diff options
Diffstat (limited to 'meta/recipes-support/curl/curl/CVE-2022-27782-2.patch')
-rw-r--r-- | meta/recipes-support/curl/curl/CVE-2022-27782-2.patch | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2022-27782-2.patch b/meta/recipes-support/curl/curl/CVE-2022-27782-2.patch new file mode 100644 index 0000000000..3d56025210 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2022-27782-2.patch | |||
@@ -0,0 +1,71 @@ | |||
1 | From 0a115a8903dffc7f723d1d4d71fb821d69eb8761 Mon Sep 17 00:00:00 2001 | ||
2 | From: Daniel Stenberg <daniel@haxx.se> | ||
3 | Date: Mon, 9 May 2022 23:13:53 +0200 | ||
4 | Subject: [PATCH] url: check SSH config match on connection reuse | ||
5 | |||
6 | CVE-2022-27782 | ||
7 | |||
8 | Reported-by: Harry Sintonen | ||
9 | Bug: https://curl.se/docs/CVE-2022-27782.html | ||
10 | Closes #8825 | ||
11 | |||
12 | Upstream-Status: Backport [https://github.com/curl/curl/commit/1645e9b44505abd5cbaf65da5282c3f33b5924a5] | ||
13 | Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> | ||
14 | --- | ||
15 | lib/url.c | 11 +++++++++++ | ||
16 | lib/vssh/ssh.h | 6 +++--- | ||
17 | 2 files changed, 14 insertions(+), 3 deletions(-) | ||
18 | |||
19 | diff --git a/lib/url.c b/lib/url.c | ||
20 | index 6518be9..8da0245 100644 | ||
21 | --- a/lib/url.c | ||
22 | +++ b/lib/url.c | ||
23 | @@ -1027,6 +1027,12 @@ static void prune_dead_connections(struct Curl_easy *data) | ||
24 | } | ||
25 | } | ||
26 | |||
27 | +static bool ssh_config_matches(struct connectdata *one, | ||
28 | + struct connectdata *two) | ||
29 | +{ | ||
30 | + return (Curl_safecmp(one->proto.sshc.rsa, two->proto.sshc.rsa) && | ||
31 | + Curl_safecmp(one->proto.sshc.rsa_pub, two->proto.sshc.rsa_pub)); | ||
32 | +} | ||
33 | /* | ||
34 | * Given one filled in connection struct (named needle), this function should | ||
35 | * detect if there already is one that has all the significant details | ||
36 | @@ -1260,6 +1266,11 @@ ConnectionExists(struct Curl_easy *data, | ||
37 | } | ||
38 | } | ||
39 | |||
40 | + if(get_protocol_family(needle->handler->protocol) == PROTO_FAMILY_SSH) { | ||
41 | + if(!ssh_config_matches(needle, check)) | ||
42 | + continue; | ||
43 | + } | ||
44 | + | ||
45 | if(!needle->bits.httpproxy || (needle->handler->flags&PROTOPT_SSL) || | ||
46 | needle->bits.tunnel_proxy) { | ||
47 | /* The requested connection does not use a HTTP proxy or it uses SSL or | ||
48 | diff --git a/lib/vssh/ssh.h b/lib/vssh/ssh.h | ||
49 | index 0d4ee52..8f2632e 100644 | ||
50 | --- a/lib/vssh/ssh.h | ||
51 | +++ b/lib/vssh/ssh.h | ||
52 | @@ -7,7 +7,7 @@ | ||
53 | * | (__| |_| | _ <| |___ | ||
54 | * \___|\___/|_| \_\_____| | ||
55 | * | ||
56 | - * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. | ||
57 | + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. | ||
58 | * | ||
59 | * This software is licensed as described in the file COPYING, which | ||
60 | * you should have received as part of this distribution. The terms | ||
61 | @@ -120,8 +120,8 @@ struct ssh_conn { | ||
62 | |||
63 | /* common */ | ||
64 | const char *passphrase; /* pass-phrase to use */ | ||
65 | - char *rsa_pub; /* path name */ | ||
66 | - char *rsa; /* path name */ | ||
67 | + char *rsa_pub; /* strdup'ed public key file */ | ||
68 | + char *rsa; /* strdup'ed private key file */ | ||
69 | bool authed; /* the connection has been authenticated fine */ | ||
70 | sshstate state; /* always use ssh.c:state() to change state! */ | ||
71 | sshstate nextstate; /* the state to goto after stopping */ | ||