char *)&temp[len], sizeof(temp) - len, |
||||
+ "%c%s", CURL_NEW_ENV_VAR, varname); |
||||
+ else if(rv >= 2) |
||||
+ len += msnprintf((char *)&temp[len], sizeof(temp) - len, |
||||
+ "%c%s%c%s", CURL_NEW_ENV_VAR, varname, |
||||
+ CURL_NEW_ENV_VALUE, varval); |
||||
} |
||||
} |
||||
msnprintf((char *)&temp[len], sizeof(temp) - len, |
||||
-- |
||||
2.31.1 |
||||
|
@ -0,0 +1,33 @@
@@ -0,0 +1,33 @@
|
||||
From bb7619897e53ed424e0712ca5a4c93d5fae99715 Mon Sep 17 00:00:00 2001 |
||||
From: z2_ on hackerone <> |
||||
Date: Tue, 24 Aug 2021 09:50:33 +0200 |
||||
Subject: [PATCH] mqtt: clear the leftovers pointer when sending succeeds |
||||
|
||||
CVE-2021-22945 |
||||
|
||||
Bug: https://curl.se/docs/CVE-2021-22945.html |
||||
|
||||
Upstream-commit: 43157490a5054bd24256fe12876931e8abc9df49 |
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com> |
||||
--- |
||||
lib/mqtt.c | 4 ++++ |
||||
1 file changed, 4 insertions(+) |
||||
|
||||
diff --git a/lib/mqtt.c b/lib/mqtt.c |
||||
index d88fa73..f3fc045 100644 |
||||
--- a/lib/mqtt.c |
||||
+++ b/lib/mqtt.c |
||||
@@ -128,6 +128,10 @@ static CURLcode mqtt_send(struct Curl_easy *data, |
||||
mq->sendleftovers = sendleftovers; |
||||
mq->nsend = nsend; |
||||
} |
||||
+ else { |
||||
+ mq->sendleftovers = NULL; |
||||
+ mq->nsend = 0; |
||||
+ } |
||||
return result; |
||||
} |
||||
|
||||
-- |
||||
2.31.1 |
||||
|
@ -0,0 +1,331 @@
@@ -0,0 +1,331 @@
|
||||
From 64f8bdbf7da9e6b65716ce0d020c6c01d0aba77d Mon Sep 17 00:00:00 2001 |
||||
From: Patrick Monnerat <patrick@monnerat.net> |
||||
Date: Wed, 8 Sep 2021 11:56:22 +0200 |
||||
Subject: [PATCH] ftp,imap,pop3: do not ignore --ssl-reqd |
||||
|
||||
In imap and pop3, check if TLS is required even when capabilities |
||||
request has failed. |
||||
|
||||
In ftp, ignore preauthentication (230 status of server greeting) if TLS |
||||
is required. |
||||
|
||||
Bug: https://curl.se/docs/CVE-2021-22946.html |
||||
|
||||
CVE-2021-22946 |
||||
|
||||
Upstream-commit: 364f174724ef115c63d5e5dc1d3342c8a43b1cca |
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com> |
||||
--- |
||||
lib/ftp.c | 9 ++++--- |
||||
lib/imap.c | 24 ++++++++---------- |
||||
lib/pop3.c | 33 +++++++++++------------- |
||||
tests/data/Makefile.inc | 2 ++ |
||||
tests/data/test984 | 56 +++++++++++++++++++++++++++++++++++++++++ |
||||
tests/data/test985 | 54 +++++++++++++++++++++++++++++++++++++++ |
||||
tests/data/test986 | 53 ++++++++++++++++++++++++++++++++++++++ |
||||
7 files changed, 195 insertions(+), 36 deletions(-) |
||||
create mode 100644 tests/data/test984 |
||||
create mode 100644 tests/data/test985 |
||||
create mode 100644 tests/data/test986 |
||||
|
||||
diff --git a/lib/ftp.c b/lib/ftp.c |
||||
index 5ef1e2e..71f998e 100644 |
||||
--- a/lib/ftp.c |
||||
+++ b/lib/ftp.c |
||||
@@ -2678,9 +2678,12 @@ static CURLcode ftp_statemachine(struct Curl_easy *data, |
||||
/* we have now received a full FTP server response */ |
||||
switch(ftpc->state) { |
||||
case FTP_WAIT220: |
||||
- if(ftpcode == 230) |
||||
- /* 230 User logged in - already! */ |
||||
- return ftp_state_user_resp(data, ftpcode, ftpc->state); |
||||
+ if(ftpcode == 230) { |
||||
+ /* 230 User logged in - already! Take as 220 if TLS required. */ |
||||
+ if(data->set.use_ssl <= CURLUSESSL_TRY || |
||||
+ conn->bits.ftp_use_control_ssl) |
||||
+ return ftp_state_user_resp(data, ftpcode, ftpc->state); |
||||
+ } |
||||
else if(ftpcode != 220) { |
||||
failf(data, "Got a %03d ftp-server response when 220 was expected", |
||||
ftpcode); |
||||
diff --git a/lib/imap.c b/lib/imap.c |
||||
index e50d7fd..feb7445 100644 |
||||
--- a/lib/imap.c |
||||
+++ b/lib/imap.c |
||||
@@ -935,22 +935,18 @@ static CURLcode imap_state_capability_resp(struct Curl_easy *data, |
||||
line += wordlen; |
||||
} |
||||
} |
||||
- else if(imapcode == IMAP_RESP_OK) { |
||||
- if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) { |
||||
- /* We don't have a SSL/TLS connection yet, but SSL is requested */ |
||||
- if(imapc->tls_supported) |
||||
- /* Switch to TLS connection now */ |
||||
- result = imap_perform_starttls(data, conn); |
||||
- else if(data->set.use_ssl == CURLUSESSL_TRY) |
||||
- /* Fallback and carry on with authentication */ |
||||
- result = imap_perform_authentication(data, conn); |
||||
- else { |
||||
- failf(data, "STARTTLS not supported."); |
||||
- result = CURLE_USE_SSL_FAILED; |
||||
- } |
||||
+ else if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) { |
||||
+ /* PREAUTH is not compatible with STARTTLS. */ |
||||
+ if(imapcode == IMAP_RESP_OK && imapc->tls_supported && !imapc->preauth) { |
||||
+ /* Switch to TLS connection now */ |
||||
+ result = imap_perform_starttls(data, conn); |
||||
} |
||||
- else |
||||
+ else if(data->set.use_ssl <= CURLUSESSL_TRY) |
||||
result = imap_perform_authentication(data, conn); |
||||
+ else { |
||||
+ failf(data, "STARTTLS not available."); |
||||
+ result = CURLE_USE_SSL_FAILED; |
||||
+ } |
||||
} |
||||
else |
||||
result = imap_perform_authentication(data, conn); |
||||
diff --git a/lib/pop3.c b/lib/pop3.c |
||||
index 6168b12..7698d1c 100644 |
||||
--- a/lib/pop3.c |
||||
+++ b/lib/pop3.c |
||||
@@ -740,28 +740,23 @@ static CURLcode pop3_state_capa_resp(struct Curl_easy *data, int pop3code, |
||||
} |
||||
} |
||||
} |
||||
- else if(pop3code == '+') { |
||||
- if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) { |
||||
- /* We don't have a SSL/TLS connection yet, but SSL is requested */ |
||||
- if(pop3c->tls_supported) |
||||
- /* Switch to TLS connection now */ |
||||
- result = pop3_perform_starttls(data, conn); |
||||
- else if(data->set.use_ssl == CURLUSESSL_TRY) |
||||
- /* Fallback and carry on with authentication */ |
||||
- result = pop3_perform_authentication(data, conn); |
||||
- else { |
||||
- failf(data, "STLS not supported."); |
||||
- result = CURLE_USE_SSL_FAILED; |
||||
- } |
||||
- } |
||||
- else |
||||
- result = pop3_perform_authentication(data, conn); |
||||
- } |
||||
else { |
||||
/* Clear text is supported when CAPA isn't recognised */ |
||||
- pop3c->authtypes |= POP3_TYPE_CLEARTEXT; |
||||
+ if(pop3code != '+') |
||||
+ pop3c->authtypes |= POP3_TYPE_CLEARTEXT; |
||||
|
||||
- result = pop3_perform_authentication(data, conn); |
||||
+ if(!data->set.use_ssl || conn->ssl[FIRSTSOCKET].use) |
||||
+ result = pop3_perform_authentication(data, conn); |
||||
+ else if(pop3code == '+' && pop3c->tls_supported) |
||||
+ /* Switch to TLS connection now */ |
||||
+ result = pop3_perform_starttls(data, conn); |
||||
+ else if(data->set.use_ssl <= CURLUSESSL_TRY) |
||||
+ /* Fallback and carry on with authentication */ |
||||
+ result = pop3_perform_authentication(data, conn); |
||||
+ else { |
||||
+ failf(data, "STLS not supported."); |
||||
+ result = CURLE_USE_SSL_FAILED; |
||||
+ } |
||||
} |
||||
|
||||
return result; |
||||
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc |
||||
index d083baf..163ce59 100644 |
||||
--- a/tests/data/Makefile.inc |
||||
+++ b/tests/data/Makefile.inc |
||||
@@ -117,6 +117,8 @@ test945 test946 test947 test948 test949 test950 test951 test952 test953 \ |
||||
test954 test955 test956 test957 test958 test959 test960 test961 test962 \ |
||||
test963 test964 test965 test966 test967 test968 test969 test970 test971 \ |
||||
\ |
||||
+test984 test985 test986 \ |
||||
+\ |
||||
test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 \ |
||||
test1008 test1009 test1010 test1011 test1012 test1013 test1014 test1015 \ |
||||
test1016 test1017 test1018 test1019 test1020 test1021 test1022 test1023 \ |
||||
diff --git a/tests/data/test984 b/tests/data/test984 |
||||
new file mode 100644 |
||||
index 0000000..e573f23 |
||||
--- /dev/null |
||||
+++ b/tests/data/test984 |
||||
@@ -0,0 +1,56 @@ |
||||
+<testcase> |
||||
+<info> |
||||
+<keywords> |
||||
+IMAP |
||||
+STARTTLS |
||||
+</keywords> |
||||
+</info> |
||||
+ |
||||
+# |
||||
+# Server-side |
||||
+<reply> |
||||
+<servercmd> |
||||
+REPLY CAPABILITY A001 BAD Not implemented |
||||
+</servercmd> |
||||
+</reply> |
||||
+ |
||||
+# |
||||
+# Client-side |
||||
+<client> |
||||
+<features> |
||||
+SSL |
||||
+</features> |
||||
+<server> |
||||
+imap |
||||
+</server> |
||||
+ <name> |
||||
+IMAP require STARTTLS with failing capabilities |
||||
+ </name> |
||||
+ <command> |
||||
+imap://%HOSTIP:%IMAPPORT/%TESTNUMBER -T log/upload%TESTNUMBER -u user:secret --ssl-reqd |
||||
+</command> |
||||
+<file name="log/upload%TESTNUMBER"> |
||||
+Date: Mon, 7 Feb 1994 21:52:25 -0800 (PST) |
||||
+From: Fred Foobar <foobar@example.COM> |
||||
+Subject: afternoon meeting |
||||
+To: joe@example.com |
||||
+Message-Id: <B27397-0100000@example.COM> |
||||
+MIME-Version: 1.0 |
||||
+Content-Type: TEXT/PLAIN; CHARSET=US-ASCII |
||||
+ |
||||
+Hello Joe, do you think we can meet at 3:30 tomorrow? |
||||
+</file> |
||||
+</client> |
||||
+ |
||||
+# |
||||
+# Verify data after the test has been "shot" |
||||
+<verify> |
||||
+# 64 is CURLE_USE_SSL_FAILED |
||||
+<errorcode> |
||||
+64 |
||||
+</errorcode> |
||||
+<protocol> |
||||
+A001 CAPABILITY |
||||
+</protocol> |
||||
+</verify> |
||||
+</testcase> |
||||
diff --git a/tests/data/test985 b/tests/data/test985 |
||||
new file mode 100644 |
||||
index 0000000..d0db4aa |
||||
--- /dev/null |
||||
+++ b/tests/data/test985 |
||||
@@ -0,0 +1,54 @@ |
||||
+<testcase> |
||||
+<info> |
||||
+<keywords> |
||||
+POP3 |
||||
+STARTTLS |
||||
+</keywords> |
||||
+</info> |
||||
+ |
||||
+# |
||||
+# Server-side |
||||
+<reply> |
||||
+<servercmd> |
||||
+REPLY CAPA -ERR Not implemented |
||||
+</servercmd> |
||||
+<data nocheck="yes"> |
||||
+From: me@somewhere |
||||
+To: fake@nowhere |
||||
+ |
||||
+body |
||||
+ |
||||
+-- |
||||
+ yours sincerely |
||||
+</data> |
||||
+</reply> |
||||
+ |
||||
+# |
||||
+# Client-side |
||||
+<client> |
||||
+<features> |
||||
+SSL |
||||
+</features> |
||||
+<server> |
||||
+pop3 |
||||
+</server> |
||||
+ <name> |
||||
+POP3 require STARTTLS with failing capabilities |
||||
+ </name> |
||||
+ <command> |
||||
+pop3://%HOSTIP:%POP3PORT/%TESTNUMBER -u user:secret --ssl-reqd |
||||
+ </command> |
||||
+</client> |
||||
+ |
||||
+# |
||||
+# Verify data after the test has been "shot" |
||||
+<verify> |
||||
+# 64 is CURLE_USE_SSL_FAILED |
||||
+<errorcode> |
||||
+64 |
||||
+</errorcode> |
||||
+<protocol> |
||||
+CAPA |
||||
+</protocol> |
||||
+</verify> |
||||
+</testcase> |
||||
diff --git a/tests/data/test986 b/tests/data/test986 |
||||
new file mode 100644 |
||||
index 0000000..a709437 |
||||
--- /dev/null |
||||
+++ b/tests/data/test986 |
||||
@@ -0,0 +1,53 @@ |
||||
+<testcase> |
||||
+<info> |
||||
+<keywords> |
||||
+FTP |
||||
+STARTTLS |
||||
+</keywords> |
||||
+</info> |
||||
+ |
||||
+# |
||||
+# Server-side |
||||
+<reply> |
||||
+<servercmd> |
||||
+REPLY welcome 230 Welcome |
||||
+REPLY AUTH 500 unknown command |
||||
+</servercmd> |
||||
+</reply> |
||||
+ |
||||
+# Client-side |
||||
+<client> |
||||
+<features> |
||||
+SSL |
||||
+</features> |
||||
+<server> |
||||
+ftp |
||||
+</server> |
||||
+ <name> |
||||
+FTP require STARTTLS while preauthenticated |
||||
+ </name> |
||||
+<file name="log/test%TESTNUMBER.txt"> |
||||
+data |
||||
+ to |
||||
+ see |
||||
+that FTPS |
||||
+works |
||||
+ so does it? |
||||
+</file> |
||||
+ <command> |
||||
+--ssl-reqd --ftp-ssl-control ftp://%HOSTIP:%FTPPORT/%TESTNUMBER -T log/test%TESTNUMBER.txt -u user:secret |
||||
+</command> |
||||
+</client> |
||||
+ |
||||
+# Verify data after the test has been "shot" |
||||
+<verify> |
||||
+# 64 is CURLE_USE_SSL_FAILED |
||||
+<errorcode> |
||||
+64 |
||||
+</errorcode> |
||||
+<protocol> |
||||
+AUTH SSL |
||||
+AUTH TLS |
||||
+</protocol> |
||||
+</verify> |
||||
+</testcase> |
||||
-- |
||||
2.31.1 |
||||
|
@ -0,0 +1,354 @@
@@ -0,0 +1,354 @@
|
||||
From a1ec463c8207bde97b3575d12e396e999a55a8d0 Mon Sep 17 00:00:00 2001 |
||||
From: Patrick Monnerat <patrick@monnerat.net> |
||||
Date: Tue, 7 Sep 2021 13:26:42 +0200 |
||||
Subject: [PATCH] ftp,imap,pop3,smtp: reject STARTTLS server response |
||||
pipelining |
||||
|
||||
If a server pipelines future responses within the STARTTLS response, the |
||||
former are preserved in the pingpong cache across TLS negotiation and |
||||
used as responses to the encrypted commands. |
||||
|
||||
This fix detects pipelined STARTTLS responses and rejects them with an |
||||
error. |
||||
|
||||
CVE-2021-22947 |
||||
|
||||
Bug: https://curl.se/docs/CVE-2021-22947.html |
||||
|
||||
Upstream-commit: 8ef147c43646e91fdaad5d0e7b60351f842e5c68 |
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com> |
||||
--- |
||||
lib/ftp.c | 3 +++ |
||||
lib/imap.c | 4 +++ |
||||
lib/pop3.c | 4 +++ |
||||
lib/smtp.c | 4 +++ |
||||
tests/data/Makefile.inc | 2 +- |
||||
tests/data/test980 | 52 ++++++++++++++++++++++++++++++++++++ |
||||
tests/data/test981 | 59 +++++++++++++++++++++++++++++++++++++++++ |
||||
tests/data/test982 | 57 +++++++++++++++++++++++++++++++++++++++ |
||||
tests/data/test983 | 52 ++++++++++++++++++++++++++++++++++++ |
||||
9 files changed, 236 insertions(+), 1 deletion(-) |
||||
create mode 100644 tests/data/test980 |
||||
create mode 100644 tests/data/test981 |
||||
create mode 100644 tests/data/test982 |
||||
create mode 100644 tests/data/test983 |
||||
|
||||
diff --git a/lib/ftp.c b/lib/ftp.c |
||||
index 71f998e..e920138 100644 |
||||
--- a/lib/ftp.c |
||||
+++ b/lib/ftp.c |
||||
@@ -2740,6 +2740,9 @@ static CURLcode ftp_statemachine(struct Curl_easy *data, |
||||
case FTP_AUTH: |
||||
/* we have gotten the response to a previous AUTH command */ |
||||
|
||||
+ if(pp->cache_size) |
||||
+ return CURLE_WEIRD_SERVER_REPLY; /* Forbid pipelining in response. */ |
||||
+ |
||||
/* RFC2228 (page 5) says: |
||||
* |
||||
* If the server is willing to accept the named security mechanism, |
||||
diff --git a/lib/imap.c b/lib/imap.c |
||||
index feb7445..09bc5d6 100644 |
||||
--- a/lib/imap.c |
||||
+++ b/lib/imap.c |
||||
@@ -964,6 +964,10 @@ static CURLcode imap_state_starttls_resp(struct Curl_easy *data, |
||||
|
||||
(void)instate; /* no use for this yet */ |
||||
|
||||
+ /* Pipelining in response is forbidden. */ |
||||
+ if(data->conn->proto.imapc.pp.cache_size) |
||||
+ return CURLE_WEIRD_SERVER_REPLY; |
||||
+ |
||||
if(imapcode != IMAP_RESP_OK) { |
||||
if(data->set.use_ssl != CURLUSESSL_TRY) { |
||||
failf(data, "STARTTLS denied"); |
||||
diff --git a/lib/pop3.c b/lib/pop3.c |
||||
index 7698d1c..dccfced 100644 |
||||
--- a/lib/pop3.c |
||||
+++ b/lib/pop3.c |
||||
@@ -771,6 +771,10 @@ static CURLcode pop3_state_starttls_resp(struct Curl_easy *data, |
||||
CURLcode result = CURLE_OK; |
||||
(void)instate; /* no use for this yet */ |
||||
|
||||
+ /* Pipelining in response is forbidden. */ |
||||
+ if(data->conn->proto.pop3c.pp.cache_size) |
||||
+ return CURLE_WEIRD_SERVER_REPLY; |
||||
+ |
||||
if(pop3code != '+') { |
||||
if(data->set.use_ssl != CURLUSESSL_TRY) { |
||||
failf(data, "STARTTLS denied"); |
||||
diff --git a/lib/smtp.c b/lib/smtp.c |
||||
index 1defb25..1f89777 100644 |
||||
--- a/lib/smtp.c |
||||
+++ b/lib/smtp.c |
||||
@@ -834,6 +834,10 @@ static CURLcode smtp_state_starttls_resp(struct Curl_easy *data, |
||||
CURLcode result = CURLE_OK; |
||||
(void)instate; /* no use for this yet */ |
||||
|
||||
+ /* Pipelining in response is forbidden. */ |
||||
+ if(data->conn->proto.smtpc.pp.cache_size) |
||||
+ return CURLE_WEIRD_SERVER_REPLY; |
||||
+ |
||||
if(smtpcode != 220) { |
||||
if(data->set.use_ssl != CURLUSESSL_TRY) { |
||||
failf(data, "STARTTLS denied, code %d", smtpcode); |
||||
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc |
||||
index 163ce59..42b0569 100644 |
||||
--- a/tests/data/Makefile.inc |
||||
+++ b/tests/data/Makefile.inc |
||||
@@ -117,7 +117,7 @@ test945 test946 test947 test948 test949 test950 test951 test952 test953 \ |
||||
test954 test955 test956 test957 test958 test959 test960 test961 test962 \ |
||||
test963 test964 test965 test966 test967 test968 test969 test970 test971 \ |
