diff options
Diffstat (limited to 'meta/recipes-support/curl/curl/CVE-2022-27774-4.patch')
-rw-r--r-- | meta/recipes-support/curl/curl/CVE-2022-27774-4.patch | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2022-27774-4.patch b/meta/recipes-support/curl/curl/CVE-2022-27774-4.patch new file mode 100644 index 0000000000..2258681cab --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2022-27774-4.patch | |||
@@ -0,0 +1,35 @@ | |||
1 | From 7395752e2f7b87dc8c8f2a7137075e2da554aaea Mon Sep 17 00:00:00 2001 | ||
2 | From: Daniel Stenberg <daniel@haxx.se> | ||
3 | Date: Tue, 26 Apr 2022 07:46:19 +0200 | ||
4 | Subject: [PATCH] gnutls: don't leak the SRP credentials in redirects | ||
5 | |||
6 | Follow-up to 620ea21410030 and 139a54ed0a172a | ||
7 | |||
8 | Reported-by: Harry Sintonen | ||
9 | Closes #8752 | ||
10 | |||
11 | Upstream-Status: Backport [https://github.com/curl/curl/commit/093531556203decd92d92bccd431edbe5561781c] | ||
12 | Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> | ||
13 | --- | ||
14 | lib/vtls/gtls.c | 6 +++--- | ||
15 | 1 file changed, 3 insertions(+), 3 deletions(-) | ||
16 | |||
17 | diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c | ||
18 | index 8c05102..3d0758d 100644 | ||
19 | --- a/lib/vtls/gtls.c | ||
20 | +++ b/lib/vtls/gtls.c | ||
21 | @@ -581,11 +581,11 @@ gtls_connect_step1(struct connectdata *conn, | ||
22 | } | ||
23 | |||
24 | #ifdef USE_TLS_SRP | ||
25 | - if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP) { | ||
26 | + if((SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP) && | ||
27 | + Curl_allow_auth_to_host(data)) { | ||
28 | infof(data, "Using TLS-SRP username: %s\n", SSL_SET_OPTION(username)); | ||
29 | |||
30 | - rc = gnutls_srp_allocate_client_credentials( | ||
31 | - &BACKEND->srp_client_cred); | ||
32 | + rc = gnutls_srp_allocate_client_credentials(&BACKEND->srp_client_cred); | ||
33 | if(rc != GNUTLS_E_SUCCESS) { | ||
34 | failf(data, "gnutls_srp_allocate_client_cred() failed: %s", | ||
35 | gnutls_strerror(rc)); | ||