diff options
Diffstat (limited to 'meta/recipes-support/curl/curl/CVE-2022-27774-3.patch')
-rw-r--r-- | meta/recipes-support/curl/curl/CVE-2022-27774-3.patch | 83 |
1 files changed, 83 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2022-27774-3.patch b/meta/recipes-support/curl/curl/CVE-2022-27774-3.patch new file mode 100644 index 0000000000..a585f6a8fa --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2022-27774-3.patch | |||
@@ -0,0 +1,83 @@ | |||
1 | From 5dccf21ad49eed925e8f76b0cb844877239ce23d Mon Sep 17 00:00:00 2001 | ||
2 | From: Daniel Stenberg <daniel@haxx.se> | ||
3 | Date: Mon, 25 Apr 2022 17:59:15 +0200 | ||
4 | Subject: [PATCH] openssl: don't leak the SRP credentials in redirects either | ||
5 | |||
6 | Follow-up to 620ea21410030 | ||
7 | |||
8 | Reported-by: Harry Sintonen | ||
9 | Closes #8751 | ||
10 | |||
11 | Upstream-Status: Backport [https://github.com/curl/curl/commit/139a54ed0a172adaaf1a78d6f4fff50b2c3f9e08] | ||
12 | Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> | ||
13 | --- | ||
14 | lib/http.c | 10 +++++----- | ||
15 | lib/http.h | 6 ++++++ | ||
16 | lib/vtls/openssl.c | 3 ++- | ||
17 | 3 files changed, 13 insertions(+), 6 deletions(-) | ||
18 | |||
19 | diff --git a/lib/http.c b/lib/http.c | ||
20 | index 8b16c09..5291c07 100644 | ||
21 | --- a/lib/http.c | ||
22 | +++ b/lib/http.c | ||
23 | @@ -732,10 +732,10 @@ output_auth_headers(struct connectdata *conn, | ||
24 | } | ||
25 | |||
26 | /* | ||
27 | - * allow_auth_to_host() tells if autentication, cookies or other "sensitive | ||
28 | - * data" can (still) be sent to this host. | ||
29 | + * Curl_allow_auth_to_host() tells if authentication, cookies or other | ||
30 | + * "sensitive data" can (still) be sent to this host. | ||
31 | */ | ||
32 | -static bool allow_auth_to_host(struct Curl_easy *data) | ||
33 | +bool Curl_allow_auth_to_host(struct Curl_easy *data) | ||
34 | { | ||
35 | struct connectdata *conn = data->conn; | ||
36 | return (!data->state.this_is_a_follow || | ||
37 | @@ -816,7 +816,7 @@ Curl_http_output_auth(struct connectdata *conn, | ||
38 | |||
39 | /* To prevent the user+password to get sent to other than the original host | ||
40 | due to a location-follow */ | ||
41 | - if(allow_auth_to_host(data) | ||
42 | + if(Curl_allow_auth_to_host(data) | ||
43 | || conn->bits.netrc | ||
44 | ) | ||
45 | result = output_auth_headers(conn, authhost, request, path, FALSE); | ||
46 | @@ -1891,7 +1891,7 @@ CURLcode Curl_add_custom_headers(struct connectdata *conn, | ||
47 | checkprefix("Cookie:", compare)) && | ||
48 | /* be careful of sending this potentially sensitive header to | ||
49 | other hosts */ | ||
50 | - !allow_auth_to_host(data)) | ||
51 | + !Curl_allow_auth_to_host(data)) | ||
52 | ; | ||
53 | else { | ||
54 | result = Curl_add_bufferf(&req_buffer, "%s\r\n", compare); | ||
55 | diff --git a/lib/http.h b/lib/http.h | ||
56 | index 4c1825f..4fbae1d 100644 | ||
57 | --- a/lib/http.h | ||
58 | +++ b/lib/http.h | ||
59 | @@ -273,4 +273,10 @@ Curl_http_output_auth(struct connectdata *conn, | ||
60 | bool proxytunnel); /* TRUE if this is the request setting | ||
61 | up the proxy tunnel */ | ||
62 | |||
63 | +/* | ||
64 | + * Curl_allow_auth_to_host() tells if authentication, cookies or other | ||
65 | + * "sensitive data" can (still) be sent to this host. | ||
66 | + */ | ||
67 | +bool Curl_allow_auth_to_host(struct Curl_easy *data); | ||
68 | + | ||
69 | #endif /* HEADER_CURL_HTTP_H */ | ||
70 | diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c | ||
71 | index 006a8c8..a14cecc 100644 | ||
72 | --- a/lib/vtls/openssl.c | ||
73 | +++ b/lib/vtls/openssl.c | ||
74 | @@ -2739,7 +2739,8 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex) | ||
75 | #endif | ||
76 | |||
77 | #ifdef USE_TLS_SRP | ||
78 | - if(ssl_authtype == CURL_TLSAUTH_SRP) { | ||
79 | + if((ssl_authtype == CURL_TLSAUTH_SRP) && | ||
80 | + Curl_allow_auth_to_host(data)) { | ||
81 | char * const ssl_username = SSL_SET_OPTION(username); | ||
82 | |||
83 | infof(data, "Using TLS-SRP username: %s\n", ssl_username); | ||