||||
\ |
||||
-test984 test985 test986 \ |
||||
+test980 test981 test982 test983 test984 test985 test986 \ |
||||
\ |
||||
test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 \ |
||||
test1008 test1009 test1010 test1011 test1012 test1013 test1014 test1015 \ |
||||
diff --git a/tests/data/test980 b/tests/data/test980 |
||||
new file mode 100644 |
||||
index 0000000..97567f8 |
||||
--- /dev/null |
||||
+++ b/tests/data/test980 |
||||
@@ -0,0 +1,52 @@ |
||||
+<testcase> |
||||
+<info> |
||||
+<keywords> |
||||
+SMTP |
||||
+STARTTLS |
||||
+</keywords> |
||||
+</info> |
||||
+ |
||||
+# |
||||
+# Server-side |
||||
+<reply> |
||||
+<servercmd> |
||||
+CAPA STARTTLS |
||||
+AUTH PLAIN |
||||
+REPLY STARTTLS 454 currently unavailable\r\n235 Authenticated\r\n250 2.1.0 Sender ok\r\n250 2.1.5 Recipient ok\r\n354 Enter mail\r\n250 2.0.0 Accepted |
||||
+REPLY AUTH 535 5.7.8 Authentication credentials invalid |
||||
+</servercmd> |
||||
+</reply> |
||||
+ |
||||
+# |
||||
+# Client-side |
||||
+<client> |
||||
+<features> |
||||
+SSL |
||||
+</features> |
||||
+<server> |
||||
+smtp |
||||
+</server> |
||||
+ <name> |
||||
+SMTP STARTTLS pipelined server response |
||||
+ </name> |
||||
+<stdin> |
||||
+mail body |
||||
+</stdin> |
||||
+ <command> |
||||
+smtp://%HOSTIP:%SMTPPORT/%TESTNUMBER --mail-rcpt recipient@example.com --mail-from sender@example.com -u user:secret --ssl --sasl-ir -T - |
||||
+</command> |
||||
+</client> |
||||
+ |
||||
+# |
||||
+# Verify data after the test has been "shot" |
||||
+<verify> |
||||
+# 8 is CURLE_WEIRD_SERVER_REPLY |
||||
+<errorcode> |
||||
+8 |
||||
+</errorcode> |
||||
+<protocol> |
||||
+EHLO %TESTNUMBER |
||||
+STARTTLS |
||||
+</protocol> |
||||
+</verify> |
||||
+</testcase> |
||||
diff --git a/tests/data/test981 b/tests/data/test981 |
||||
new file mode 100644 |
||||
index 0000000..2b98ce4 |
||||
--- /dev/null |
||||
+++ b/tests/data/test981 |
||||
@@ -0,0 +1,59 @@ |
||||
+<testcase> |
||||
+<info> |
||||
+<keywords> |
||||
+IMAP |
||||
+STARTTLS |
||||
+</keywords> |
||||
+</info> |
||||
+ |
||||
+# |
||||
+# Server-side |
||||
+<reply> |
||||
+<servercmd> |
||||
+CAPA STARTTLS |
||||
+REPLY STARTTLS A002 BAD currently unavailable\r\nA003 OK Authenticated\r\nA004 OK Accepted |
||||
+REPLY LOGIN A003 BAD Authentication credentials invalid |
||||
+</servercmd> |
||||
+</reply> |
||||
+ |
||||
+# |
||||
+# Client-side |
||||
+<client> |
||||
+<features> |
||||
+SSL |
||||
+</features> |
||||
+<server> |
||||
+imap |
||||
+</server> |
||||
+ <name> |
||||
+IMAP STARTTLS pipelined server response |
||||
+ </name> |
||||
+ <command> |
||||
+imap://%HOSTIP:%IMAPPORT/%TESTNUMBER -T log/upload%TESTNUMBER -u user:secret --ssl |
||||
+</command> |
||||
+<file name="log/upload%TESTNUMBER"> |
||||
+Date: Mon, 7 Feb 1994 21:52:25 -0800 (PST) |
||||
+From: Fred Foobar <foobar@example.COM> |
||||
+Subject: afternoon meeting |
||||
+To: joe@example.com |
||||
+Message-Id: <B27397-0100000@example.COM> |
||||
+MIME-Version: 1.0 |
||||
+Content-Type: TEXT/PLAIN; CHARSET=US-ASCII |
||||
+ |
||||
+Hello Joe, do you think we can meet at 3:30 tomorrow? |
||||
+</file> |
||||
+</client> |
||||
+ |
||||
+# |
||||
+# Verify data after the test has been "shot" |
||||
+<verify> |
||||
+# 8 is CURLE_WEIRD_SERVER_REPLY |
||||
+<errorcode> |
||||
+8 |
||||
+</errorcode> |
||||
+<protocol> |
||||
+A001 CAPABILITY |
||||
+A002 STARTTLS |
||||
+</protocol> |
||||
+</verify> |
||||
+</testcase> |
||||
diff --git a/tests/data/test982 b/tests/data/test982 |
||||
new file mode 100644 |
||||
index 0000000..9e07cc0 |
||||
--- /dev/null |
||||
+++ b/tests/data/test982 |
||||
@@ -0,0 +1,57 @@ |
||||
+<testcase> |
||||
+<info> |
||||
+<keywords> |
||||
+POP3 |
||||
+STARTTLS |
||||
+</keywords> |
||||
+</info> |
||||
+ |
||||
+# |
||||
+# Server-side |
||||
+<reply> |
||||
+<servercmd> |
||||
+CAPA STLS USER |
||||
+REPLY STLS -ERR currently unavailable\r\n+OK user accepted\r\n+OK authenticated |
||||
+REPLY PASS -ERR Authentication credentials invalid |
||||
+</servercmd> |
||||
+<data nocheck="yes"> |
||||
+From: me@somewhere |
||||
+To: fake@nowhere |
||||
+ |
||||
+body |
||||
+ |
||||
+-- |
||||
+ yours sincerely |
||||
+</data> |
||||
+</reply> |
||||
+ |
||||
+# |
||||
+# Client-side |
||||
+<client> |
||||
+<features> |
||||
+SSL |
||||
+</features> |
||||
+<server> |
||||
+pop3 |
||||
+</server> |
||||
+ <name> |
||||
+POP3 STARTTLS pipelined server response |
||||
+ </name> |
||||
+ <command> |
||||
+pop3://%HOSTIP:%POP3PORT/%TESTNUMBER -u user:secret --ssl |
||||
+ </command> |
||||
+</client> |
||||
+ |
||||
+# |
||||
+# Verify data after the test has been "shot" |
||||
+<verify> |
||||
+# 8 is CURLE_WEIRD_SERVER_REPLY |
||||
+<errorcode> |
||||
+8 |
||||
+</errorcode> |
||||
+<protocol> |
||||
+CAPA |
||||
+STLS |
||||
+</protocol> |
||||
+</verify> |
||||
+</testcase> |
||||
diff --git a/tests/data/test983 b/tests/data/test983 |
||||
new file mode 100644 |
||||
index 0000000..300ec45 |
||||
--- /dev/null |
||||
+++ b/tests/data/test983 |
||||
@@ -0,0 +1,52 @@ |
||||
+<testcase> |
||||
+<info> |
||||
+<keywords> |
||||
+FTP |
||||
+STARTTLS |
||||
+</keywords> |
||||
+</info> |
||||
+ |
||||
+# |
||||
+# Server-side |
||||
+<reply> |
||||
+<servercmd> |
||||
+REPLY AUTH 500 unknown command\r\n500 unknown command\r\n331 give password\r\n230 Authenticated\r\n257 "/"\r\n200 OK\r\n200 OK\r\n200 OK\r\n226 Transfer complete |
||||
+REPLY PASS 530 Login incorrect |
||||
+</servercmd> |
||||
+</reply> |
||||
+ |
||||
+# Client-side |
||||
+<client> |
||||
+<features> |
||||
+SSL |
||||
+</features> |
||||
+<server> |
||||
+ftp |
||||
+</server> |
||||
+ <name> |
||||
+FTP STARTTLS pipelined server response |
||||
+ </name> |
||||
+<file name="log/test%TESTNUMBER.txt"> |
||||
+data |
||||
+ to |
||||
+ see |
||||
+that FTPS |
||||
+works |
||||
+ so does it? |
||||
+</file> |
||||
+ <command> |
||||
+--ssl --ftp-ssl-control ftp://%HOSTIP:%FTPPORT/%TESTNUMBER -T log/test%TESTNUMBER.txt -u user:secret -P %CLIENTIP |
||||
+</command> |
||||
+</client> |
||||
+ |
||||
+# Verify data after the test has been "shot" |
||||
+<verify> |
||||
+# 8 is CURLE_WEIRD_SERVER_REPLY |
||||
+<errorcode> |
||||
+8 |
||||
+</errorcode> |
||||
+<protocol> |
||||
+AUTH SSL |
||||
+</protocol> |
||||
+</verify> |
||||
+</testcase> |
||||
-- |
||||
2.31.1 |
||||
|
@ -0,0 +1,148 @@
@@ -0,0 +1,148 @@
|
||||
From 85d1103c2fc0c9b1bdfae470dbafd45758e1c2f0 Mon Sep 17 00:00:00 2001 |
||||
From: Patrick Monnerat <patrick@monnerat.net> |
||||
Date: Mon, 25 Apr 2022 11:44:05 +0200 |
||||
Subject: [PATCH] url: check sasl additional parameters for connection reuse. |
||||
|
||||
Also move static function safecmp() as non-static Curl_safecmp() since |
||||
its purpose is needed at several places. |
||||
|
||||
Bug: https://curl.se/docs/CVE-2022-22576.html |
||||
|
||||
CVE-2022-22576 |
||||
|
||||
Closes #8746 |
||||
|
||||
Upstream-commit: 852aa5ad351ea53e5f01d2f44b5b4370c2bf5425 |
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com> |
||||
--- |
||||
lib/strcase.c | 10 ++++++++++ |
||||
lib/strcase.h | 2 ++ |
||||
lib/url.c | 13 ++++++++++++- |
||||
lib/urldata.h | 1 + |
||||
lib/vtls/vtls.c | 21 ++++++--------------- |
||||
5 files changed, 31 insertions(+), 16 deletions(-) |
||||
|
||||
diff --git a/lib/strcase.c b/lib/strcase.c |
||||
index dd46ca1..692a3f1 100644 |
||||
--- a/lib/strcase.c |
||||
+++ b/lib/strcase.c |
||||
@@ -251,6 +251,16 @@ void Curl_strntolower(char *dest, const char *src, size_t n) |
||||
} while(*src++ && --n); |
||||
} |
||||
|
||||
+/* Compare case-sensitive NUL-terminated strings, taking care of possible |
||||
+ * null pointers. Return true if arguments match. |
||||
+ */ |
||||
+bool Curl_safecmp(char *a, char *b) |
||||
+{ |
||||
+ if(a && b) |
||||
+ return !strcmp(a, b); |
||||
+ return !a && !b; |
||||
+} |
||||
+ |
||||
/* --- public functions --- */ |
||||
|
||||
int curl_strequal(const char *first, const char *second) |
||||
diff --git a/lib/strcase.h b/lib/strcase.h |
||||
index b628656..382b80a 100644 |
||||
--- a/lib/strcase.h |
||||
+++ b/lib/strcase.h |
||||
@@ -48,4 +48,6 @@ char Curl_raw_toupper(char in); |
||||
void Curl_strntoupper(char *dest, const char *src, size_t n); |
||||
void Curl_strntolower(char *dest, const char *src, size_t n); |
||||
|
||||
+bool Curl_safecmp(char *a, char *b); |
||||
+ |
||||
#endif /* HEADER_CURL_STRCASE_H */ |
||||
diff --git a/lib/url.c b/lib/url.c |
||||
index adef2cd..94e3406 100644 |
||||
--- a/lib/url.c |
||||
+++ b/lib/url.c |
||||
@@ -768,6 +768,7 @@ static void conn_free(struct connectdata *conn) |
||||
Curl_safefree(conn->passwd); |
||||
Curl_safefree(conn->sasl_authzid); |
||||
Curl_safefree(conn->options); |
||||
+ Curl_safefree(conn->oauth_bearer); |
||||
Curl_dyn_free(&conn->trailer); |
||||
Curl_safefree(conn->host.rawalloc); /* host name buffer */ |
||||
Curl_safefree(conn->conn_to_host.rawalloc); /* host name buffer */ |
||||
@@ -1310,7 +1311,9 @@ ConnectionExists(struct Curl_easy *data, |
||||
/* This protocol requires credentials per connection, |
||||
so verify that we're using the same name and password as well */ |
||||
if(strcmp(needle->user, check->user) || |
||||
- strcmp(needle->passwd, check->passwd)) { |
||||
+ strcmp(needle->passwd, check->passwd) || |
||||
+ !Curl_safecmp(needle->sasl_authzid, check->sasl_authzid) || |
||||
+ !Curl_safecmp(needle->oauth_bearer, check->oauth_bearer)) { |
||||
/* one of them was different */ |
||||
continue; |
||||
} |
||||
@@ -3554,6 +3557,14 @@ static CURLcode create_conn(struct Curl_easy *data, |
||||
} |
||||
} |
||||
|
||||
+ if(data->set.str[STRING_BEARER]) { |
||||
+ conn->oauth_bearer = strdup(data->set.str[STRING_BEARER]); |
||||
+ if(!conn->oauth_bearer) { |
||||
+ result = CURLE_OUT_OF_MEMORY; |
||||
+ goto out; |
||||
+ } |
||||
+ } |
||||
+ |
||||
#ifdef USE_UNIX_SOCKETS |
||||
if(data->set.str[STRING_UNIX_SOCKET_PATH]) { |
||||
conn->unix_domain_socket = strdup(data->set.str[STRING_UNIX_SOCKET_PATH]); |
||||
diff --git a/lib/urldata.h b/lib/urldata.h |
||||
index cc8a600..03da59a 100644 |
||||
--- a/lib/urldata.h |
||||
+++ b/lib/urldata.h |
||||
@@ -991,6 +991,7 @@ struct connectdata { |
||||
char *passwd; /* password string, allocated */ |
||||
char *options; /* options string, allocated */ |
||||
char *sasl_authzid; /* authorisation identity string, allocated */ |
||||
+ char *oauth_bearer; /* OAUTH2 bearer, allocated */ |
||||
unsigned char httpversion; /* the HTTP version*10 reported by the server */ |
||||
struct curltime now; /* "current" time */ |
||||
struct curltime created; /* creation time */ |
||||
diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c |
||||
index 03b85ba..a40ac06 100644 |
||||
--- a/lib/vtls/vtls.c |
||||
+++ b/lib/vtls/vtls.c |
||||
@@ -125,15 +125,6 @@ static bool blobcmp(struct curl_blob *first, struct curl_blob *second) |
||||
return !memcmp(first->data, second->data, first->len); /* same data */ |
||||
} |
||||
|
||||
-static bool safecmp(char *a, char *b) |
||||
-{ |
||||
- if(a && b) |
||||
- return !strcmp(a, b); |
||||
- else if(!a && !b) |
||||
- return TRUE; /* match */ |
||||
- return FALSE; /* no match */ |
||||
-} |
||||
- |
||||
|
||||
bool |
||||
Curl_ssl_config_matches(struct ssl_primary_config *data, |
||||
@@ -146,12 +137,12 @@ Curl_ssl_config_matches(struct ssl_primary_config *data, |
||||
(data->verifystatus == needle->verifystatus) && |
||||
blobcmp(data->cert_blob, needle->cert_blob) && |
||||
blobcmp(data->issuercert_blob, needle->issuercert_blob) && |
||||
- safecmp(data->CApath, needle->CApath) && |
||||
- safecmp(data->CAfile, needle->CAfile) && |
||||
- safecmp(data->issuercert, needle->issuercert) && |
||||
- safecmp(data->clientcert, needle->clientcert) && |
||||
- safecmp(data->random_file, needle->random_file) && |
||||
- safecmp(data->egdsocket, needle->egdsocket) && |
||||
+ Curl_safecmp(data->CApath, needle->CApath) && |
||||
+ Curl_safecmp(data->CAfile, needle->CAfile) && |
||||
+ Curl_safecmp(data->issuercert, needle->issuercert) && |
||||
+ Curl_safecmp(data->clientcert, needle->clientcert) && |
||||
+ Curl_safecmp(data->random_file, needle->random_file) && |
||||
+ Curl_safecmp(data->egdsocket, needle->egdsocket) && |
||||
Curl_safe_strcasecompare(data->cipher_list, needle->cipher_list) && |
||||
Curl_safe_strcasecompare(data->cipher_list13, needle->cipher_list13) && |
||||
Curl_safe_strcasecompare(data->curves, needle->curves) && |
||||
-- |
||||
2.34.1 |
||||
|
@ -0,0 +1,40 @@
@@ -0,0 +1,40 @@
|
||||
From 187d0795030ccb4f410eb6089e265ac3571e56dd Mon Sep 17 00:00:00 2001 |
||||
From: Daniel Stenberg <daniel@haxx.se> |
||||
Date: Mon, 25 Apr 2022 11:48:00 +0200 |
||||
Subject: [PATCH] conncache: include the zone id in the "bundle" hashkey |
||||
|
||||
Make connections to two separate IPv6 zone ids create separate |
||||
connections. |
||||
|
||||
Reported-by: Harry Sintonen |
||||
Bug: https://curl.se/docs/CVE-2022-27775.html |
||||
Closes #8747 |
||||
|
||||
Upstream-commit: 058f98dc3fe595f21dc26a5b9b1699e519ba5705 |
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com> |
||||
--- |
||||
lib/conncache.c | 8 ++++++-- |
||||
1 file changed, 6 insertions(+), 2 deletions(-) |
||||
|
||||
diff --git a/lib/conncache.c b/lib/conncache.c |
||||
index cd5756a..9b9f683 100644 |
||||
--- a/lib/conncache.c |
||||
+++ b/lib/conncache.c |
||||
@@ -159,8 +159,12 @@ static void hashkey(struct connectdata *conn, char *buf, |
||||
/* report back which name we used */ |
||||
*hostp = hostname; |
||||
|
||||
- /* put the number first so that the hostname gets cut off if too long */ |
||||
- msnprintf(buf, len, "%ld%s", port, hostname); |
||||
+ /* put the numbers first so that the hostname gets cut off if too long */ |
||||
+#ifdef ENABLE_IPV6 |
||||
+ msnprintf(buf, len, "%u/%ld/%s", conn->scope_id, port, hostname); |
||||
+#else |
||||
+ msnprintf(buf, len, "%ld/%s", port, hostname); |
||||
+#endif |
||||
} |
||||
|
||||
/* Returns number of connections currently held in the connection cache. |
||||
-- |
||||
2.34.1 |
||||
|
@ -0,0 +1,243 @@
@@ -0,0 +1,243 @@
|
||||
From 2be87227d4b4024c91ff6c856520cac9c9619555 Mon Sep 17 00:00:00 2001 |
||||
From: Daniel Stenberg <daniel@haxx.se> |
||||
Date: Mon, 25 Apr 2022 13:05:40 +0200 |
||||
Subject: [PATCH 1/2] http: avoid auth/cookie on redirects same host diff port |
||||
|
||||
CVE-2022-27776 |
||||
|
||||
Reported-by: Harry Sintonen |
||||
Bug: https://curl.se/docs/CVE-2022-27776.html |
||||
Closes #8749 |
||||
|
||||
Upstream-commit: 6e659993952aa5f90f48864be84a1bbb047fc258 |
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com> |
||||
--- |
||||
lib/http.c | 33 +++++++++++++++++++++------------ |
||||
lib/urldata.h | 16 +++++++++------- |
||||
2 files changed, 30 insertions(+), 19 deletions(-) |
||||
|
||||
diff --git a/lib/http.c b/lib/http.c |
||||
index 799d4fb..0791dcf 100644 |
||||
--- a/lib/http.c |
||||
+++ b/lib/http.c |
||||
@@ -775,6 +775,21 @@ output_auth_headers(struct Curl_easy *data, |
||||
return CURLE_OK; |
||||
} |
||||
|
||||
+/* |
||||
+ * allow_auth_to_host() tells if autentication, cookies or other "sensitive |
||||
+ * data" can (still) be sent to this host. |
||||
+ */ |
||||
+static bool allow_auth_to_host(struct Curl_easy *data) |
||||
+{ |
||||
+ struct connectdata *conn = data->conn; |
||||
+ return (!data->state.this_is_a_follow || |
||||
+ data->set.allow_auth_to_other_hosts || |
||||
+ (data->state.first_host && |
||||
+ strcasecompare(data->state.first_host, conn->host.name) && |
||||
+ (data->state.first_remote_port == conn->remote_port) && |
||||
+ (data->state.first_remote_protocol == conn->handler->protocol))); |
||||
+} |
||||
+ |
||||
/** |
||||
* Curl_http_output_auth() setups the authentication headers for the |
||||
* host/proxy and the correct authentication |
||||
@@ -847,15 +862,11 @@ Curl_http_output_auth(struct Curl_easy *data, |
||||
with it */ |
||||
authproxy->done = TRUE; |
||||
|
||||
- /* To prevent the user+password to get sent to other than the original |
||||
- host due to a location-follow, we do some weirdo checks here */ |
||||
- if(!data->state.this_is_a_follow || |
||||
- conn->bits.netrc || |
||||
- !data->state.first_host || |
||||
- data->set.allow_auth_to_other_hosts || |
||||
- strcasecompare(data->state.first_host, conn->host.name)) { |
||||
+ /* To prevent the user+password to get sent to other than the original host |
||||
+ due to a location-follow */ |
||||
+ if(allow_auth_to_host(data) |
||||
+ || conn->bits.netrc) |
||||
result = output_auth_headers(data, conn, authhost, request, path, FALSE); |
||||
- } |
||||
else |
||||
authhost->done = TRUE; |
||||
|
||||
@@ -1906,10 +1917,7 @@ CURLcode Curl_add_custom_headers(struct Curl_easy *data, |
||||
checkprefix("Cookie:", compare)) && |
||||
/* be careful of sending this potentially sensitive header to |
||||
other hosts */ |
||||
- (data->state.this_is_a_follow && |
||||
- data->state.first_host && |
||||
- !data->set.allow_auth_to_other_hosts && |
||||
- !strcasecompare(data->state.first_host, conn->host.name))) |
||||
+ !allow_auth_to_host(data)) |
||||
; |
||||
else { |
||||
#ifdef USE_HYPER |
||||
@@ -2081,6 +2089,7 @@ CURLcode Curl_http_host(struct Curl_easy *data, struct connectdata *conn) |
||||
return CURLE_OUT_OF_MEMORY; |
||||
|
||||
data->state.first_remote_port = conn->remote_port; |
||||
+ data->state.first_remote_protocol = conn->handler->protocol; |
||||
} |
||||
Curl_safefree(data->state.aptr.host); |
||||
|
||||
diff --git a/lib/urldata.h b/lib/urldata.h |
||||
index 03da59a..f92052a 100644 |
||||
--- a/lib/urldata.h |
||||
+++ b/lib/urldata.h |
||||
@@ -1336,14 +1336,16 @@ struct UrlState { |
||||
char *ulbuf; /* allocated upload buffer or NULL */ |
||||
curl_off_t current_speed; /* the ProgressShow() function sets this, |
||||
bytes / second */ |
||||
- char *first_host; /* host name of the first (not followed) request. |
||||
- if set, this should be the host name that we will |
||||
- sent authorization to, no else. Used to make Location: |
||||
- following not keep sending user+password... This is |
||||
- strdup() data. |
||||
- */ |
||||
+ |
||||
+ /* host name, port number and protocol of the first (not followed) request. |
||||
+ if set, this should be the host name that we will sent authorization to, |
||||
+ no else. Used to make Location: following not keep sending user+password. |
||||
+ This is strdup()ed data. */ |
||||
+ char *first_host; |
||||
+ int first_remote_port; |
||||
+ unsigned int first_remote_protocol; |
||||
+ |
||||
int retrycount; /* number of retries on a new connection */ |
||||
- int first_remote_port; /* remote port of the first (not followed) request */ |
||||
struct Curl_ssl_session *session; /* array of 'max_ssl_sessions' size */ |
||||
long sessionage; /* number of the most recent session */ |
||||
struct tempbuf tempwrite[3]; /* BOTH, HEADER, BODY */ |
||||
-- |
||||
2.34.1 |
||||
|
||||
|
||||
From c0d12f1634785596746e5d461319dcb95b5b6ae8 Mon Sep 17 00:00:00 2001 |
||||
From: Daniel Stenberg <daniel@haxx.se> |
||||
Date: Mon, 25 Apr 2022 13:05:47 +0200 |
||||
Subject: [PATCH 2/2] test898: verify the fix for CVE-2022-27776 |
||||
|
||||
Do not pass on Authorization headers on redirects to another port |
||||
|
||||
Upstream-commit: afe752e0504ab60bf63787ede0b992cbe1065f78 |
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com> |
||||
--- |
||||
tests/data/Makefile.inc | 2 +- |
||||
tests/data/test898 | 90 +++++++++++++++++++++++++++++++++++++++++ |
||||
2 files changed, 91 insertions(+), 1 deletion(-) |
||||
create mode 100644 tests/data/test898 |
||||
|
||||
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc |
||||
index 59d46bc..7ae2cf8 100644 |
||||
--- a/tests/data/Makefile.inc |
||||
+++ b/tests/data/Makefile.inc |
||||
@@ -106,7 +106,7 @@ test854 test855 test856 test857 test858 test859 test860 test861 test862 \ |
||||
test863 test864 test865 test866 test867 test868 test869 test870 test871 \ |
||||
test872 test873 test874 test875 test876 test877 test878 test879 test880 \ |
||||
test881 test882 test883 test884 test885 test886 test887 test888 test889 \ |
||||
-test890 test891 test892 test893 test894 test895 test896 \ |
||||
+test890 test891 test892 test893 test894 test895 test896 test898 \ |
||||
\ |
||||
test900 test901 test902 test903 test904 test905 test906 test907 test908 \ |
||||
test909 test910 test911 test912 test913 test914 test915 test916 test917 \ |
||||
diff --git a/tests/data/test898 b/tests/data/test898 |
||||
new file mode 100644 |
||||
index 0000000..5cbb7d8 |
||||
--- /dev/null |
||||
+++ b/tests/data/test898 |
||||
@@ -0,0 +1,90 @@ |
||||
+<testcase> |
||||
+<info> |
||||
+<keywords> |
||||
+HTTP |
||||
+--location |
||||
+Authorization |
||||
+Cookie |
||||
+</keywords> |
||||
+</info> |
||||
+ |
||||
+# |
||||
+# Server-side |
||||
+<reply> |
||||
+<data> |
||||
+HTTP/1.1 301 redirect |
||||
+Date: Tue, 09 Nov 2010 14:49:00 GMT |
||||
+Server: test-server/fake |
||||
+Content-Length: 0 |
||||
+Connection: close |
||||
+Content-Type: text/html |
||||
+Location: http://firsthost.com:9999/a/path/%TESTNUMBER0002 |
||||
+ |
||||
+</data> |
||||
+<data2> |
||||
+HTTP/1.1 200 OK |
||||
+Date: Tue, 09 Nov 2010 14:49:00 GMT |
||||
+Server: test-server/fake |
||||
+Content-Length: 4 |
||||
+Connection: close |
||||
+Content-Type: text/html |
||||
+ |
||||
+hey |
||||
+</data2> |
||||
+ |
||||
+<datacheck> |
||||
+HTTP/1.1 301 redirect |
||||
+Date: Tue, 09 Nov 2010 14:49:00 GMT |
||||
+Server: test-server/fake |
||||
+Content-Length: 0 |
||||
+Connection: close |
||||
+Content-Type: text/html |
||||
+Location: http://firsthost.com:9999/a/path/%TESTNUMBER0002 |
||||
+ |
||||
+HTTP/1.1 200 OK |
||||
+Date: Tue, 09 Nov 2010 14:49:00 GMT |
||||
+Server: test-server/fake |
||||
+Content-Length: 4 |
||||
+Connection: close |
||||
+Content-Type: text/html |
||||
+ |
||||
+hey |
||||
+</datacheck> |
||||
+ |
||||
+</reply> |
||||
+ |
||||
+# |
||||
+# Client-side |
||||
+<client> |
||||
+<server> |
||||
+http |
||||
+</server> |
||||
+ <name> |
||||
+HTTP with custom auth and cookies redirected to HTTP on a diff port |
||||
+ </name> |
||||
+ <command> |
||||
+-x http://%HOSTIP:%HTTPPORT http://firsthost.com -L -H "Authorization: Basic am9lOnNlY3JldA==" -H "Cookie: userpwd=am9lOnNlY3JldA==" |
||||
+</command> |
||||
+</client> |
||||
+ |
||||
+# |
||||
+# Verify data after the test has been "shot" |
||||
+<verify> |
||||
+<protocol> |
||||
+GET http://firsthost.com/ HTTP/1.1 |
||||
+Host: firsthost.com |
||||
+User-Agent: curl/%VERSION |
||||
+Accept: */* |
||||
+Proxy-Connection: Keep-Alive |
||||
+Authorization: Basic am9lOnNlY3JldA== |
||||
+Cookie: userpwd=am9lOnNlY3JldA== |
||||
+ |
||||
+GET http://firsthost.com:9999/a/path/%TESTNUMBER0002 HTTP/1.1 |
||||
+Host: firsthost.com:9999 |
||||
+User-Agent: curl/%VERSION |
||||
+Accept: */* |
||||
+Proxy-Connection: Keep-Alive |
||||
+ |
||||
+</protocol> |
||||
+</verify> |
||||
+</testcase> |
||||
-- |
||||
2.34.1 |
||||
|
@ -0,0 +1,635 @@
@@ -0,0 +1,635 @@
|
||||
From ecee0926868d138312e9608531b232f697e50cad Mon Sep 17 00:00:00 2001 |
||||
From: Daniel Stenberg <daniel@haxx.se> |
||||
Date: Mon, 25 Apr 2022 16:24:33 +0200 |
||||
Subject: [PATCH 1/4] connect: store "conn_remote_port" in the info struct |
||||
|
||||
To make it available after the connection ended. |
||||
|
||||
Upstream-commit: 08b8ef4e726ba10f45081ecda5b3cea788d3c839 |
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com> |
||||
--- |
||||
lib/connect.c | 1 + |
||||
lib/urldata.h | 6 +++++- |
||||
2 files changed, 6 insertions(+), 1 deletion(-) |
||||
|
||||
diff --git a/lib/connect.c b/lib/connect.c |
||||
index 64f9511..7518807 100644 |
||||
--- a/lib/connect.c |
||||
+++ b/lib/connect.c |
||||
@@ -619,6 +619,7 @@ void Curl_persistconninfo(struct Curl_easy *data, struct connectdata *conn, |
||||
data->info.conn_scheme = conn->handler->scheme; |
||||
data->info.conn_protocol = conn->handler->protocol; |
||||
data->info.conn_primary_port = conn->port; |
||||
+ data->info.conn_remote_port = conn->remote_port; |
||||
data->info.conn_local_port = local_port; |
||||
} |
||||
|
||||
diff --git a/lib/urldata.h b/lib/urldata.h |
||||
index f92052a..5218f76 100644 |
||||
--- a/lib/urldata.h |
||||
+++ b/lib/urldata.h |
||||
@@ -1167,7 +1167,11 @@ struct PureInfo { |
||||
reused, in the connection cache. */ |
||||
|
||||
char conn_primary_ip[MAX_IPADR_LEN]; |
||||
- int conn_primary_port; |
||||
+ int conn_primary_port; /* this is the destination port to the connection, |
||||
+ which might have been a proxy */ |
||||
+ int conn_remote_port; /* this is the "remote port", which is the port |
||||
+ number of the used URL, independent of proxy or |
||||
+ not */ |
||||
char conn_local_ip[MAX_IPADR_LEN]; |
||||
int conn_local_port; |
||||
const char *conn_scheme; |
||||
-- |
||||
2.34.1 |
||||
|
||||
|
||||
From 12c129f8d0b165d83ed954f68717d88ffc1cfc5f Mon Sep 17 00:00:00 2001 |
||||
From: Daniel Stenberg <daniel@haxx.se> |
||||
Date: Mon, 25 Apr 2022 16:24:33 +0200 |
||||
Subject: [PATCH 2/4] transfer: redirects to other protocols or ports clear |
||||
auth |
||||
|
||||
... unless explicitly permitted. |
||||
|
||||
Bug: https://curl.se/docs/CVE-2022-27774.html |
||||
Reported-by: Harry Sintonen |
||||
Closes #8748 |
||||
|
||||
Upstream-commit: 620ea21410030a9977396b4661806bc187231b79 |
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com> |
||||
--- |
||||
lib/transfer.c | 49 ++++++++++++++++++++++++++++++++++++++++++++++++- |
||||
1 file changed, 48 insertions(+), 1 deletion(-) |
||||
|
||||
diff --git a/lib/transfer.c b/lib/transfer.c |
||||
index 1f8019b..752fe14 100644 |
||||
--- a/lib/transfer.c |
||||
+++ b/lib/transfer.c |
||||
@@ -1641,10 +1641,57 @@ CURLcode Curl_follow(struct Curl_easy *data, |
||||
return CURLE_OUT_OF_MEMORY; |
||||
} |
||||
else { |
||||
- |
||||
uc = curl_url_get(data->state.uh, CURLUPART_URL, &newurl, 0); |
||||
if(uc) |
||||
return Curl_uc_to_curlcode(uc); |
||||
+ |
||||
+ /* Clear auth if this redirects to a different port number or protocol, |
||||
+ unless permitted */ |
||||
+ if(!data->set.allow_auth_to_other_hosts && (type != FOLLOW_FAKE)) { |
||||
+ char *portnum; |
||||
+ int port; |
||||
+ bool clear = FALSE; |
||||
+ |
||||
+ if(data->set.use_port && data->state.allow_port) |
||||
+ /* a custom port is used */ |
||||
+ port = (int)data->set.use_port; |
||||
+ else { |
||||
+ uc = curl_url_get(data->state.uh, CURLUPART_PORT, &portnum, |
||||
+ CURLU_DEFAULT_PORT); |
||||
+ if(uc) { |
||||
+ free(newurl); |
||||
+ return Curl_uc_to_curlcode(uc); |
||||
+ } |
||||
+ port = atoi(portnum); |
||||
+ free(portnum); |
||||
+ } |
||||
+ if(port != data->info.conn_remote_port) { |
||||
+ infof(data, "Clear auth, redirects to port from %u to %u", |
||||
+ data->info.conn_remote_port, port); |
||||
+ clear = TRUE; |
||||
+ } |
||||
+ else { |
||||
+ char *scheme; |
||||
+ const struct Curl_handler *p; |
||||
+ uc = curl_url_get(data->state.uh, CURLUPART_SCHEME, &scheme, 0); |
||||
+ if(uc) { |
||||
+ free(newurl); |
||||
+ return Curl_uc_to_curlcode(uc); |
||||
+ } |
||||
+ |
||||
+ p = Curl_builtin_scheme(scheme); |
||||
+ if(p && (p->protocol != data->info.conn_protocol)) { |
||||
+ infof(data, "Clear auth, redirects scheme from %s to %s", |
||||
+ data->info.conn_scheme, scheme); |
||||
+ clear = TRUE; |
||||
+ } |
||||
+ free(scheme); |
||||
+ } |
||||
+ if(clear) { |
||||
+ Curl_safefree(data->state.aptr.user); |
||||
+ Curl_safefree(data->state.aptr.passwd); |
||||
+ } |
||||
+ } |
||||
} |
||||
|
||||
if(type == FOLLOW_FAKE) { |
||||
-- |
||||
2.34.1 |
||||
|
||||
|
||||
From 83bf4314d88cc16469afeaaefd6686a50371d1b7 Mon Sep 17 00:00:00 2001 |
||||
From: Daniel Stenberg <daniel@haxx.se> |
||||
Date: Mon, 25 Apr 2022 16:24:33 +0200 |
||||
Subject: [PATCH 3/4] tests: verify the fix for CVE-2022-27774 |
||||
|
||||
- Test 973 redirects from HTTP to FTP, clear auth |
||||
- Test 974 redirects from HTTP to HTTP different port, clear auth |
||||
- Test 975 redirects from HTTP to FTP, permitted to keep auth |
||||
- Test 976 redirects from HTTP to HTTP different port, permitted to keep |
||||
auth |
||||
|
||||
Upstream-commit: 5295e8d64ac6949ecb3f9e564317a608f51b90d8 |
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com> |
||||
--- |
||||
tests/data/Makefile.inc | 1 + |
||||
tests/data/test973 | 88 +++++++++++++++++++++++++++++++++++++++++ |
||||
tests/data/test974 | 87 ++++++++++++++++++++++++++++++++++++++++ |
||||
tests/data/test975 | 88 +++++++++++++++++++++++++++++++++++++++++ |
||||
tests/data/test976 | 88 +++++++++++++++++++++++++++++++++++++++++ |
||||
5 files changed, 352 insertions(+) |
||||
create mode 100644 tests/data/test973 |
||||
create mode 100644 tests/data/test974 |
||||
create mode 100644 tests/data/test975 |
||||
create mode 100644 tests/data/test976 |
||||
|
||||
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc |
||||
index 7ae2cf8..175fc43 100644 |
||||
--- a/tests/data/Makefile.inc |
||||
+++ b/tests/data/Makefile.inc |
||||
@@ -116,6 +116,7 @@ test936 test937 test938 test939 test940 test941 test942 test943 test944 \ |
||||
test945 test946 test947 test948 test949 test950 test951 test952 test953 \ |
||||
test954 test955 test956 test957 test958 test959 test960 test961 test962 \ |
||||
test963 test964 test965 test966 test967 test968 test969 test970 test971 \ |
||||
+test973 test974 test975 test976 \ |
||||
\ |
||||
test980 test981 test982 test983 test984 test985 test986 \ |
||||
\ |
||||
diff --git a/tests/data/test973 b/tests/data/test973 |
||||
new file mode 100644 |
||||
index 0000000..6ced107 |
||||
--- /dev/null |
||||
+++ b/tests/data/test973 |
||||
@@ -0,0 +1,88 @@ |
||||
+<testcase> |
||||
+<info> |
||||
+<keywords> |
||||
+HTTP |
||||
+FTP |
||||
+--location |
||||
+</keywords> |
||||
+</info> |
||||
+ |
||||
+# |
||||
+# Server-side |
||||
+<reply> |
||||
+<data> |
||||
+HTTP/1.1 301 redirect |
||||
+Date: Tue, 09 Nov 2010 14:49:00 GMT |
||||
+Server: test-server/fake |
||||
+Content-Length: 0 |
||||
+Connection: close |
||||
+Content-Type: text/html |
||||
+Location: ftp://%HOSTIP:%FTPPORT/a/path/%TESTNUMBER0002 |
||||
+ |
||||
+</data> |
||||
+<data2> |
||||
+data |
||||
+ to |
||||
+ see |
||||
+that FTP |
||||
+works |
||||
+ so does it? |
||||
+</data2> |
||||
+ |
||||
+<datacheck> |
||||
+HTTP/1.1 301 redirect |
||||
+Date: Tue, 09 Nov 2010 14:49:00 GMT |
||||
+Server: test-server/fake |
||||
+Content-Length: 0 |
||||
+Connection: close |
||||
+Content-Type: text/html |
||||
+Location: ftp://%HOSTIP:%FTPPORT/a/path/%TESTNUMBER0002 |
||||
+ |
||||
+data |
||||
+ to |
||||
+ see |
||||
+that FTP |
||||
+works |
||||
+ so does it? |
||||
+</datacheck> |
||||
+ |
||||
+</reply> |
||||
+ |
||||
+# |
||||
+# Client-side |
||||
+<client> |
||||
+<server> |
||||
+http |
||||
+ftp |
||||
+</server> |
||||
+ <name> |
||||
+HTTP with auth redirected to FTP w/o auth |
||||
+ </name> |
||||
+ <command> |
||||
+http://%HOSTIP:%HTTPPORT/%TESTNUMBER -L -u joe:secret |
||||
+</command> |
||||
+</client> |
||||
+ |
||||
+# |
||||
+# Verify data after the test has been "shot" |
||||
+<verify> |
||||
+<protocol> |
||||
+GET /%TESTNUMBER HTTP/1.1 |
||||
+Host: %HOSTIP:%HTTPPORT |
||||
+Authorization: Basic am9lOnNlY3JldA== |
||||
+User-Agent: curl/%VERSION |
||||
+Accept: */* |
||||
+ |
||||
+USER anonymous |
||||
+PASS ftp@example.com |
||||
+PWD |
||||
+CWD a |
||||
+CWD path |
||||
+EPSV |
||||
+TYPE I |
||||
+SIZE %TESTNUMBER0002 |
||||
+RETR %TESTNUMBER0002 |
||||
+QUIT |
||||
+</protocol> |
||||
+</verify> |
||||
+</testcase> |
||||
diff --git a/tests/data/test974 b/tests/data/test974 |
||||
new file mode 100644 |
||||
index 0000000..ac4e641 |
||||
--- /dev/null |
||||
+++ b/tests/data/test974 |
||||
@@ -0,0 +1,87 @@ |
||||
+<testcase> |
||||
+<info> |
||||
+<keywords> |
||||
+HTTP |
||||
+--location |
||||
+</keywords> |
||||
+</info> |
||||
+ |
||||
+# |
||||
+# Server-side |
||||
+<reply> |
||||
+<data> |
||||
+HTTP/1.1 301 redirect |
||||
+Date: Tue, 09 Nov 2010 14:49:00 GMT |
||||
+Server: test-server/fake |
||||
+Content-Length: 0 |
||||
+Connection: close |
||||
+Content-Type: text/html |
||||
+Location: http://firsthost.com:9999/a/path/%TESTNUMBER0002 |
||||
+ |
||||
+</data> |
||||
+<data2> |
||||
+HTTP/1.1 200 OK |
||||
+Date: Tue, 09 Nov 2010 14:49:00 GMT |
||||
+Server: test-server/fake |
||||
+Content-Length: 4 |
||||
+Connection: close |
||||
+Content-Type: text/html |
||||
+ |
||||
+hey |
||||
+</data2> |
||||
+ |
||||
+<datacheck> |
||||
+HTTP/1.1 301 redirect |
||||
+Date: Tue, 09 Nov 2010 14:49:00 GMT |
||||
+Server: test-server/fake |
||||
+Content-Length: 0 |
||||
+Connection: close |
||||
+Content-Type: text/html |
||||
+Location: http://firsthost.com:9999/a/path/%TESTNUMBER0002 |
||||
+ |
||||
+HTTP/1.1 200 OK |
||||
+Date: Tue, 09 Nov 2010 14:49:00 GMT |
||||
+Server: test-server/fake |
||||
+Content-Length: 4 |
||||
+Connection: close |
||||
+Content-Type: text/html |
||||
+ |
||||
+hey |
||||
+</datacheck> |
||||
+ |
||||
+</reply> |
||||
+ |
||||
+# |
||||
+# Client-side |
||||
+<client> |
||||
+<server> |
||||
+http |
||||
+</server> |
||||
+ <name> |
||||
+HTTP with auth redirected to HTTP on a diff port w/o auth |
||||
+ </name> |
||||
+ <command> |
||||
+-x http://%HOSTIP:%HTTPPORT http://firsthost.com -L -u joe:secret |
||||
+</command> |
||||
+</client> |
||||
+ |
||||
+# |
||||
+# Verify data after the test has been "shot" |
||||
+<verify> |
||||
+<protocol> |
||||
+GET http://firsthost.com/ HTTP/1.1 |
||||
+Host: firsthost.com |
||||
+Authorization: Basic am9lOnNlY3JldA== |
||||
+User-Agent: curl/%VERSION |
||||
+Accept: */* |
||||
+Proxy-Connection: Keep-Alive |
||||
+ |
||||
+GET http://firsthost.com:9999/a/path/%TESTNUMBER0002 HTTP/1.1 |
||||
+Host: firsthost.com:9999 |
||||
+User-Agent: curl/%VERSION |
||||
+Accept: */* |
||||
+Proxy-Connection: Keep-Alive |
||||
+ |
||||
+</protocol> |
||||
+</verify> |
||||
+</testcase> |
||||
diff --git a/tests/data/test975 b/tests/data/test975 |
||||
new file mode 100644 |
||||
index 0000000..85e03e4 |
||||
--- /dev/null |
||||
+++ b/tests/data/test975 |
||||
@@ -0,0 +1,88 @@ |
||||
+<testcase> |
||||
+<info> |
||||
+<keywords> |
||||
+HTTP |
||||
+FTP |
||||
+--location-trusted |
||||
+</keywords> |
||||
+</info> |
||||
+ |
||||
+# |
||||
+# Server-side |
||||
+<reply> |
||||
+<data> |
||||
+HTTP/1.1 301 redirect |
||||
+Date: Tue, 09 Nov 2010 14:49:00 GMT |
||||
+Server: test-server/fake |
||||
+Content-Length: 0 |
||||
+Connection: close |
||||
+Content-Type: text/html |
||||
+Location: ftp://%HOSTIP:%FTPPORT/a/path/%TESTNUMBER0002 |
||||
+ |
||||
+</data> |
||||
+<data2> |
||||
+data |
||||
+ to |
||||
+ see |
||||
+that FTP |
||||
+works |
||||
+ so does it? |
||||
+</data2> |
||||
+ |
||||
+<datacheck> |
||||
+HTTP/1.1 301 redirect |
||||
+Date: Tue, 09 Nov 2010 14:49:00 GMT |
||||
+Server: test-server/fake |
||||
+Content-Length: 0 |
||||
+Connection: close |
||||
+Content-Type: text/html |
||||
+Location: ftp://%HOSTIP:%FTPPORT/a/path/%TESTNUMBER0002 |
||||
+ |
||||
+data |
||||
+ to |
||||
+ see |
||||
+that FTP |
||||
+works |
||||
+ so does it? |
||||
+</datacheck> |
||||
+ |
||||
+</reply> |
||||
+ |
||||
+# |
||||
+# Client-side |
||||
+<client> |
||||
+<server> |
||||
+http |
||||
+ftp |
||||
+</server> |
||||
+ <name> |
||||
+HTTP with auth redirected to FTP allowing auth to continue |
||||
+ </name> |
||||
+ <command> |
||||
+http://%HOSTIP:%HTTPPORT/%TESTNUMBER --location-trusted -u joe:secret |
||||
+</command> |
||||
+</client> |
||||
+ |
||||
+# |
||||
+# Verify data after the test has been "shot" |
||||
+<verify> |
||||
+<protocol> |
||||
+GET /%TESTNUMBER HTTP/1.1 |
||||
+Host: %HOSTIP:%HTTPPORT |
||||
+Authorization: Basic am9lOnNlY3JldA== |
||||
+User-Agent: curl/%VERSION |
||||
+Accept: */* |
||||
+ |
||||
+USER joe |
||||
+PASS secret |
||||
+PWD |
||||
+CWD a |
||||
+CWD path |
||||
+EPSV |
||||
+TYPE I |
||||
+SIZE %TESTNUMBER0002 |
||||
+RETR %TESTNUMBER0002 |
||||
+QUIT |
||||
+</protocol> |
||||
+</verify> |
||||
+</testcase> |
||||
diff --git a/tests/data/test976 b/tests/data/test976 |
||||
new file mode 100644 |
||||
index 0000000..c4dd61e |
||||
--- /dev/null |
||||
+++ b/tests/data/test976 |
||||
@@ -0,0 +1,88 @@ |
||||
+<testcase> |
||||
+<info> |
||||
+<keywords> |
||||
+HTTP |
||||
+--location-trusted |
||||
+</keywords> |
||||
+</info> |
||||
+ |
||||
+# |
||||
+# Server-side |
||||
+<reply> |
||||
+<data> |
||||
+HTTP/1.1 301 redirect |
||||
+Date: Tue, 09 Nov 2010 14:49:00 GMT |
||||
+Server: test-server/fake |
||||
+Content-Length: 0 |
||||
+Connection: close |
||||
+Content-Type: text/html |
||||
+Location: http://firsthost.com:9999/a/path/%TESTNUMBER0002 |
||||
+ |
||||
+</data> |
||||
+<data2> |
||||
+HTTP/1.1 200 OK |
||||
+Date: Tue, 09 Nov 2010 14:49:00 GMT |
||||
+Server: test-server/fake |
||||
+Content-Length: 4 |
||||
+Connection: close |
||||
+Content-Type: text/html |
||||
+ |
||||
+hey |
||||
+</data2> |
||||
+ |
||||
+<datacheck> |
||||
+HTTP/1.1 301 redirect |
||||
+Date: Tue, 09 Nov 2010 14:49:00 GMT |
||||
+Server: test-server/fake |
||||
+Content-Length: 0 |
||||
+Connection: close |
||||
+Content-Type: text/html |
||||
+Location: http://firsthost.com:9999/a/path/%TESTNUMBER0002 |
||||
+ |
||||
+HTTP/1.1 200 OK |
||||
+Date: Tue, 09 Nov 2010 14:49:00 GMT |
||||
+Server: test-server/fake |
||||
+Content-Length: 4 |
||||
+Connection: close |
||||
+Content-Type: text/html |
||||
+ |
||||
+hey |
||||
+</datacheck> |
||||
+ |
||||
+</reply> |
||||
+ |
||||
+# |
||||
+# Client-side |
||||
+<client> |
||||
+<server> |
||||
+http |
||||
+</server> |
||||
+ <name> |
||||
+HTTP with auth redirected to HTTP on a diff port --location-trusted |
||||
+ </name> |
||||
+ <command> |
||||
+-x http://%HOSTIP:%HTTPPORT http://firsthost.com --location-trusted -u joe:secret |
||||
+</command> |
||||
+</client> |
||||
+ |
||||
+# |
||||
+# Verify data after the test has been "shot" |
||||
+<verify> |
||||
+<protocol> |
||||
+GET http://firsthost.com/ HTTP/1.1 |
||||
+Host: firsthost.com |
||||
+Authorization: Basic am9lOnNlY3JldA== |
||||
+User-Agent: curl/%VERSION |
||||
+Accept: */* |
||||
+Proxy-Connection: Keep-Alive |
||||
+ |
||||
+GET http://firsthost.com:9999/a/path/%TESTNUMBER0002 HTTP/1.1 |
||||
+Host: firsthost.com:9999 |
||||
+Authorization: Basic am9lOnNlY3JldA== |
||||
+User-Agent: curl/%VERSION |
||||
+Accept: */* |
||||
+Proxy-Connection: Keep-Alive |
||||
+ |
||||
+</protocol> |
||||
+</verify> |
||||
+</testcase> |
||||
-- |
||||
2.34.1 |
||||
|
||||
|
||||
From 443ce415aa60caaf8b1c9b0b71fff8d26263daca Mon Sep 17 00:00:00 2001 |
||||
From: Daniel Stenberg <daniel@haxx.se> |
||||
Date: Mon, 25 Apr 2022 17:59:15 +0200 |
||||
Subject: [PATCH 4/4] openssl: don't leak the SRP credentials in redirects |
||||
either |
||||
|
||||
Follow-up to 620ea21410030 |
||||
|
||||
Reported-by: Harry Sintonen |
||||
Closes #8751 |
||||
|
||||
Upstream-commit: 139a54ed0a172adaaf1a78d6f4fff50b2c3f9e08 |
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com> |
||||
--- |
||||
lib/http.c | 10 +++++----- |
||||
lib/http.h | 6 ++++++ |
||||
lib/vtls/openssl.c | 3 ++- |
||||
3 files changed, 13 insertions(+), 6 deletions(-) |
||||
|
||||
diff --git a/lib/http.c b/lib/http.c |
||||
index 0791dcf..4433824 100644 |
||||
--- a/lib/http.c |
||||
+++ b/lib/http.c |
||||
@@ -776,10 +776,10 @@ output_auth_headers(struct Curl_easy *data, |
||||
} |
||||
|
||||
/* |
||||
- * allow_auth_to_host() tells if autentication, cookies or other "sensitive |
||||
- * data" can (still) be sent to this host. |
||||
+ * Curl_allow_auth_to_host() tells if authentication, cookies or other |
||||
+ * "sensitive data" can (still) be sent to this host. |
||||
*/ |
||||
-static bool allow_auth_to_host(struct Curl_easy *data) |
||||
+bool Curl_allow_auth_to_host(struct Curl_easy *data) |
||||
{ |
||||
struct connectdata *conn = data->conn; |
||||
return (!data->state.this_is_a_follow || |
||||
@@ -864,7 +864,7 @@ Curl_http_output_auth(struct Curl_easy *data, |
||||
|
||||
/* To prevent the user+password to get sent to other than the original host |
||||
due to a location-follow */ |
||||
- if(allow_auth_to_host(data) |
||||
+ if(Curl_allow_auth_to_host(data) |
||||
|| conn->bits.netrc) |
||||
result = output_auth_headers(data, conn, authhost, request, path, FALSE); |
||||
else |
||||
@@ -1917,7 +1917,7 @@ CURLcode Curl_add_custom_headers(struct Curl_easy *data, |
||||
checkprefix("Cookie:", compare)) && |
||||
/* be careful of sending this potentially sensitive header to |
||||
other hosts */ |
||||
- !allow_auth_to_host(data)) |
||||
+ !Curl_allow_auth_to_host(data)) |
||||
; |
||||
else { |
||||
#ifdef USE_HYPER |
||||
diff --git a/lib/http.h b/lib/http.h |
||||
index 07e963d..9000bae 100644 |
||||
--- a/lib/http.h |
||||
+++ b/lib/http.h |
||||
@@ -317,4 +317,10 @@ Curl_http_output_auth(struct Curl_easy *data, |
||||
bool proxytunnel); /* TRUE if this is the request setting |
||||
up the proxy tunnel */ |
||||
|
||||
+/* |
||||
+ * Curl_allow_auth_to_host() tells if authentication, cookies or other |
||||
+ * "sensitive data" can (still) be sent to this host. |
||||
+ */ |
||||
+bool Curl_allow_auth_to_host(struct Curl_easy *data); |
||||
+ |
||||
#endif /* HEADER_CURL_HTTP_H */ |
||||
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c |
||||
index 1bafe96..97c5666 100644 |
||||
--- a/lib/vtls/openssl.c |
||||
+++ b/lib/vtls/openssl.c |
||||
@@ -2857,7 +2857,8 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data, |
||||
#endif |
||||
|
||||
#ifdef USE_OPENSSL_SRP |
||||
- if(ssl_authtype == CURL_TLSAUTH_SRP) { |
||||
+ if((ssl_authtype == CURL_TLSAUTH_SRP) && |
||||
+ Curl_allow_auth_to_host(data)) { |
||||
char * const ssl_username = SSL_SET_OPTION(username); |
||||
|
||||
infof(data, "Using TLS-SRP username: %s\n", ssl_username); |
||||
-- |
||||
2.34.1 |
||||
|
@ -0,0 +1,461 @@
@@ -0,0 +1,461 @@
|
||||
From 50481ac42b4beae6ea85345e37b051124ac00f11 Mon Sep 17 00:00:00 2001 |
||||
From: Daniel Stenberg <daniel@haxx.se> |
||||
Date: Fri, 28 Jan 2022 16:48:38 +0100 |
||||
Subject: [PATCH 1/3] setopt: fix the TLSAUTH #ifdefs for proxy-disabled builds |
||||
|
||||
Closes #8350 |
||||
|
||||
Upstream-commit: 96629ba2c212cda2bd1b7b04e2a9fc01ef70b75d |
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com> |
||||
--- |
||||
lib/setopt.c | 10 +++++----- |
||||
1 file changed, 5 insertions(+), 5 deletions(-) |
||||
|
||||
diff --git a/lib/setopt.c b/lib/setopt.c |
||||
index 08827d1..9eaa187 100644 |
||||
--- a/lib/setopt.c |
||||
+++ b/lib/setopt.c |
||||
@@ -5,7 +5,7 @@ |
||||
* | (__| |_| | _ <| |___ |
||||
* \___|\___/|_| \_\_____| |
||||
* |
||||
- * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. |
||||
+ * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. |
||||
* |
||||
* This software is licensed as described in the file COPYING, which |
||||
* you should have received as part of this distribution. The terms |
||||
@@ -2699,30 +2699,30 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) |
||||
if(data->set.str[STRING_TLSAUTH_USERNAME] && !data->set.ssl.authtype) |
||||
data->set.ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */ |
||||
break; |
||||
+#ifndef CURL_DISABLE_PROXY |
||||
case CURLOPT_PROXY_TLSAUTH_USERNAME: |
||||
result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_USERNAME_PROXY], |
||||
va_arg(param, char *)); |
||||
-#ifndef CURL_DISABLE_PROXY |
||||
if(data->set.str[STRING_TLSAUTH_USERNAME_PROXY] && |
||||
!data->set.proxy_ssl.authtype) |
||||
data->set.proxy_ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */ |
||||
-#endif |
||||
break; |
||||
+#endif |
||||
case CURLOPT_TLSAUTH_PASSWORD: |
||||
result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_PASSWORD], |
||||
va_arg(param, char *)); |
||||
if(data->set.str[STRING_TLSAUTH_USERNAME] && !data->set.ssl.authtype) |
||||
data->set.ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */ |
||||
break; |
||||
+#ifndef CURL_DISABLE_PROXY |
||||
case CURLOPT_PROXY_TLSAUTH_PASSWORD: |
||||
result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_PASSWORD_PROXY], |
||||
va_arg(param, char *)); |
||||
-#ifndef CURL_DISABLE_PROXY |
||||
if(data->set.str[STRING_TLSAUTH_USERNAME_PROXY] && |
||||
!data->set.proxy_ssl.authtype) |
||||
data->set.proxy_ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */ |
||||
-#endif |
||||
break; |
||||
+#endif |
||||
case CURLOPT_TLSAUTH_TYPE: |
||||
argptr = va_arg(param, char *); |
||||
if(!argptr || |
||||
-- |
||||
2.34.1 |
||||
|
||||
|
||||
From 931fbabcae0b5d1a91657e6bb85f4f23fce7ac3d Mon Sep 17 00:00:00 2001 |
||||
From: Daniel Stenberg <daniel@haxx.se> |
||||
Date: Mon, 9 May 2022 23:13:53 +0200 |
||||
Subject: [PATCH 2/3] tls: check more TLS details for connection reuse |
||||
|
||||
CVE-2022-27782 |
||||
|
||||
Reported-by: Harry Sintonen |
||||
Bug: https://curl.se/docs/CVE-2022-27782.html |
||||
Closes #8825 |
||||
|
||||
Upstream-commit: f18af4f874cecab82a9797e8c7541e0990c7a64c |
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com> |
||||
--- |
||||
lib/setopt.c | 29 +++++++++++++++++------------ |
||||
lib/url.c | 23 ++++++++++++++++------- |
||||
lib/urldata.h | 13 +++++++------ |
||||
lib/vtls/openssl.c | 10 +++++----- |
||||
lib/vtls/vtls.c | 21 +++++++++++++++++++++ |
||||
5 files changed, 66 insertions(+), 30 deletions(-) |
||||
|
||||
diff --git a/lib/setopt.c b/lib/setopt.c |
||||
index 8e1bf12..7aa6fdb 100644 |
||||
--- a/lib/setopt.c |
||||
+++ b/lib/setopt.c |
||||
@@ -2268,6 +2268,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) |
||||
|
||||
case CURLOPT_SSL_OPTIONS: |
||||
arg = va_arg(param, long); |
||||
+ data->set.ssl.primary.ssl_options = (unsigned char)(arg & 0xff); |
||||
data->set.ssl.enable_beast = |
||||
(bool)((arg&CURLSSLOPT_ALLOW_BEAST) ? TRUE : FALSE); |
||||
data->set.ssl.no_revoke = !!(arg & CURLSSLOPT_NO_REVOKE); |
||||
@@ -2281,6 +2282,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) |
||||
#ifndef CURL_DISABLE_PROXY |
||||
case CURLOPT_PROXY_SSL_OPTIONS: |
||||
arg = va_arg(param, long); |
||||
+ data->set.proxy_ssl.primary.ssl_options = (unsigned char)(arg & 0xff); |
||||
data->set.proxy_ssl.enable_beast = |
||||
(bool)((arg&CURLSSLOPT_ALLOW_BEAST) ? TRUE : FALSE); |
||||
data->set.proxy_ssl.no_revoke = !!(arg & CURLSSLOPT_NO_REVOKE); |
||||
@@ -2696,49 +2698,52 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) |
||||
case CURLOPT_TLSAUTH_USERNAME: |
||||
result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_USERNAME], |
||||
va_arg(param, char *)); |
||||
- if(data->set.str[STRING_TLSAUTH_USERNAME] && !data->set.ssl.authtype) |
||||
- data->set.ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */ |
||||
+ if(data->set.str[STRING_TLSAUTH_USERNAME] && |
||||
+ !data->set.ssl.primary.authtype) |
||||
+ data->set.ssl.primary.authtype = CURL_TLSAUTH_SRP; /* default to SRP */ |
||||
break; |
||||
#ifndef CURL_DISABLE_PROXY |
||||
case CURLOPT_PROXY_TLSAUTH_USERNAME: |
||||
result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_USERNAME_PROXY], |
||||
va_arg(param, char *)); |
||||
if(data->set.str[STRING_TLSAUTH_USERNAME_PROXY] && |
||||
- !data->set.proxy_ssl.authtype) |
||||
- data->set.proxy_ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */ |
||||
+ !data->set.proxy_ssl.primary.authtype) |
||||
+ data->set.proxy_ssl.primary.authtype = CURL_TLSAUTH_SRP; /* default to |
||||
+ SRP */ |
||||
break; |
||||
#endif |
||||
case CURLOPT_TLSAUTH_PASSWORD: |
||||
result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_PASSWORD], |
||||
va_arg(param, char *)); |
||||
- if(data->set.str[STRING_TLSAUTH_USERNAME] && !data->set.ssl.authtype) |
||||
- data->set.ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */ |
||||
+ if(data->set.str[STRING_TLSAUTH_USERNAME] && |
||||
+ !data->set.ssl.primary.authtype) |
||||
+ data->set.ssl.primary.authtype = CURL_TLSAUTH_SRP; /* default */ |
||||
break; |
||||
#ifndef CURL_DISABLE_PROXY |
||||
case CURLOPT_PROXY_TLSAUTH_PASSWORD: |
||||
result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_PASSWORD_PROXY], |
||||
va_arg(param, char *)); |
||||
if(data->set.str[STRING_TLSAUTH_USERNAME_PROXY] && |
||||
- !data->set.proxy_ssl.authtype) |
||||
- data->set.proxy_ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */ |
||||
+ !data->set.proxy_ssl.primary.authtype) |
||||
+ data->set.proxy_ssl.primary.authtype = CURL_TLSAUTH_SRP; /* default */ |
||||
break; |
||||
#endif |
||||
case CURLOPT_TLSAUTH_TYPE: |
||||
argptr = va_arg(param, char *); |
||||
if(!argptr || |
||||
strncasecompare(argptr, "SRP", strlen("SRP"))) |
||||
- data->set.ssl.authtype = CURL_TLSAUTH_SRP; |
||||
+ data->set.ssl.primary.authtype = CURL_TLSAUTH_SRP; |
||||
else |
||||
- data->set.ssl.authtype = CURL_TLSAUTH_NONE; |
||||
+ data->set.ssl.primary.authtype = CURL_TLSAUTH_NONE; |
||||
break; |
||||
#ifndef CURL_DISABLE_PROXY |
||||
case CURLOPT_PROXY_TLSAUTH_TYPE: |
||||
argptr = va_arg(param, char *); |
||||
if(!argptr || |
||||
strncasecompare(argptr, "SRP", strlen("SRP"))) |
||||
- data->set.proxy_ssl.authtype = CURL_TLSAUTH_SRP; |
||||
+ data->set.proxy_ssl.primary.authtype = CURL_TLSAUTH_SRP; |
||||
else |
||||
- data->set.proxy_ssl.authtype = CURL_TLSAUTH_NONE; |
||||
+ data->set.proxy_ssl.primary.authtype = CURL_TLSAUTH_NONE; |
||||
break; |
||||
#endif |
||||
#endif |
||||
diff --git a/lib/url.c b/lib/url.c |
||||
index 94e3406..5ebf5e2 100644 |
||||
--- a/lib/url.c |
||||
+++ b/lib/url.c |
||||
@@ -540,7 +540,7 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data) |
||||
set->ssl.primary.verifypeer = TRUE; |
||||
set->ssl.primary.verifyhost = TRUE; |
||||
#ifdef USE_TLS_SRP |
||||
- set->ssl.authtype = CURL_TLSAUTH_NONE; |
||||
+ set->ssl.primary.authtype = CURL_TLSAUTH_NONE; |
||||
#endif |
||||
set->ssh_auth_types = CURLSSH_AUTH_DEFAULT; /* defaults to any auth |
||||
type */ |
||||
@@ -1719,11 +1719,17 @@ static struct connectdata *allocate_conn(struct Curl_easy *data) |
||||
conn->ssl_config.verifystatus = data->set.ssl.primary.verifystatus; |
||||
conn->ssl_config.verifypeer = data->set.ssl.primary.verifypeer; |
||||
conn->ssl_config.verifyhost = data->set.ssl.primary.verifyhost; |
||||
+ conn->ssl_config.ssl_options = data->set.ssl.primary.ssl_options; |
||||
+#ifdef USE_TLS_SRP |
||||
+#endif |
||||
#ifndef CURL_DISABLE_PROXY |
||||
conn->proxy_ssl_config.verifystatus = |
||||
data->set.proxy_ssl.primary.verifystatus; |
||||
conn->proxy_ssl_config.verifypeer = data->set.proxy_ssl.primary.verifypeer; |
||||
conn->proxy_ssl_config.verifyhost = data->set.proxy_ssl.primary.verifyhost; |
||||
+ conn->proxy_ssl_config.ssl_options = data->set.proxy_ssl.primary.ssl_options; |
||||
+#ifdef USE_TLS_SRP |
||||
+#endif |
||||
#endif |
||||
conn->ip_version = data->set.ipver; |
||||
conn->bits.connect_only = data->set.connect_only; |
||||
@@ -3764,7 +3770,8 @@ static CURLcode create_conn(struct Curl_easy *data, |
||||
data->set.str[STRING_SSL_ISSUERCERT_PROXY]; |
||||
data->set.proxy_ssl.primary.issuercert_blob = |
||||
data->set.blobs[BLOB_SSL_ISSUERCERT_PROXY]; |
||||
- data->set.proxy_ssl.CRLfile = data->set.str[STRING_SSL_CRLFILE_PROXY]; |
||||
+ data->set.proxy_ssl.primary.CRLfile = |
||||
+ data->set.str[STRING_SSL_CRLFILE_PROXY]; |
||||
data->set.proxy_ssl.cert_type = data->set.str[STRING_CERT_TYPE_PROXY]; |
||||
data->set.proxy_ssl.key = data->set.str[STRING_KEY_PROXY]; |
||||
data->set.proxy_ssl.key_type = data->set.str[STRING_KEY_TYPE_PROXY]; |
||||
@@ -3772,18 +3779,20 @@ static CURLcode create_conn(struct Curl_easy *data, |
||||
data->set.proxy_ssl.primary.clientcert = data->set.str[STRING_CERT_PROXY]; |
||||
data->set.proxy_ssl.key_blob = data->set.blobs[BLOB_KEY_PROXY]; |
||||
#endif |
||||
- data->set.ssl.CRLfile = data->set.str[STRING_SSL_CRLFILE]; |
||||
+ data->set.ssl.primary.CRLfile = data->set.str[STRING_SSL_CRLFILE]; |
||||
data->set.ssl.cert_type = data->set.str[STRING_CERT_TYPE]; |
||||
data->set.ssl.key = data->set.str[STRING_KEY]; |
||||
data->set.ssl.key_type = data->set.str[STRING_KEY_TYPE]; |
||||
data->set.ssl.key_passwd = data->set.str[STRING_KEY_PASSWD]; |
||||
data->set.ssl.primary.clientcert = data->set.str[STRING_CERT]; |
||||
#ifdef USE_TLS_SRP |
||||
- data->set.ssl.username = data->set.str[STRING_TLSAUTH_USERNAME]; |
||||
- data->set.ssl.password = data->set.str[STRING_TLSAUTH_PASSWORD]; |
||||
+ data->set.ssl.primary.username = data->set.str[STRING_TLSAUTH_USERNAME]; |
||||
+ data->set.ssl.primary.password = data->set.str[STRING_TLSAUTH_PASSWORD]; |
||||
#ifndef CURL_DISABLE_PROXY |
||||
- data->set.proxy_ssl.username = data->set.str[STRING_TLSAUTH_USERNAME_PROXY]; |
||||
- data->set.proxy_ssl.password = data->set.str[STRING_TLSAUTH_PASSWORD_PROXY]; |
||||
+ data->set.proxy_ssl.primary.username = |
||||
+ data->set.str[STRING_TLSAUTH_USERNAME_PROXY]; |
||||
+ data->set.proxy_ssl.primary.password = |
||||
+ data->set.str[STRING_TLSAUTH_PASSWORD_PROXY]; |
||||
#endif |
||||
#endif |
||||
data->set.ssl.key_blob = data->set.blobs[BLOB_KEY]; |
||||
diff --git a/lib/urldata.h b/lib/urldata.h |
||||
index 5218f76..e006495 100644 |
||||
--- a/lib/urldata.h |
||||
+++ b/lib/urldata.h |
||||
@@ -253,9 +253,16 @@ struct ssl_primary_config { |
||||
char *cipher_list; /* list of ciphers to use */ |
||||
char *cipher_list13; /* list of TLS 1.3 cipher suites to use */ |
||||
char *pinned_key; |
||||
+ char *CRLfile; /* CRL to check certificate revocation */ |
||||
struct curl_blob *cert_blob; |
||||
struct curl_blob *issuercert_blob; |
||||
+#ifdef USE_TLS_SRP |
||||
+ char *username; /* TLS username (for, e.g., SRP) */ |
||||
+ char *password; /* TLS password (for, e.g., SRP) */ |
||||
+ enum CURL_TLSAUTH authtype; /* TLS authentication type (default SRP) */ |
||||
+#endif |
||||
char *curves; /* list of curves to use */ |
||||
+ unsigned char ssl_options; /* the CURLOPT_SSL_OPTIONS bitmask */ |
||||
BIT(verifypeer); /* set TRUE if this is desired */ |
||||
BIT(verifyhost); /* set TRUE if CN/SAN must match hostname */ |
||||
BIT(verifystatus); /* set TRUE if certificate status must be checked */ |
||||
@@ -265,7 +272,6 @@ struct ssl_primary_config { |
||||
struct ssl_config_data { |
||||
struct ssl_primary_config primary; |
||||
long certverifyresult; /* result from the certificate verification */ |
||||
- char *CRLfile; /* CRL to check certificate revocation */ |
||||
curl_ssl_ctx_callback fsslctx; /* function to initialize ssl ctx */ |
||||
void *fsslctxp; /* parameter for call back */ |
||||
char *cert_type; /* format for certificate (default: PEM)*/ |
||||
@@ -273,11 +279,6 @@ struct ssl_config_data { |
||||
struct curl_blob *key_blob; |
||||
char *key_type; /* format for private key (default: PEM) */ |
||||
char *key_passwd; /* plain text private key password */ |
||||
-#ifdef USE_TLS_SRP |
||||
- char *username; /* TLS username (for, e.g., SRP) */ |
||||
- char *password; /* TLS password (for, e.g., SRP) */ |
||||
- enum CURL_TLSAUTH authtype; /* TLS authentication type (default SRP) */ |
||||
-#endif |
||||
BIT(certinfo); /* gather lots of certificate info */ |
||||
BIT(falsestart); |
||||
BIT(enable_beast); /* allow this flaw for interoperability's sake*/ |
||||
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c |
||||
index 97c5666..a4ef9d1 100644 |
||||
--- a/lib/vtls/openssl.c |
||||
+++ b/lib/vtls/openssl.c |
||||
@@ -2546,7 +2546,7 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data, |
||||
#endif |
||||
const long int ssl_version = SSL_CONN_CONFIG(version); |
||||
#ifdef USE_OPENSSL_SRP |
||||
- const enum CURL_TLSAUTH ssl_authtype = SSL_SET_OPTION(authtype); |
||||
+ const enum CURL_TLSAUTH ssl_authtype = SSL_SET_OPTION(primary.authtype); |
||||
#endif |
||||
char * const ssl_cert = SSL_SET_OPTION(primary.clientcert); |
||||
const struct curl_blob *ssl_cert_blob = SSL_SET_OPTION(primary.cert_blob); |
||||
@@ -2554,7 +2554,7 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data, |
||||
const char * const ssl_cafile = SSL_CONN_CONFIG(CAfile); |
||||
const char * const ssl_capath = SSL_CONN_CONFIG(CApath); |
||||
const bool verifypeer = SSL_CONN_CONFIG(verifypeer); |
||||
- const char * const ssl_crlfile = SSL_SET_OPTION(CRLfile); |
||||
+ const char * const ssl_crlfile = SSL_SET_OPTION(primary.CRLfile); |
||||
char error_buffer[256]; |
||||
struct ssl_backend_data *backend = connssl->backend; |
||||
bool imported_native_ca = false; |
||||
@@ -2859,15 +2859,15 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data, |
||||
#ifdef USE_OPENSSL_SRP |
||||
if((ssl_authtype == CURL_TLSAUTH_SRP) && |
||||
Curl_allow_auth_to_host(data)) { |
||||
- char * const ssl_username = SSL_SET_OPTION(username); |
||||
- |
||||
+ char * const ssl_username = SSL_SET_OPTION(primary.username); |
||||
+ char * const ssl_password = SSL_SET_OPTION(primary.password); |
||||
infof(data, "Using TLS-SRP username: %s\n", ssl_username); |
||||
|
||||
if(!SSL_CTX_set_srp_username(backend->ctx, ssl_username)) { |
||||
failf(data, "Unable to set SRP user name"); |
||||
return CURLE_BAD_FUNCTION_ARGUMENT; |
||||
} |
||||
- if(!SSL_CTX_set_srp_password(backend->ctx, SSL_SET_OPTION(password))) { |
||||
+ if(!SSL_CTX_set_srp_password(backend->ctx, ssl_password)) { |
||||
failf(data, "failed setting SRP password"); |
||||
return CURLE_BAD_FUNCTION_ARGUMENT; |
||||
} |
||||
diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c |
||||
index a40ac06..e2d3438 100644 |
||||
--- a/lib/vtls/vtls.c |
||||
+++ b/lib/vtls/vtls.c |
||||
@@ -132,6 +132,7 @@ Curl_ssl_config_matches(struct ssl_primary_config *data, |
||||
{ |
||||
if((data->version == needle->version) && |
||||
(data->version_max == needle->version_max) && |
||||
+ (data->ssl_options == needle->ssl_options) && |
||||
(data->verifypeer == needle->verifypeer) && |
||||
(data->verifyhost == needle->verifyhost) && |
||||
(data->verifystatus == needle->verifystatus) && |
||||
@@ -143,9 +144,15 @@ Curl_ssl_config_matches(struct ssl_primary_config *data, |
||||
Curl_safecmp(data->clientcert, needle->clientcert) && |
||||
Curl_safecmp(data->random_file, needle->random_file) && |
||||
Curl_safecmp(data->egdsocket, needle->egdsocket) && |
||||
+#ifdef USE_TLS_SRP |
||||
+ Curl_safecmp(data->username, needle->username) && |
||||
+ Curl_safecmp(data->password, needle->password) && |
||||
+ (data->authtype == needle->authtype) && |
||||
+#endif |
||||
Curl_safe_strcasecompare(data->cipher_list, needle->cipher_list) && |
||||
Curl_safe_strcasecompare(data->cipher_list13, needle->cipher_list13) && |
||||
Curl_safe_strcasecompare(data->curves, needle->curves) && |
||||
+ Curl_safe_strcasecompare(data->CRLfile, needle->CRLfile) && |
||||
Curl_safe_strcasecompare(data->pinned_key, needle->pinned_key)) |
||||
return TRUE; |
||||
|
||||
@@ -162,6 +169,10 @@ Curl_clone_primary_ssl_config(struct ssl_primary_config *source, |
||||
dest->verifyhost = source->verifyhost; |
||||
dest->verifystatus = source->verifystatus; |
||||
dest->sessionid = source->sessionid; |
||||
+ dest->ssl_options = source->ssl_options; |
||||
+#ifdef USE_TLS_SRP |
||||
+ dest->authtype = source->authtype; |
||||
+#endif |
||||
|
||||
CLONE_BLOB(cert_blob); |
||||
CLONE_BLOB(issuercert_blob); |
||||
@@ -175,6 +186,11 @@ Curl_clone_primary_ssl_config(struct ssl_primary_config *source, |
||||
CLONE_STRING(cipher_list13); |
||||
CLONE_STRING(pinned_key); |
||||
CLONE_STRING(curves); |
||||
+ CLONE_STRING(CRLfile); |
||||
+#ifdef USE_TLS_SRP |
||||
+ CLONE_STRING(username); |
||||
+ CLONE_STRING(password); |
||||
+#endif |
||||
|
||||
return TRUE; |
||||
} |
||||
@@ -193,6 +209,11 @@ void Curl_free_primary_ssl_config(struct ssl_primary_config *sslc) |
||||
Curl_safefree(sslc->cert_blob); |
||||
Curl_safefree(sslc->issuercert_blob); |
||||
Curl_safefree(sslc->curves); |
||||
+ Curl_safefree(sslc->CRLfile); |
||||
+#ifdef USE_TLS_SRP |
||||
+ Curl_safefree(sslc->username); |
||||
+ Curl_safefree(sslc->password); |
||||
+#endif |
||||
} |
||||
|
||||
#ifdef USE_SSL |
||||
-- |
||||
2.34.1 |
||||
|
||||
|
||||
From 5e9832048b30492e02dd222cd8bfe997e03cffa1 Mon Sep 17 00:00:00 2001 |
||||
From: Daniel Stenberg <daniel@haxx.se> |
||||
Date: Mon, 9 May 2022 23:13:53 +0200 |
||||
Subject: [PATCH 3/3] url: check SSH config match on connection reuse |
||||
|
||||
CVE-2022-27782 |
||||
|
||||
Reported-by: Harry Sintonen |
||||
Bug: https://curl.se/docs/CVE-2022-27782.html |
||||
Closes #8825 |
||||
|
||||
Upstream-commit: 1645e9b44505abd5cbaf65da5282c3f33b5924a5 |
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com> |
||||
--- |
||||
lib/url.c | 11 +++++++++++ |
||||
lib/vssh/ssh.h | 6 +++--- |
||||
2 files changed, 14 insertions(+), 3 deletions(-) |
||||
|
||||
diff --git a/lib/url.c b/lib/url.c |
||||
index 5ebf5e2..c713e54 100644 |
||||
--- a/lib/url.c |
||||
+++ b/lib/url.c |
||||
@@ -1073,6 +1073,12 @@ static void prune_dead_connections(struct Curl_easy *data) |
||||
} |
||||
} |
||||
|
||||
+static bool ssh_config_matches(struct connectdata *one, |
||||
+ struct connectdata *two) |
||||
+{ |
||||
+ return (Curl_safecmp(one->proto.sshc.rsa, two->proto.sshc.rsa) && |
||||
+ Curl_safecmp(one->proto.sshc.rsa_pub, two->proto.sshc.rsa_pub)); |
||||
+} |
||||
/* |
||||
* Given one filled in connection struct (named needle), this function should |
||||
* detect if there already is one that has all the significant details |
||||
@@ -1319,6 +1325,11 @@ ConnectionExists(struct Curl_easy *data, |
||||
} |
||||
} |
||||
|
||||
+ if(get_protocol_family(needle->handler) == PROTO_FAMILY_SSH) { |
||||
+ if(!ssh_config_matches(needle, check)) |
||||
+ continue; |
||||
+ } |
||||
+ |
||||
if((needle->handler->flags&PROTOPT_SSL) |
||||
#ifndef CURL_DISABLE_PROXY |
||||
|| !needle->bits.httpproxy || needle->bits.tunnel_proxy |
||||
diff --git a/lib/vssh/ssh.h b/lib/vssh/ssh.h |
||||
index 7972081..30d82e5 100644 |
||||
--- a/lib/vssh/ssh.h |
||||
+++ b/lib/vssh/ssh.h |
||||
@@ -7,7 +7,7 @@ |
||||
* | (__| |_| | _ <| |___ |
||||
* \___|\___/|_| \_\_____| |
||||
* |
||||
- * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. |
||||
+ * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. |
||||
* |
||||
* This software is licensed as described in the file COPYING, which |
||||
* you should have received as part of this distribution. The terms |
||||
@@ -131,8 +131,8 @@ struct ssh_conn { |
||||
|
||||
/* common */ |
||||
const char *passphrase; /* pass-phrase to use */ |
||||
- char *rsa_pub; /* path name */ |
||||
- char *rsa; /* path name */ |
||||
+ char *rsa_pub; /* strdup'ed public key file */ |
||||
+ char *rsa; /* strdup'ed private key file */ |
||||
bool authed; /* the connection has been authenticated fine */ |
||||
bool acceptfail; /* used by the SFTP_QUOTE (continue if |
||||
quote command fails) */ |
||||
-- |
||||
2.34.1 |
||||
|
@ -0,0 +1,101 @@
@@ -0,0 +1,101 @@
|
||||
From 85a8c0e9992cee271145ecf009f60b9bee9b7a60 Mon Sep 17 00:00:00 2001 |
||||
From: Kamil Dudka <kdudka@redhat.com> |
||||
Date: Wed, 15 Sep 2021 09:59:14 +0200 |
||||
Subject: [PATCH] tests/sshserver.pl: make it work with openssh-8.7p1 |
||||
|
||||
... by not using options with no argument where an argument is required: |
||||
|
||||
=== Start of file tests/log/ssh_server.log |
||||
curl_sshd_config line 6: no argument after keyword "DenyGroups" |
||||
curl_sshd_config line 7: no argument after keyword "AllowGroups" |
||||
curl_sshd_config line 10: Deprecated option AuthorizedKeysFile2 |
||||
curl_sshd_config line 29: Deprecated option KeyRegenerationInterval |
||||
curl_sshd_config line 39: Deprecated option RhostsRSAAuthentication |
||||
curl_sshd_config line 40: Deprecated option RSAAuthentication |
||||
curl_sshd_config line 41: Deprecated option ServerKeyBits |
||||
curl_sshd_config line 45: Deprecated option UseLogin |
||||
curl_sshd_config line 56: no argument after keyword "AcceptEnv" |
||||
curl_sshd_config: terminating, 3 bad configuration options |
||||
=== End of file tests/log/ssh_server.log |
||||
|
||||
=== Start of file log/sftp_server.log |
||||
curl_sftp_config line 33: Unsupported option "rhostsrsaauthentication" |
||||
curl_sftp_config line 34: Unsupported option "rsaauthentication" |
||||
curl_sftp_config line 52: no argument after keyword "sendenv" |
||||
curl_sftp_config: terminating, 1 bad configuration options |
||||
Connection closed. |
||||
Connection closed |
||||
=== End of file log/sftp_server.log |
||||
|
||||
Closes #7724 |
||||
|
||||
Upstream-commit: ab78d2c679dfb37b27e89f42ad050c3153fa7513 |
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com> |
||||
--- |
||||
tests/sshserver.pl | 14 -------------- |
||||
1 file changed, 14 deletions(-) |
||||
|
||||
diff --git a/tests/sshserver.pl b/tests/sshserver.pl |
||||
index 9441939..2afaace 100644 |
||||
--- a/tests/sshserver.pl |
||||
+++ b/tests/sshserver.pl |
||||
@@ -428,9 +428,7 @@ if ($sshdid =~ /OpenSSH-Windows/) { |
||||
# ssh daemon configuration file options we might use and version support |
||||
# |
||||
# AFSTokenPassing : OpenSSH 1.2.1 and later [1] |
||||
-# AcceptEnv : OpenSSH 3.9.0 and later |
||||
# AddressFamily : OpenSSH 4.0.0 and later |
||||
-# AllowGroups : OpenSSH 1.2.1 and later |
||||
# AllowTcpForwarding : OpenSSH 2.3.0 and later |
||||
# AllowUsers : OpenSSH 1.2.1 and later |
||||
# AuthorizedKeysFile : OpenSSH 2.9.9 and later |
||||
@@ -441,7 +439,6 @@ if ($sshdid =~ /OpenSSH-Windows/) { |
||||
# ClientAliveCountMax : OpenSSH 2.9.0 and later |
||||
# ClientAliveInterval : OpenSSH 2.9.0 and later |
||||
# Compression : OpenSSH 3.3.0 and later |
||||
-# DenyGroups : OpenSSH 1.2.1 and later |
||||
# DenyUsers : OpenSSH 1.2.1 and later |
||||
# ForceCommand : OpenSSH 4.4.0 and later [3] |
||||
# GatewayPorts : OpenSSH 2.1.0 and later |
||||
@@ -534,9 +531,6 @@ if ($sshdid =~ /OpenSSH-Windows/) { |
||||
push @cfgarr, "AllowUsers $username"; |
||||
} |
||||
|
||||
-push @cfgarr, 'DenyGroups'; |
||||
-push @cfgarr, 'AllowGroups'; |
||||
-push @cfgarr, '#'; |
||||
push @cfgarr, "AuthorizedKeysFile $clipubkeyf_config"; |
||||
push @cfgarr, "AuthorizedKeysFile2 $clipubkeyf_config"; |
||||
push @cfgarr, "HostKey $hstprvkeyf_config"; |
||||
@@ -684,9 +678,6 @@ push @cfgarr, '#'; |
||||
#*************************************************************************** |
||||
# Options that might be supported or not in sshd OpenSSH 2.9.9 and later |
||||
# |
||||
-if(sshd_supports_opt('AcceptEnv','')) { |
||||
- push @cfgarr, 'AcceptEnv'; |
||||
-} |
||||
if(sshd_supports_opt('AddressFamily','any')) { |
||||
# Address family must be specified before ListenAddress |
||||
splice @cfgarr, 14, 0, 'AddressFamily any'; |
||||
@@ -873,7 +864,6 @@ if ($sshdid =~ /OpenSSH-Windows/) { |
||||
# RemoteForward : OpenSSH 1.2.1 and later [3] |
||||
# RhostsRSAAuthentication : OpenSSH 1.2.1 and later |
||||
# RSAAuthentication : OpenSSH 1.2.1 and later |
||||
-# SendEnv : OpenSSH 3.9.0 and later |
||||
# ServerAliveCountMax : OpenSSH 3.8.0 and later |
||||
# ServerAliveInterval : OpenSSH 3.8.0 and later |
||||
# SmartcardDevice : OpenSSH 2.9.9 and later [1][3] |
||||
@@ -1028,10 +1018,6 @@ if((($sshid =~ /OpenSSH/) && ($sshvernum >= 370)) || |
||||
push @cfgarr, 'RekeyLimit 1G'; |
||||
} |
||||
|
||||
-if(($sshid =~ /OpenSSH/) && ($sshvernum >= 390)) { |
||||
- push @cfgarr, 'SendEnv'; |
||||
-} |
||||
- |
||||
if((($sshid =~ /OpenSSH/) && ($sshvernum >= 380)) || |
||||
(($sshid =~ /SunSSH/) && ($sshvernum >= 120))) { |
||||
push @cfgarr, 'ServerAliveCountMax 3'; |
||||
-- |
||||
2.34.1 |
||||
|
@ -0,0 +1,70 @@
@@ -0,0 +1,70 @@
|
||||
From d36661703e16bd740a3a928041b1e697a6617b98 Mon Sep 17 00:00:00 2001 |
||||
From: Daniel Stenberg <daniel@haxx.se> |
||||
Date: Thu, 9 Jun 2022 09:27:24 +0200 |
||||
Subject: [PATCH] krb5: return error properly on decode errors |
||||
|
||||
Bug: https://curl.se/docs/CVE-2022-32208.html |
||||
CVE-2022-32208 |
||||
Reported-by: Harry Sintonen |
||||
Closes #9051 |
||||
|
||||
Upstream-commit: 6ecdf5136b52af747e7bda08db9a748256b1cd09 |
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com> |
||||
--- |
||||
lib/krb5.c | 18 +++++++++++------- |
||||
1 file changed, 11 insertions(+), 7 deletions(-) |
||||
|
||||
diff --git a/lib/krb5.c b/lib/krb5.c |
||||
index 787137c..6f9e1f7 100644 |
||||
--- a/lib/krb5.c |
||||
+++ b/lib/krb5.c |
||||
@@ -146,11 +146,8 @@ krb5_decode(void *app_data, void *buf, int len, |
||||
enc.value = buf; |
||||
enc.length = len; |
||||
maj = gss_unwrap(&min, *context, &enc, &dec, NULL, NULL); |
||||
- if(maj != GSS_S_COMPLETE) { |
||||
- if(len >= 4) |
||||
- strcpy(buf, "599 "); |
||||
+ if(maj != GSS_S_COMPLETE) |
||||
return -1; |
||||
- } |
||||
|
||||
memcpy(buf, dec.value, dec.length); |
||||
len = curlx_uztosi(dec.length); |
||||
@@ -523,6 +520,7 @@ static CURLcode read_data(struct connectdata *conn, |
||||
{ |
||||
int len; |
||||
CURLcode result; |
||||
+ int nread; |
||||
|
||||
result = socket_read(fd, &len, sizeof(len)); |
||||
if(result) |
||||
@@ -531,7 +529,10 @@ static CURLcode read_data(struct connectdata *conn, |
||||
if(len) { |
||||
/* only realloc if there was a length */ |
||||
len = ntohl(len); |
||||
- buf->data = Curl_saferealloc(buf->data, len); |
||||
+ if(len > CURL_MAX_INPUT_LENGTH) |
||||
+ len = 0; |
||||
+ else |
||||
+ buf->data = Curl_saferealloc(buf->data, len); |
||||
} |
||||
if(!len || !buf->data) |
||||
return CURLE_OUT_OF_MEMORY; |
||||
@@ -539,8 +540,11 @@ static CURLcode read_data(struct connectdata *conn, |
||||
result = socket_read(fd, buf->data, len); |
||||
if(result) |
||||
return result; |
||||
- buf->size = conn->mech->decode(conn->app_data, buf->data, len, |
||||
- conn->data_prot, conn); |
||||
+ nread = conn->mech->decode(conn->app_data, buf->data, len, |
||||
+ conn->data_prot, conn); |
||||
+ if(nread < 0) |
||||
+ return CURLE_RECV_ERROR; |
||||
+ buf->size = (size_t)nread; |
||||
buf->index = 0; |
||||
return CURLE_OK; |
||||
} |
||||
-- |
||||
2.35.3 |
||||
|
@ -0,0 +1,143 @@
@@ -0,0 +1,143 @@
|
||||
From 24dedf9b260eebb7feae6fc273208b551fe54a79 Mon Sep 17 00:00:00 2001 |
||||
From: Daniel Stenberg <daniel@haxx.se> |
||||
Date: Mon, 16 May 2022 16:28:13 +0200 |
||||
Subject: [PATCH 1/2] content_encoding: return error on too many compression |
||||
steps |
||||
|
||||
The max allowed steps is arbitrarily set to 5. |
||||
|
||||
Bug: https://curl.se/docs/CVE-2022-32206.html |
||||
CVE-2022-32206 |
||||
Reported-by: Harry Sintonen |
||||
Closes #9049 |
||||
|
||||
Upstream-commit: 3a09fbb7f264c67c438d01a30669ce325aa508e2 |
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com> |
||||
--- |
||||
lib/content_encoding.c | 9 +++++++++ |
||||
1 file changed, 9 insertions(+) |
||||
|
||||
diff --git a/lib/content_encoding.c b/lib/content_encoding.c |
||||
index c03637a..6f994b3 100644 |
||||
--- a/lib/content_encoding.c |
||||
+++ b/lib/content_encoding.c |
||||
@@ -1024,12 +1024,16 @@ static const struct content_encoding *find_encoding(const char *name, |
||||
return NULL; |
||||
} |
||||
|
||||
+/* allow no more than 5 "chained" compression steps */ |
||||
+#define MAX_ENCODE_STACK 5 |
||||
+ |
||||
/* Set-up the unencoding stack from the Content-Encoding header value. |
||||
* See RFC 7231 section 3.1.2.2. */ |
||||
CURLcode Curl_build_unencoding_stack(struct Curl_easy *data, |
||||
const char *enclist, int maybechunked) |
||||
{ |
||||
struct SingleRequest *k = &data->req; |
||||
+ int counter = 0; |
||||
|
||||
do { |
||||
const char *name; |
||||
@@ -1064,6 +1068,11 @@ CURLcode Curl_build_unencoding_stack(struct Curl_easy *data, |
||||
if(!encoding) |
||||
encoding = &error_encoding; /* Defer error at stack use. */ |
||||
|
||||
+ if(++counter >= MAX_ENCODE_STACK) { |
||||
+ failf(data, "Reject response due to %u content encodings", |
||||
+ counter); |
||||
+ return CURLE_BAD_CONTENT_ENCODING; |
||||
+ } |
||||
/* Stack the unencoding stage. */ |
||||
writer = new_unencoding_writer(data, encoding, k->writer_stack); |
||||
if(!writer) |
||||
-- |
||||
2.35.3 |
||||
|
||||
|
||||
From b3cd74f01871281f0989860e04c546d896f0e72f Mon Sep 17 00:00:00 2001 |
||||
From: Daniel Stenberg <daniel@haxx.se> |
||||
Date: Mon, 16 May 2022 16:29:07 +0200 |
||||
Subject: [PATCH 2/2] test387: verify rejection of compression chain attack |
||||
|
||||
Upstream-commit: 7230b19a2e17a164f61f82e4e409a9777ea2421a |
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com> |
||||
--- |
||||
tests/data/Makefile.inc | 1 + |
||||
tests/data/test387 | 53 +++++++++++++++++++++++++++++++++++++++++ |
||||
2 files changed, 54 insertions(+) |
||||
create mode 100644 tests/data/test387 |
||||
|
||||
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc |
||||
index 98d5516..9b5f4fb 100644 |
||||
--- a/tests/data/Makefile.inc |
||||
+++ b/tests/data/Makefile.inc |
||||
@@ -62,6 +62,7 @@ test343 test344 test345 test346 test347 test348 test349 test350 test351 \ |
||||
test352 test353 test354 test355 test356 test357 test358 test359 test360 \ |
||||
test361 test362 \ |
||||
\ |
||||
+test387 \ |
||||
test393 test394 test395 test396 test397 \ |
||||
\ |
||||
test400 test401 test402 test403 test404 test405 test406 test407 test408 \ |
||||
diff --git a/tests/data/test387 b/tests/data/test387 |
||||
new file mode 100644 |
||||
index 0000000..015ec25 |
||||
--- /dev/null |
||||
+++ b/tests/data/test387 |
||||
@@ -0,0 +1,53 @@ |
||||
+<testcase> |
||||
+<info> |
||||
+<keywords> |
||||
+HTTP |
||||
+gzip |
||||
+</keywords> |
||||
+</info> |
||||
+ |
||||
+# |
||||
+# Server-side |
||||
+<reply> |
||||
+<data nocheck="yes"> |
||||
+HTTP/1.1 200 OK |
||||
+Transfer-Encoding: gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip,gzip |
||||
+ |
||||
+-foo- |
||||
+</data> |
||||
+</reply> |
||||
+ |
||||
+# |
||||
+# Client-side |
||||
+<client> |
||||
+<server> |
||||
+http |
||||
+</server> |
||||
+ <name> |
||||
+Response with overly long compression chain |
||||
+ </name> |
||||
+ <command> |
||||
+http://%HOSTIP:%HTTPPORT/%TESTNUMBER -sS |
||||
+</command> |
||||
+</client> |
||||
+ |
||||
+# |
||||
+# Verify data after the test has been "shot" |
||||
+<verify> |
||||
+<protocol> |
||||
+GET /%TESTNUMBER HTTP/1.1 |
||||
+Host: %HOSTIP:%HTTPPORT |
||||
+User-Agent: curl/%VERSION |
||||
+Accept: */* |
||||
+ |
||||
+</protocol> |
||||
+ |
||||
+# CURLE_BAD_CONTENT_ENCODING is 61 |
||||
+<errorcode> |
||||
+61 |
||||
+</errorcode> |
||||
+<stderr mode="text"> |
||||
+curl: (61) Reject response due to 5 content encodings |
||||
+</stderr> |
||||
+</verify> |
||||
+</testcase> |
||||
-- |
||||
2.35.3 |
||||
|
@ -0,0 +1,425 @@
@@ -0,0 +1,425 @@
|
||||
From 36b47377c2d1a8d141d1ef810102748f27384f5c Mon Sep 17 00:00:00 2001 |
||||
From: Daniel Stenberg <daniel@haxx.se> |
||||
Date: Wed, 25 May 2022 10:09:53 +0200 |
||||
Subject: [PATCH 1/3] fopen: add Curl_fopen() for better overwriting of files |
||||
|
||||
Bug: https://curl.se/docs/CVE-2022-32207.html |
||||
CVE-2022-32207 |
||||
Reported-by: Harry Sintonen |
||||
Closes #9050 |
||||
|
||||
Upstream-commit: 20f9dd6bae50b7223171b17ba7798946e74f877f |
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com> |
||||
--- |
||||
CMakeLists.txt | 1 + |
||||
configure.ac | 1 + |
||||
lib/Makefile.inc | 2 + |
||||
lib/cookie.c | 17 ++---- |
||||
lib/curl_config.h.cmake | 3 ++ |
||||
lib/fopen.c | 113 ++++++++++++++++++++++++++++++++++++++++ |
||||
lib/fopen.h | 30 +++++++++++ |
||||
7 files changed, 154 insertions(+), 13 deletions(-) |
||||
create mode 100644 lib/fopen.c |
||||
create mode 100644 lib/fopen.h |
||||
|
||||
diff --git a/CMakeLists.txt b/CMakeLists.txt |
||||
index b77de6d..a0bfaad 100644 |
||||
--- a/CMakeLists.txt |
||||
+++ b/CMakeLists.txt |
||||
@@ -982,6 +982,7 @@ elseif(HAVE_LIBSOCKET) |
||||
set(CMAKE_REQUIRED_LIBRARIES socket) |
||||
endif() |
||||
|
||||
+check_symbol_exists(fchmod "${CURL_INCLUDES}" HAVE_FCHMOD) |
||||
check_symbol_exists(basename "${CURL_INCLUDES}" HAVE_BASENAME) |
||||
check_symbol_exists(socket "${CURL_INCLUDES}" HAVE_SOCKET) |
||||
check_symbol_exists(select "${CURL_INCLUDES}" HAVE_SELECT) |
||||
diff --git a/configure.ac b/configure.ac |
||||
index d431870..7433bb9 100644 |
||||
--- a/configure.ac |
||||
+++ b/configure.ac |
||||
@@ -4516,6 +4516,7 @@ AC_CHECK_DECLS([getpwuid_r], [], [AC_DEFINE(HAVE_DECL_GETPWUID_R_MISSING, 1, "Se |
||||
|
||||
|
||||
AC_CHECK_FUNCS([fnmatch \ |
||||
+ fchmod \ |
||||
geteuid \ |
||||
getpass_r \ |
||||
getppid \ |
||||
diff --git a/lib/Makefile.inc b/lib/Makefile.inc |
||||
index e8f110f..5139b03 100644 |
||||
--- a/lib/Makefile.inc |
||||
+++ b/lib/Makefile.inc |
||||
@@ -130,6 +130,7 @@ LIB_CFILES = \ |
||||
escape.c \ |
||||
file.c \ |
||||
fileinfo.c \ |
||||
+ fopen.c \ |
||||
formdata.c \ |
||||
ftp.c \ |
||||
ftplistparser.c \ |
||||
@@ -261,6 +262,7 @@ LIB_HFILES = \ |
||||
escape.h \ |
||||
file.h \ |
||||
fileinfo.h \ |
||||
+ fopen.h \ |
||||
formdata.h \ |
||||
ftp.h \ |
||||
ftplistparser.h \ |
||||
diff --git a/lib/cookie.c b/lib/cookie.c |
||||
index 8a6aa1a..cb0c03b 100644 |
||||
--- a/lib/cookie.c |
||||
+++ b/lib/cookie.c |
||||
@@ -97,8 +97,8 @@ Example set of cookies: |
||||
#include "curl_memrchr.h" |
||||
#include "inet_pton.h" |
||||
#include "parsedate.h" |
||||
-#include "rand.h" |
||||
#include "rename.h" |
||||
+#include "fopen.h" |
||||
|
||||
/* The last 3 #include files should be in this order */ |
||||
#include "curl_printf.h" |
||||
@@ -1537,17 +1537,8 @@ static int cookie_output(struct Curl_easy *data, |
||||
use_stdout = TRUE; |
||||
} |
||||
else { |
||||
- unsigned char randsuffix[9]; |
||||
- |
||||
- if(Curl_rand_hex(data, randsuffix, sizeof(randsuffix))) |
||||
- return 2; |
||||
- |
||||
- tempstore = aprintf("%s.%s.tmp", filename, randsuffix); |
||||
- if(!tempstore) |
||||
- return 1; |
||||
- |
||||
- out = fopen(tempstore, FOPEN_WRITETEXT); |
||||
- if(!out) |
||||
+ error = Curl_fopen(data, filename, &out, &tempstore); |
||||
+ if(error) |
||||
goto error; |
||||
} |
||||
|
||||
@@ -1594,7 +1585,7 @@ static int cookie_output(struct Curl_easy *data, |
||||
if(!use_stdout) { |
||||
fclose(out); |
||||
out = NULL; |
||||
- if(Curl_rename(tempstore, filename)) { |
||||
+ if(tempstore && Curl_rename(tempstore, filename)) { |
||||
unlink(tempstore); |
||||
goto error; |
||||
} |
||||
diff --git a/lib/curl_config.h.cmake b/lib/curl_config.h.cmake |
||||
index d2a0f43..c254359 100644 |
||||
--- a/lib/curl_config.h.cmake |
||||
+++ b/lib/curl_config.h.cmake |
||||
@@ -148,6 +148,9 @@ |
||||
/* Define to 1 if you have the <assert.h> header file. */ |
||||
#cmakedefine HAVE_ASSERT_H 1 |
||||
|
||||
+/* Define to 1 if you have the `fchmod' function. */ |
||||
+#cmakedefine HAVE_FCHMOD 1 |
||||
+ |
||||
/* Define to 1 if you have the `basename' function. */ |
||||
#cmakedefine HAVE_BASENAME 1 |
||||
|
||||
diff --git a/lib/fopen.c b/lib/fopen.c |
||||
new file mode 100644 |
||||
index 0000000..ad3691b |
||||
--- /dev/null |
||||
+++ b/lib/fopen.c |
||||
@@ -0,0 +1,113 @@ |
||||
+/*************************************************************************** |
||||
+ * _ _ ____ _ |
||||
+ * Project ___| | | | _ \| | |
||||
+ * / __| | | | |_) | | |
||||
+ * | (__| |_| | _ <| |___ |
||||
+ * \___|\___/|_| \_\_____| |
||||
+ * |
||||
+ * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. |
||||
+ * |
||||
+ * This software is licensed as described in the file COPYING, which |
||||
+ * you should have received as part of this distribution. The terms |
||||
+ * are also available at https://curl.se/docs/copyright.html. |
||||
+ * |
||||
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell |
||||
+ * copies of the Software, and permit persons to whom the Software is |
||||
+ * furnished to do so, under the terms of the COPYING file. |
||||
+ * |
||||
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY |
||||
+ * KIND, either express or implied. |
||||
+ * |
||||
+ * SPDX-License-Identifier: curl |
||||
+ * |
||||
+ ***************************************************************************/ |
||||
+ |
||||
+#include "curl_setup.h" |
||||
+ |
||||
+#if !defined(CURL_DISABLE_COOKIES) || !defined(CURL_DISABLE_ALTSVC) || \ |
||||
+ defined(USE_HSTS) |
||||
+ |
||||
+#ifdef HAVE_FCNTL_H |
||||
+#include <fcntl.h> |
||||
+#endif |
||||
+ |
||||
+#include "urldata.h" |
||||
+#include "rand.h" |
||||
+#include "fopen.h" |
||||
+/* The last 3 #include files should be in this order */ |
||||
+#include "curl_printf.h" |
||||
+#include "curl_memory.h" |
||||
+#include "memdebug.h" |
||||
+ |
||||
+/* |
||||
+ * Curl_fopen() opens a file for writing with a temp name, to be renamed |
||||
+ * to the final name when completed. If there is an existing file using this |
||||
+ * name at the time of the open, this function will clone the mode from that |
||||
+ * file. if 'tempname' is non-NULL, it needs a rename after the file is |
||||
+ * written. |
||||
+ */ |
||||
+CURLcode Curl_fopen(struct Curl_easy *data, const char *filename, |
||||
+ FILE **fh, char **tempname) |
||||
+{ |
||||
+ CURLcode result = CURLE_WRITE_ERROR; |
||||
+ unsigned char randsuffix[9]; |
||||
+ char *tempstore = NULL; |
||||
+ struct_stat sb; |
||||
+ int fd = -1; |
||||
+ *tempname = NULL; |
||||
+ |
||||
+ if(stat(filename, &sb) == -1 || !S_ISREG(sb.st_mode)) { |
||||
+ /* a non-regular file, fallback to direct fopen() */ |
||||
+ *fh = fopen(filename, FOPEN_WRITETEXT); |
||||
+ if(*fh) |
||||
+ return CURLE_OK; |
||||
+ goto fail; |
||||
+ } |
||||
+ |
||||
+ result = Curl_rand_hex(data, randsuffix, sizeof(randsuffix)); |
||||
+ if(result) |
||||
+ goto fail; |
||||
+ |
||||
+ tempstore = aprintf("%s.%s.tmp", filename, randsuffix); |
||||
+ if(!tempstore) { |
||||
+ result = CURLE_OUT_OF_MEMORY; |
||||
+ goto fail; |
||||
+ } |
||||
+ |
||||
+ result = CURLE_WRITE_ERROR; |
||||
+ fd = open(tempstore, O_WRONLY | O_CREAT | O_EXCL, 0600); |
||||
+ if(fd == -1) |
||||
+ goto fail; |
||||
+ |
||||
+#ifdef HAVE_FCHMOD |
||||
+ { |
||||
+ struct_stat nsb; |
||||
+ if((fstat(fd, &nsb) != -1) && |
||||
+ (nsb.st_uid == sb.st_uid) && (nsb.st_gid == sb.st_gid)) { |
||||
+ /* if the user and group are the same, clone the original mode */ |
||||
+ if(fchmod(fd, sb.st_mode) == -1) |
||||
+ goto fail; |
||||
+ } |
||||
+ } |
||||
+#endif |
||||
+ |
||||
+ *fh = fdopen(fd, FOPEN_WRITETEXT); |
||||
+ if(!*fh) |
||||
+ goto fail; |
||||
+ |
||||
+ *tempname = tempstore; |
||||
+ return CURLE_OK; |
||||
+ |
||||
+fail: |
||||
+ if(fd != -1) { |
||||
+ close(fd); |
||||
+ unlink(tempstore); |
||||
+ } |
||||
+ |
||||
+ free(tempstore); |
||||
+ |
||||
+ *tempname = NULL; |
||||
+ return result; |
||||
+} |
||||
+ |
||||
+#endif /* ! disabled */ |
||||
diff --git a/lib/fopen.h b/lib/fopen.h |
||||
new file mode 100644 |
||||
index 0000000..289e55f |
||||
--- /dev/null |
||||
+++ b/lib/fopen.h |
||||
@@ -0,0 +1,30 @@ |
||||
+#ifndef HEADER_CURL_FOPEN_H |
||||
+#define HEADER_CURL_FOPEN_H |
||||
+/*************************************************************************** |
||||
+ * _ _ ____ _ |
||||
+ * Project ___| | | | _ \| | |
||||
+ * / __| | | | |_) | | |
||||
+ * | (__| |_| | _ <| |___ |
||||
+ * \___|\___/|_| \_\_____| |
||||
+ * |
||||
+ * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. |
||||
+ * |
||||
+ * This software is licensed as described in the file COPYING, which |
||||
+ * you should have received as part of this distribution. The terms |
||||
+ * are also available at https://curl.se/docs/copyright.html. |
||||
+ * |
||||
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell |
||||
+ * copies of the Software, and permit persons to whom the Software is |
||||
+ * furnished to do so, under the terms of the COPYING file. |
||||
+ * |
||||
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY |
||||
+ * KIND, either express or implied. |
||||
+ * |
||||
+ * SPDX-License-Identifier: curl |
||||
+ * |
||||
+ ***************************************************************************/ |
||||
+ |
||||
+CURLcode Curl_fopen(struct Curl_easy *data, const char *filename, |
||||
+ FILE **fh, char **tempname); |
||||
+ |
||||
+#endif |
||||
-- |
||||
2.35.3 |
||||
|
||||
|
||||
From bd7af48238b058e9b46fdf2e1333b355920c341c Mon Sep 17 00:00:00 2001 |
||||
From: Daniel Stenberg <daniel@haxx.se> |
||||
Date: Wed, 25 May 2022 10:09:53 +0200 |
||||
Subject: [PATCH 2/3] altsvc: use Curl_fopen() |
||||
|
||||
Upstream-commit: fab970a5d19c1faa2052239ec1e2602b892cbeb2 |
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com> |
||||
--- |
||||
lib/altsvc.c | 22 ++++++---------------- |
||||
1 file changed, 6 insertions(+), 16 deletions(-) |
||||
|
||||
diff --git a/lib/altsvc.c b/lib/altsvc.c |
||||
index 242733b..4dc4078 100644 |
||||
--- a/lib/altsvc.c |
||||
+++ b/lib/altsvc.c |
||||
@@ -34,7 +34,7 @@ |
||||
#include "parsedate.h" |
||||
#include "sendf.h" |
||||
#include "warnless.h" |
||||
-#include "rand.h" |
||||
+#include "fopen.h" |
||||
#include "rename.h" |
||||
|
||||
/* The last 3 #include files should be in this order */ |
||||
@@ -329,8 +329,7 @@ CURLcode Curl_altsvc_save(struct Curl_easy *data, |
||||
struct Curl_llist_element *n; |
||||
CURLcode result = CURLE_OK; |
||||
FILE *out; |
||||
- char *tempstore; |
||||
- unsigned char randsuffix[9]; |
||||
+ char *tempstore = NULL; |
||||
|
||||
if(!altsvc) |
||||
/* no cache activated */ |
||||
@@ -344,17 +343,8 @@ CURLcode Curl_altsvc_save(struct Curl_easy *data, |
||||
/* marked as read-only, no file or zero length file name */ |
||||
return CURLE_OK; |
||||
|
||||
- if(Curl_rand_hex(data, randsuffix, sizeof(randsuffix))) |
||||
- return CURLE_FAILED_INIT; |
||||
- |
||||
- tempstore = aprintf("%s.%s.tmp", file, randsuffix); |
||||
- if(!tempstore) |
||||
- return CURLE_OUT_OF_MEMORY; |
||||
- |
||||
- out = fopen(tempstore, FOPEN_WRITETEXT); |
||||
- if(!out) |
||||
- result = CURLE_WRITE_ERROR; |
||||
- else { |
||||
+ result = Curl_fopen(data, file, &out, &tempstore); |
||||
+ if(!result) { |
||||
fputs("# Your alt-svc cache. https://curl.se/docs/alt-svc.html\n" |
||||
"# This file was generated by libcurl! Edit at your own risk.\n", |
||||
out); |
||||
@@ -366,10 +356,10 @@ CURLcode Curl_altsvc_save(struct Curl_easy *data, |
||||
break; |
||||
} |
||||
fclose(out); |
||||
- if(!result && Curl_rename(tempstore, file)) |
||||
+ if(!result && tempstore && Curl_rename(tempstore, file)) |
||||
result = CURLE_WRITE_ERROR; |
||||
|
||||
- if(result) |
||||
+ if(result && tempstore) |
||||
unlink(tempstore); |
||||
} |
||||
free(tempstore); |
||||
-- |
||||
2.35.3 |
||||
|
||||
|
||||
From 2011622a36fa715f38277422241e77e25dfdf0d0 Mon Sep 17 00:00:00 2001 |
||||
From: Daniel Stenberg <daniel@haxx.se> |
||||
Date: Wed, 25 May 2022 10:09:54 +0200 |
||||
Subject: [PATCH 3/3] hsts: use Curl_fopen() |
||||
|
||||
Upstream-commit: d64115d7bb8ae4c136b620912da523c063f1d2ee |
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com> |
||||
--- |
||||
lib/hsts.c | 22 ++++++---------------- |
||||
1 file changed, 6 insertions(+), 16 deletions(-) |
||||
|
||||
diff --git a/lib/hsts.c b/lib/hsts.c |
||||
index b9fa6f7..9d54c82 100644 |
||||
--- a/lib/hsts.c |
||||
+++ b/lib/hsts.c |
||||
@@ -35,7 +35,7 @@ |
||||
#include "sendf.h" |
||||
#include "strtoofft.h" |
||||
#include "parsedate.h" |
||||
-#include "rand.h" |
||||
+#include "fopen.h" |
||||
#include "rename.h" |
||||
|
||||
/* The last 3 #include files should be in this order */ |
||||
@@ -316,8 +316,7 @@ CURLcode Curl_hsts_save(struct Curl_easy *data, struct hsts *h, |
||||
struct Curl_llist_element *n; |
||||
CURLcode result = CURLE_OK; |
||||
FILE *out; |
||||
- char *tempstore; |
||||
- unsigned char randsuffix[9]; |
||||
+ char *tempstore = NULL; |
||||
|
||||
if(!h) |
||||
/* no cache activated */ |
||||
@@ -331,17 +330,8 @@ CURLcode Curl_hsts_save(struct Curl_easy *data, struct hsts *h, |
||||
/* marked as read-only, no file or zero length file name */ |
||||
goto skipsave; |
||||
|
||||
- if(Curl_rand_hex(data, randsuffix, sizeof(randsuffix))) |
||||
- return CURLE_FAILED_INIT; |
||||
- |
||||
- tempstore = aprintf("%s.%s.tmp", file, randsuffix); |
||||
- if(!tempstore) |
||||
- return CURLE_OUT_OF_MEMORY; |
||||
- |
||||
- out = fopen(tempstore, FOPEN_WRITETEXT); |
||||
- if(!out) |
||||
- result = CURLE_WRITE_ERROR; |
||||
- else { |
||||
+ result = Curl_fopen(data, file, &out, &tempstore); |
||||
+ if(!result) { |
||||
fputs("# Your HSTS cache. https://curl.se/docs/hsts.html\n" |
||||
"# This file was generated by libcurl! Edit at your own risk.\n", |
||||
out); |
||||
@@ -353,10 +343,10 @@ CURLcode Curl_hsts_save(struct Curl_easy *data, struct hsts *h, |
||||
break; |
||||
} |
||||
fclose(out); |
||||
- if(!result && Curl_rename(tempstore, file)) |
||||
+ if(!result && tempstore && Curl_rename(tempstore, file)) |
||||
result = CURLE_WRITE_ERROR; |
||||
|
||||
- if(result) |
||||
+ if(result && tempstore) |
||||
unlink(tempstore); |
||||
} |
||||
free(tempstore); |
||||
-- |
||||
2.35.3 |
||||
|
@ -0,0 +1,186 @@
@@ -0,0 +1,186 @@
|
||||
From c2acc48854be9f8590e57a7b44b649fb8537bed4 Mon Sep 17 00:00:00 2001 |
||||
From: Daniel Stenberg <daniel@haxx.se> |
||||
Date: Tue, 4 May 2021 16:14:13 +0200 |
||||
Subject: [PATCH] openldap: replace ldap_ prefix on private functions |
||||
MIME-Version: 1.0 |
||||
Content-Type: text/plain; charset=UTF-8 |
||||
Content-Transfer-Encoding: 8bit |
||||
|
||||
Since openldap itself uses that prefix and with OpenĹDAP 2.5.4 (at |
||||
least) there's a symbol collision because of that. |
||||
|
||||
The private functions now use the 'oldap_' prefix where it previously |
||||
used 'ldap_'. |
||||
|
||||
Reported-by: 3eka on github |
||||
Fixes #7004 |
||||
Closes #7005 |
||||
|
||||
Upstream-commit: 8bdde6b14ce3b5fd71c772a578fcbd4b6fa6df19 |
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com> |
||||
--- |
||||
lib/openldap.c | 67 +++++++++++++++++++++++++------------------------- |
||||
1 file changed, 34 insertions(+), 33 deletions(-) |
||||
|
||||
diff --git a/lib/openldap.c b/lib/openldap.c |
||||
index b515554..5a32c74 100644 |
||||
--- a/lib/openldap.c |
||||
+++ b/lib/openldap.c |
||||
@@ -76,16 +76,16 @@ extern int ldap_init_fd(ber_socket_t fd, int proto, const char *url, |
||||
LDAP **ld); |
||||
#endif |
||||
|
||||
-static CURLcode ldap_setup_connection(struct Curl_easy *data, |
||||
- struct connectdata *conn); |
||||
-static CURLcode ldap_do(struct Curl_easy *data, bool *done); |
||||
-static CURLcode ldap_done(struct Curl_easy *data, CURLcode, bool); |
||||
-static CURLcode ldap_connect(struct Curl_easy *data, bool *done); |
||||
-static CURLcode ldap_connecting(struct Curl_easy *data, bool *done); |
||||
-static CURLcode ldap_disconnect(struct Curl_easy *data, |
||||
- struct connectdata *conn, bool dead); |
||||
+static CURLcode oldap_setup_connection(struct Curl_easy *data, |
||||
+ struct connectdata *conn); |
||||
+static CURLcode oldap_do(struct Curl_easy *data, bool *done); |
||||
+static CURLcode oldap_done(struct Curl_easy *data, CURLcode, bool); |
||||
+static CURLcode oldap_connect(struct Curl_easy *data, bool *done); |
||||
+static CURLcode oldap_connecting(struct Curl_easy *data, bool *done); |
||||
+static CURLcode oldap_disconnect(struct Curl_easy *data, |
||||
+ struct connectdata *conn, bool dead); |
||||
|
||||
-static Curl_recv ldap_recv; |
||||
+static Curl_recv oldap_recv; |
||||
|
||||
/* |
||||
* LDAP protocol handler. |
||||
@@ -93,18 +93,18 @@ static Curl_recv ldap_recv; |
||||
|
||||
const struct Curl_handler Curl_handler_ldap = { |
||||
"LDAP", /* scheme */ |
||||
- ldap_setup_connection, /* setup_connection */ |
||||
- ldap_do, /* do_it */ |
||||
- ldap_done, /* done */ |
||||
+ oldap_setup_connection, /* setup_connection */ |
||||
+ oldap_do, /* do_it */ |
||||
+ oldap_done, /* done */ |
||||
ZERO_NULL, /* do_more */ |
||||
- ldap_connect, /* connect_it */ |
||||
- ldap_connecting, /* connecting */ |
||||
+ oldap_connect, /* connect_it */ |
||||
+ oldap_connecting, /* connecting */ |
||||
ZERO_NULL, /* doing */ |
||||
ZERO_NULL, /* proto_getsock */ |
||||
ZERO_NULL, /* doing_getsock */ |
||||
ZERO_NULL, /* domore_getsock */ |
||||
ZERO_NULL, /* perform_getsock */ |
||||
- ldap_disconnect, /* disconnect */ |
||||
+ oldap_disconnect, /* disconnect */ |
||||
ZERO_NULL, /* readwrite */ |
||||
ZERO_NULL, /* connection_check */ |
||||
ZERO_NULL, /* attach connection */ |
||||
@@ -121,18 +121,18 @@ const struct Curl_handler Curl_handler_ldap = { |
||||
|
||||
const struct Curl_handler Curl_handler_ldaps = { |
||||
"LDAPS", /* scheme */ |
||||
- ldap_setup_connection, /* setup_connection */ |
||||
- ldap_do, /* do_it */ |
||||
- ldap_done, /* done */ |
||||
+ oldap_setup_connection, /* setup_connection */ |
||||
+ oldap_do, /* do_it */ |
||||
+ oldap_done, /* done */ |
||||
ZERO_NULL, /* do_more */ |
||||
- ldap_connect, /* connect_it */ |
||||
- ldap_connecting, /* connecting */ |
||||
+ oldap_connect, /* connect_it */ |
||||
+ oldap_connecting, /* connecting */ |
||||
ZERO_NULL, /* doing */ |
||||
ZERO_NULL, /* proto_getsock */ |
||||
ZERO_NULL, /* doing_getsock */ |
||||
ZERO_NULL, /* domore_getsock */ |
||||
ZERO_NULL, /* perform_getsock */ |
||||
- ldap_disconnect, /* disconnect */ |
||||
+ oldap_disconnect, /* disconnect */ |
||||
ZERO_NULL, /* readwrite */ |
||||
ZERO_NULL, /* connection_check */ |
||||
ZERO_NULL, /* attach connection */ |
||||
@@ -173,8 +173,8 @@ struct ldapreqinfo { |
||||
int nument; |
||||
}; |
||||
|
||||
-static CURLcode ldap_setup_connection(struct Curl_easy *data, |
||||
- struct connectdata *conn) |
||||
+static CURLcode oldap_setup_connection(struct Curl_easy *data, |
||||
+ struct connectdata *conn) |
||||
{ |
||||
struct ldapconninfo *li; |
||||
LDAPURLDesc *lud; |
||||
@@ -209,7 +209,7 @@ static CURLcode ldap_setup_connection(struct Curl_easy *data, |
||||
static Sockbuf_IO ldapsb_tls; |
||||
#endif |
||||
|
||||
-static CURLcode ldap_connect(struct Curl_easy *data, bool *done) |
||||
+static CURLcode oldap_connect(struct Curl_easy *data, bool *done) |
||||
{ |
||||
struct connectdata *conn = data->conn; |
||||
struct ldapconninfo *li = conn->proto.ldapc; |
||||
@@ -257,7 +257,7 @@ static CURLcode ldap_connect(struct Curl_easy *data, bool *done) |
||||
return CURLE_OK; |
||||
} |
||||
|
||||
-static CURLcode ldap_connecting(struct Curl_easy *data, bool *done) |
||||
+static CURLcode oldap_connecting(struct Curl_easy *data, bool *done) |
||||
{ |
||||
struct connectdata *conn = data->conn; |
||||
struct ldapconninfo *li = conn->proto.ldapc; |
||||
@@ -356,14 +356,15 @@ static CURLcode ldap_connecting(struct Curl_easy *data, bool *done) |
||||
|
||||
if(info) |
||||
ldap_memfree(info); |
||||
- conn->recv[FIRSTSOCKET] = ldap_recv; |
||||
+ conn->recv[FIRSTSOCKET] = oldap_recv; |
||||
*done = TRUE; |
||||
|
||||
return CURLE_OK; |
||||
} |
||||
|
||||
-static CURLcode ldap_disconnect(struct Curl_easy *data, |
||||
- struct connectdata *conn, bool dead_connection) |
||||
+static CURLcode oldap_disconnect(struct Curl_easy *data, |
||||
+ struct connectdata *conn, |
||||
+ bool dead_connection) |
||||
{ |
||||
struct ldapconninfo *li = conn->proto.ldapc; |
||||
(void) dead_connection; |
||||
@@ -384,7 +385,7 @@ static CURLcode ldap_disconnect(struct Curl_easy *data, |
||||
return CURLE_OK; |
||||
} |
||||
|
||||
-static CURLcode ldap_do(struct Curl_easy *data, bool *done) |
||||
+static CURLcode oldap_do(struct Curl_easy *data, bool *done) |
||||
{ |
||||
struct connectdata *conn = data->conn; |
||||
struct ldapconninfo *li = conn->proto.ldapc; |
||||
@@ -429,8 +430,8 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done) |
||||
return CURLE_OK; |
||||
} |
||||
|
||||
-static CURLcode ldap_done(struct Curl_easy *data, CURLcode res, |
||||
- bool premature) |
||||
+static CURLcode oldap_done(struct Curl_easy *data, CURLcode res, |
||||
+ bool premature) |
||||
{ |
||||
struct connectdata *conn = data->conn; |
||||
struct ldapreqinfo *lr = data->req.p.ldap; |
||||
@@ -452,8 +453,8 @@ static CURLcode ldap_done(struct Curl_easy *data, CURLcode res, |
||||
return CURLE_OK; |
||||
} |
||||
|
||||
-static ssize_t ldap_recv(struct Curl_easy *data, int sockindex, char *buf, |
||||
- size_t len, CURLcode *err) |
||||
+static ssize_t oldap_recv(struct Curl_easy *data, int sockindex, char *buf, |
||||
+ size_t len, CURLcode *err) |
||||
{ |
||||
struct connectdata *conn = data->conn; |
||||
struct ldapconninfo *li = conn->proto.ldapc; |
||||
-- |
||||
2.35.3 |
||||
|
@ -0,0 +1,251 @@
@@ -0,0 +1,251 @@
|
||||
From 08a53016db649bdf4f65c42a9704d35e052be7eb Mon Sep 17 00:00:00 2001 |
||||
From: Daniel Stenberg <daniel@haxx.se> |
||||
Date: Thu, 15 Sep 2022 09:22:45 +0200 |
||||
Subject: [PATCH 1/2] setopt: when POST is set, reset the 'upload' field |
||||
|
||||
Reported-by: RobBotic1 on github |
||||
Fixes #9507 |
||||
Closes #9511 |
||||
|
||||
Upstream-commit: a64e3e59938abd7d667e4470a18072a24d7e9de9 |
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com> |
||||
--- |
||||
lib/setopt.c | 1 + |
||||
1 file changed, 1 insertion(+) |
||||
|
||||
diff --git a/lib/setopt.c b/lib/setopt.c |
||||
index d5e3b50..b8793b4 100644 |
||||
--- a/lib/setopt.c |
||||
+++ b/lib/setopt.c |
||||
@@ -628,6 +628,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) |
||||
} |
||||
else |
||||
data->set.method = HTTPREQ_GET; |
||||
+ data->set.upload = FALSE; |
||||
break; |
||||
|
||||
case CURLOPT_HTTPPOST: |
||||
-- |
||||
2.37.3 |
||||
|
||||
|
||||
From a5e36349807b98d31a16bd220f6434289465e16a Mon Sep 17 00:00:00 2001 |
||||
From: Daniel Stenberg <daniel@haxx.se> |
||||
Date: Thu, 15 Sep 2022 09:23:33 +0200 |
||||
Subject: [PATCH 2/2] test1948: verify PUT + POST reusing the same handle |
||||
|
||||
Reproduced #9507, verifies the fix |
||||
|
||||
Upstream-commit: 1edb15925e350be3b891f8a8de86600b22c0bb20 |
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com> |
||||
--- |
||||
tests/data/Makefile.inc | 1 + |
||||
tests/data/test1948 | 73 +++++++++++++++++++++++++++++++++++ |
||||
tests/libtest/Makefile.inc | 5 +++ |
||||
tests/libtest/lib1948.c | 79 ++++++++++++++++++++++++++++++++++++++ |
||||
4 files changed, 158 insertions(+) |
||||
create mode 100644 tests/data/test1948 |
||||
create mode 100644 tests/libtest/lib1948.c |
||||
|
||||
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc |
||||
index 818ee08..0cfab9b 100644 |
||||
--- a/tests/data/Makefile.inc |
||||
+++ b/tests/data/Makefile.inc |
||||
@@ -217,6 +217,7 @@ test1908 test1909 test1910 test1911 test1912 test1913 test1914 test1915 \ |
||||
test1916 test1917 test1918 \ |
||||
\ |
||||
test1933 test1934 test1935 test1936 \ |
||||
+test1948 \ |
||||
\ |
||||
test2000 test2001 test2002 test2003 test2004 test2005 test2006 test2007 \ |
||||
test2008 test2009 test2010 test2011 test2012 test2013 test2014 test2015 \ |
||||
diff --git a/tests/data/test1948 b/tests/data/test1948 |
||||
new file mode 100644 |
||||
index 0000000..639523d |
||||
--- /dev/null |
||||
+++ b/tests/data/test1948 |
||||
@@ -0,0 +1,73 @@ |
||||
+<testcase> |
||||
+<info> |
||||
+<keywords> |
||||
+HTTP |
||||
+HTTP POST |
||||
+HTTP PUT |
||||
+</keywords> |
||||
+</info> |
||||
+ |
||||
+# Server-side |
||||
+<reply> |
||||
+<data> |
||||
+HTTP/1.1 200 OK |
||||
+Date: Thu, 01 Nov 2001 14:49:00 GMT |
||||
+Content-Type: text/html |
||||
+Content-Length: 6 |
||||
+ |
||||
+hello |
||||
+</data> |
||||
+<datacheck> |
||||
+HTTP/1.1 200 OK |
||||
+Date: Thu, 01 Nov 2001 14:49:00 GMT |
||||
+Content-Type: text/html |
||||
+Content-Length: 6 |
||||
+ |
||||
+hello |
||||
+HTTP/1.1 200 OK |
||||
+Date: Thu, 01 Nov 2001 14:49:00 GMT |
||||
+Content-Type: text/html |
||||
+Content-Length: 6 |
||||
+ |
||||
+hello |
||||
+</datacheck> |
||||
+</reply> |
||||
+ |
||||
+# Client-side |
||||
+<client> |
||||
+<server> |
||||
+http |
||||
+</server> |
||||
+ |
||||
+<name> |
||||
+CURLOPT_POST after CURLOPT_UPLOAD reusing handle |
||||
+</name> |
||||
+<tool> |
||||
+lib%TESTNUMBER |
||||
+</tool> |
||||
+ |
||||
+<command> |
||||
+http://%HOSTIP:%HTTPPORT/%TESTNUMBER |
||||
+</command> |
||||
+</client> |
||||
+ |
||||
+# Verify data after the test has been "shot" |
||||
+<verify> |
||||
+<protocol> |
||||
+PUT /%TESTNUMBER HTTP/1.1 |
||||
+Host: %HOSTIP:%HTTPPORT |
||||
+Accept: */* |
||||
+Content-Length: 22 |
||||
+Expect: 100-continue |
||||
+ |
||||
+This is test PUT data |
||||
+POST /1948 HTTP/1.1 |
||||
+Host: %HOSTIP:%HTTPPORT |
||||
+Accept: */* |
||||
+Content-Length: 22 |
||||
+Content-Type: application/x-www-form-urlencoded |
||||
+ |
||||
+This is test PUT data |
||||
+</protocol> |
||||
+</verify> |
||||
+</testcase> |
||||
diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc |
||||
index 83a8af4..3192eca 100644 |
||||
--- a/tests/libtest/Makefile.inc |
||||
+++ b/tests/libtest/Makefile.inc |
||||
@@ -61,6 +61,7 @@ noinst_PROGRAMS = chkhostname libauthretry libntlmconnect \ |
||||
lib1591 lib1592 lib1593 lib1594 lib1596 \ |
||||
lib1905 lib1906 lib1907 lib1908 lib1910 lib1911 lib1912 lib1913 \ |
||||
lib1915 lib1916 lib1917 lib1918 lib1933 lib1934 lib1935 lib1936 \ |
||||
+ lib1948 \ |
||||
lib3010 |
||||
|
||||
chkdecimalpoint_SOURCES = chkdecimalpoint.c ../../lib/mprintf.c \ |
||||
@@ -690,6 +691,10 @@ lib1936_SOURCES = lib1936.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) |
||||
lib1936_LDADD = $(TESTUTIL_LIBS) |
||||
lib1936_CPPFLAGS = $(AM_CPPFLAGS) |
||||
|
||||
+lib1948_SOURCES = lib1948.c $(SUPPORTFILES) |
||||
+lib1948_LDADD = $(TESTUTIL_LIBS) |
||||
+lib1948_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1948 |
||||
+ |
||||
lib3010_SOURCES = lib3010.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) |
||||
lib3010_LDADD = $(TESTUTIL_LIBS) |
||||
lib3010_CPPFLAGS = $(AM_CPPFLAGS) |
||||
diff --git a/tests/libtest/lib1948.c b/tests/libtest/lib1948.c |
||||
new file mode 100644 |
||||
index 0000000..7c891a2 |
||||
--- /dev/null |
||||
+++ b/tests/libtest/lib1948.c |
||||
@@ -0,0 +1,79 @@ |
||||
+/*************************************************************************** |
||||
+ * _ _ ____ _ |
||||
+ * Project ___| | | | _ \| | |
||||
+ * / __| | | | |_) | | |
||||
+ * | (__| |_| | _ <| |___ |
||||
+ * \___|\___/|_| \_\_____| |
||||
+ * |
||||
+ * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. |
||||
+ * |
||||
+ * This software is licensed as described in the file COPYING, which |
||||
+ * you should have received as part of this distribution. The terms |
||||
+ * are also available at https://curl.haxx.se/docs/copyright.html. |
||||
+ * |
||||
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell |
||||
+ * copies of the Software, and permit persons to whom the Software is |
||||
+ * furnished to do so, under the terms of the COPYING file. |
||||
+ * |
||||
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY |
||||
+ * KIND, either express or implied. |
||||
+ * |
||||
+ * SPDX-License-Identifier: curl |
||||
+ * |
||||
+ ***************************************************************************/ |
||||
+ |
||||
+#include "test.h" |
||||
+ |
||||
+typedef struct |
||||
+{ |
||||
+ char *buf; |
||||
+ size_t len; |
||||
+} put_buffer; |
||||
+ |
||||
+static size_t put_callback(char *ptr, size_t size, size_t nmemb, void *stream) |
||||
+{ |
||||
+ put_buffer *putdata = (put_buffer *)stream; |
||||
+ size_t totalsize = size * nmemb; |
||||
+ size_t tocopy = (putdata->len < totalsize) ? putdata->len : totalsize; |
||||
+ memcpy(ptr, putdata->buf, tocopy); |
||||
+ putdata->len -= tocopy; |
||||
+ putdata->buf += tocopy; |
||||
+ return tocopy; |
||||
+} |
||||
+ |
||||
+int test(char *URL) |
||||
+{ |
||||
+ CURL *curl; |
||||
+ CURLcode res = CURLE_OUT_OF_MEMORY; |
||||
+ |
||||
+ curl_global_init(CURL_GLOBAL_DEFAULT); |
||||
+ |
||||
+ curl = curl_easy_init(); |
||||
+ if(curl) { |
||||
+ const char *testput = "This is test PUT data\n"; |
||||
+ put_buffer pbuf; |
||||
+ |
||||
+ /* PUT */ |
||||
+ curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L); |
||||
+ curl_easy_setopt(curl, CURLOPT_HEADER, 1L); |
||||
+ curl_easy_setopt(curl, CURLOPT_READFUNCTION, put_callback); |
||||
+ pbuf.buf = (char *)testput; |
||||
+ pbuf.len = strlen(testput); |
||||
+ curl_easy_setopt(curl, CURLOPT_READDATA, &pbuf); |
||||
+ curl_easy_setopt(curl, CURLOPT_INFILESIZE, (long)strlen(testput)); |
||||
+ res = curl_easy_setopt(curl, CURLOPT_URL, URL); |
||||
+ if(!res) |
||||
+ res = curl_easy_perform(curl); |
||||
+ if(!res) { |
||||
+ /* POST */ |
||||
+ curl_easy_setopt(curl, CURLOPT_POST, 1L); |
||||
+ curl_easy_setopt(curl, CURLOPT_POSTFIELDS, testput); |
||||
+ curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, (long)strlen(testput)); |
||||
+ res = curl_easy_perform(curl); |
||||
+ } |
||||
+ curl_easy_cleanup(curl); |
||||
+ } |
||||
+ |
||||
+ curl_global_cleanup(); |
||||
+ return (int)res; |
||||
+} |
||||
-- |
||||
2.37.3 |
||||
|
@ -0,0 +1,91 @@
@@ -0,0 +1,91 @@
|
||||
From 2a4754a3a7cf60ecc36d83cbe50b8c337cb87632 Mon Sep 17 00:00:00 2001 |
||||
From: Kamil Dudka <kdudka@redhat.com> |
||||
Date: Fri, 12 Apr 2013 12:04:05 +0200 |
||||
Subject: [PATCH] prevent multilib conflicts on the curl-config script |
||||
|
||||
--- |
||||
curl-config.in | 23 +++++------------------ |
||||
docs/curl-config.1 | 4 +++- |
||||
libcurl.pc.in | 1 + |
||||
3 files changed, 9 insertions(+), 19 deletions(-) |
||||
|
||||
diff --git a/curl-config.in b/curl-config.in |
||||
index 150004d..95d0759 100644 |
||||
--- a/curl-config.in |
||||
+++ b/curl-config.in |
||||
@@ -76,7 +76,7 @@ while test $# -gt 0; do |
||||
;; |
||||
|
||||
--cc) |
||||
- echo "@CC@" |
||||
+ echo "gcc" |
||||
;; |
||||
|
||||
--prefix) |
||||
@@ -155,32 +155,19 @@ while test $# -gt 0; do |
||||
;; |
||||
|
||||
--libs) |
||||
- if test "X@libdir@" != "X/usr/lib" -a "X@libdir@" != "X/usr/lib64"; then |
||||
- CURLLIBDIR="-L@libdir@ " |
||||
- else |
||||
- CURLLIBDIR="" |
||||
- fi |
||||
- if test "X@ENABLE_SHARED@" = "Xno"; then |
||||
- echo ${CURLLIBDIR}-lcurl @LIBCURL_LIBS@ |
||||
- else |
||||
- echo ${CURLLIBDIR}-lcurl |
||||
- fi |
||||
+ echo -lcurl |
||||
;; |
||||
--ssl-backends) |
||||
echo "@SSL_BACKENDS@" |
||||
;; |
||||
|
||||
--static-libs) |
||||
- if test "X@ENABLE_STATIC@" != "Xno" ; then |
||||
- echo @libdir@/libcurl.@libext@ @LDFLAGS@ @LIBCURL_LIBS@ |
||||
- else |
||||
- echo "curl was built with static libraries disabled" >&2 |
||||
- exit 1 |
||||
- fi |
||||
+ echo "curl was built with static libraries disabled" >&2 |
||||
+ exit 1 |
||||
;; |
||||
|
||||
--configure) |
||||
- echo @CONFIGURE_OPTIONS@ |
||||
+ pkg-config libcurl --variable=configure_options | sed 's/^"//;s/"$//' |
||||
;; |
||||
|
||||
*) |
||||
diff --git a/docs/curl-config.1 b/docs/curl-config.1 |
||||
index 14a9d2b..ffcc004 100644 |
||||
--- a/docs/curl-config.1 |
||||
+++ b/docs/curl-config.1 |
||||
@@ -70,7 +70,9 @@ no, one or several names. If more than one name, they will appear |
||||
comma-separated. (Added in 7.58.0) |
||||
.IP "--static-libs" |
||||
Shows the complete set of libs and other linker options you will need in order |
||||
-to link your application with libcurl statically. (Added in 7.17.1) |
||||
+to link your application with libcurl statically. Note that Fedora/RHEL libcurl |
||||
+packages do not provide any static libraries, thus cannot be linked statically. |
||||
+(Added in 7.17.1) |
||||
.IP "--version" |
||||
Outputs version information about the installed libcurl. |
||||
.IP "--vernum" |
||||
diff --git a/libcurl.pc.in b/libcurl.pc.in |
||||
index 2ba9c39..f8f8b00 100644 |
||||
--- a/libcurl.pc.in |
||||
+++ b/libcurl.pc.in |
||||
@@ -29,6 +29,7 @@ libdir=@libdir@ |
||||
includedir=@includedir@ |
||||
supported_protocols="@SUPPORT_PROTOCOLS@" |
||||
supported_features="@SUPPORT_FEATURES@" |
||||
+configure_options=@CONFIGURE_OPTIONS@ |
||||
|
||||
Name: libcurl |
||||
URL: https://curl.se/ |
||||
-- |
||||
2.26.2 |
||||
|
@ -0,0 +1,61 @@
@@ -0,0 +1,61 @@
|
||||
From 3602ee9dcc74683f91fe4f9ca228aa17a6474403 Mon Sep 17 00:00:00 2001 |
||||
From: Kamil Dudka <kdudka@redhat.com> |
||||
Date: Wed, 31 Oct 2012 11:38:30 +0100 |
||||
Subject: [PATCH] prevent configure script from discarding -g in CFLAGS |
||||
(#496778) |
||||
|
||||
--- |
||||
m4/curl-compilers.m4 | 26 ++++++-------------------- |
||||
1 file changed, 6 insertions(+), 20 deletions(-) |
||||
|
||||
diff --git a/m4/curl-compilers.m4 b/m4/curl-compilers.m4 |
||||
index c64db4bc6..d115a4aed 100644 |
||||
--- a/m4/curl-compilers.m4 |
||||
+++ b/m4/curl-compilers.m4 |
||||
@@ -106,18 +106,11 @@ AC_DEFUN([CURL_CHECK_COMPILER_CLANG], [ |
||||
clangvhi=`echo $clangver | cut -d . -f1` |
||||
clangvlo=`echo $clangver | cut -d . -f2` |
||||
compiler_num=`(expr $clangvhi "*" 100 + $clangvlo) 2>/dev/null` |
||||
- flags_dbg_all="-g -g0 -g1 -g2 -g3" |
||||
- flags_dbg_all="$flags_dbg_all -ggdb" |
||||
- flags_dbg_all="$flags_dbg_all -gstabs" |
||||
- flags_dbg_all="$flags_dbg_all -gstabs+" |
||||
- flags_dbg_all="$flags_dbg_all -gcoff" |
||||
- flags_dbg_all="$flags_dbg_all -gxcoff" |
||||
- flags_dbg_all="$flags_dbg_all -gdwarf-2" |
||||
- flags_dbg_all="$flags_dbg_all -gvms" |
||||
+ flags_dbg_all="" |
||||
flags_dbg_yes="-g" |
||||
flags_dbg_off="" |
||||
- flags_opt_all="-O -O0 -O1 -O2 -Os -O3 -O4" |
||||
- flags_opt_yes="-Os" |
||||
+ flags_opt_all="" |
||||
+ flags_opt_yes="" |
||||
flags_opt_off="-O0" |
||||
else |
||||
AC_MSG_RESULT([no]) |
||||
@@ -175,18 +168,11 @@ AC_DEFUN([CURL_CHECK_COMPILER_GNU_C], [ |
||||
gccvhi=`echo $gccver | cut -d . -f1` |
||||
gccvlo=`echo $gccver | cut -d . -f2` |
||||
compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null` |
||||
- flags_dbg_all="-g -g0 -g1 -g2 -g3" |
||||
- flags_dbg_all="$flags_dbg_all -ggdb" |
||||
- flags_dbg_all="$flags_dbg_all -gstabs" |
||||
- flags_dbg_all="$flags_dbg_all -gstabs+" |
||||
- flags_dbg_all="$flags_dbg_all -gcoff" |
||||
- flags_dbg_all="$flags_dbg_all -gxcoff" |
||||
- flags_dbg_all="$flags_dbg_all -gdwarf-2" |
||||
- flags_dbg_all="$flags_dbg_all -gvms" |
||||
+ flags_dbg_all="" |
||||
flags_dbg_yes="-g" |
||||
flags_dbg_off="" |
||||
- flags_opt_all="-O -O0 -O1 -O2 -O3 -Os -Og -Ofast" |
||||
- flags_opt_yes="-O2" |
||||
+ flags_opt_all="" |
||||
+ flags_opt_yes="" |
||||
flags_opt_off="-O0" |
||||
CURL_CHECK_DEF([_WIN32], [], [silent]) |
||||
else |
||||
-- |
||||
1.7.1 |
||||
|
@ -0,0 +1,39 @@
@@ -0,0 +1,39 @@
|
||||
From f55cca0e86f59ec11ffafd5c0503c39ca3723e2e Mon Sep 17 00:00:00 2001 |
||||
From: Kamil Dudka <kdudka@redhat.com> |
||||
Date: Mon, 4 Feb 2019 17:32:56 +0100 |
||||
Subject: [PATCH] libtest: compile lib1560.c with -fno-builtin-strcmp |
||||
|
||||
... to prevent valgrind from reporting false positives on x86_64: |
||||
|
||||
Conditional jump or move depends on uninitialised value(s) |
||||
at 0x10BCAA: part2id (lib1560.c:489) |
||||
by 0x10BCAA: updateurl (lib1560.c:521) |
||||
by 0x10BCAA: set_parts (lib1560.c:630) |
||||
by 0x10BCAA: test (lib1560.c:802) |
||||
by 0x4923412: (below main) (in /usr/lib64/libc-2.28.9000.so) |
||||
|
||||
Conditional jump or move depends on uninitialised value(s) |
||||
at 0x10BCC3: part2id (lib1560.c:491) |
||||
by 0x10BCC3: updateurl (lib1560.c:521) |
||||
by 0x10BCC3: set_parts (lib1560.c:630) |
||||
by 0x10BCC3: test (lib1560.c:802) |
||||
by 0x4923412: (below main) (in /usr/lib64/libc-2.28.9000.so) |
||||
--- |
||||
tests/libtest/Makefile.inc | 1 + |
||||
1 file changed, 1 insertion(+) |
||||
|
||||
diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc |
||||
index 080421b..ea3b806 100644 |
||||
--- a/tests/libtest/Makefile.inc |
||||
+++ b/tests/libtest/Makefile.inc |
||||
@@ -593,6 +593,7 @@ lib1559_SOURCES = lib1559.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) |
||||
lib1559_LDADD = $(TESTUTIL_LIBS) |
||||
|
||||
lib1560_SOURCES = lib1560.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) |
||||
+lib1560_CFLAGS = $(AM_CFLAGS) -fno-builtin-strcmp |
||||
lib1560_LDADD = $(TESTUTIL_LIBS) |
||||
|
||||
lib1564_SOURCES = lib1564.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) |
||||
-- |
||||
2.17.2 |
||||
|
Loading…
Reference in new issue