From 40387c061f0a1e65f9e0ed1e4b59610dbd8ddbbd Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Wed, 12 Apr 2023 16:34:17 +0200
Subject: [PATCH] Resolves: CVE-2023-27535 - adapt the fix for RHEL 9 curl

... where USE_SSH is not defined.  The problem with the backport was
detected by OpenScanHub:

https://cov01.lab.eng.brq2.redhat.com/covscanhub/task/279249//log/added.html
---
 0027-curl-7.76.1-CVE-2023-27535.patch | 13 +++----------
 0028-curl-7.76.1-CVE-2023-27536.patch |  6 +++---
 0029-curl-7.76.1-CVE-2023-27538.patch |  8 ++++----
 curl.spec                             |  5 ++++-
 4 files changed, 14 insertions(+), 18 deletions(-)

diff --git a/0027-curl-7.76.1-CVE-2023-27535.patch b/0027-curl-7.76.1-CVE-2023-27535.patch
index 219fccd..846a90c 100644
--- a/0027-curl-7.76.1-CVE-2023-27535.patch
+++ b/0027-curl-7.76.1-CVE-2023-27535.patch
@@ -83,9 +83,9 @@ Signed-off-by: Kamil Dudka <kdudka@redhat.com>
  lib/ftp.c     | 28 ++++++++++++++++++++++++++--
  lib/ftp.h     |  5 +++++
  lib/setopt.c  |  2 +-
- lib/url.c     | 16 +++++++++++++++-
+ lib/url.c     | 12 ++++++++++++
  lib/urldata.h |  4 ++--
- 5 files changed, 49 insertions(+), 6 deletions(-)
+ 5 files changed, 46 insertions(+), 5 deletions(-)
 
 diff --git a/lib/ftp.c b/lib/ftp.c
 index 9442832..df15bc0 100644
@@ -184,17 +184,10 @@ diff --git a/lib/url.c b/lib/url.c
 index 61ba832..4e21838 100644
 --- a/lib/url.c
 +++ b/lib/url.c
-@@ -1325,10 +1325,24 @@ ConnectionExists(struct Curl_easy *data,
-         }
-       }
- 
--      if(get_protocol_family(needle->handler) == PROTO_FAMILY_SSH) {
-+#ifdef USE_SSH
-+      else if(get_protocol_family(needle->handler) == PROTO_FAMILY_SSH) {
+@@ -1329,6 +1329,18 @@ ConnectionExists(struct Curl_easy *data,
          if(!ssh_config_matches(needle, check))
            continue;
        }
-+#endif
 +#ifndef CURL_DISABLE_FTP
 +      else if(get_protocol_family(needle->handler) & PROTO_FAMILY_FTP) {
 +        /* Also match ACCOUNT, ALTERNATIVE-TO-USER, USE_SSL and CCC options */
diff --git a/0028-curl-7.76.1-CVE-2023-27536.patch b/0028-curl-7.76.1-CVE-2023-27536.patch
index 9479178..7888e19 100644
--- a/0028-curl-7.76.1-CVE-2023-27536.patch
+++ b/0028-curl-7.76.1-CVE-2023-27536.patch
@@ -26,10 +26,10 @@ index 3b11b7e..cbbc7f3 100644
 +      if(needle->gssapi_delegation != check->gssapi_delegation)
 +        continue;
 +
- #ifdef USE_SSH
-       else if(get_protocol_family(needle->handler) == PROTO_FAMILY_SSH) {
+       if(get_protocol_family(needle->handler) == PROTO_FAMILY_SSH) {
          if(!ssh_config_matches(needle, check))
-@@ -1787,6 +1792,7 @@ static struct connectdata *allocate_conn(struct Curl_easy *data)
+           continue;
+@@ -1785,6 +1790,7 @@ static struct connectdata *allocate_conn(struct Curl_easy *data)
    conn->fclosesocket = data->set.fclosesocket;
    conn->closesocket_client = data->set.closesocket_client;
    conn->lastused = Curl_now(); /* used now */
diff --git a/0029-curl-7.76.1-CVE-2023-27538.patch b/0029-curl-7.76.1-CVE-2023-27538.patch
index 32131dc..030b6bb 100644
--- a/0029-curl-7.76.1-CVE-2023-27538.patch
+++ b/0029-curl-7.76.1-CVE-2023-27538.patch
@@ -16,12 +16,12 @@ diff --git a/lib/url.c b/lib/url.c
 index 0c31486..3b11b7e 100644
 --- a/lib/url.c
 +++ b/lib/url.c
-@@ -1331,7 +1331,7 @@ ConnectionExists(struct Curl_easy *data,
+@@ -1330,7 +1330,7 @@ ConnectionExists(struct Curl_easy *data,
+       if(needle->gssapi_delegation != check->gssapi_delegation)
          continue;
  
- #ifdef USE_SSH
--      else if(get_protocol_family(needle->handler) == PROTO_FAMILY_SSH) {
-+      else if(get_protocol_family(needle->handler) & PROTO_FAMILY_SSH) {
+-      if(get_protocol_family(needle->handler) == PROTO_FAMILY_SSH) {
++      if(get_protocol_family(needle->handler) & PROTO_FAMILY_SSH) {
          if(!ssh_config_matches(needle, check))
            continue;
        }
diff --git a/curl.spec b/curl.spec
index 3fe670f..e90bf23 100644
--- a/curl.spec
+++ b/curl.spec
@@ -1,7 +1,7 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
 Version: 7.76.1
-Release: 24%{?dist}
+Release: 25%{?dist}
 License: MIT
 Source: https://curl.se/download/%{name}-%{version}.tar.xz
 
@@ -517,6 +517,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
 
 %changelog
+* Wed Apr 12 2023 Kamil Dudka <kdudka@redhat.com> - 7.76.1-25
+- adapt the fix of CVE-2023-27535 for RHEL 9 curl
+
 * Fri Mar 24 2023 Kamil Dudka <kdudka@redhat.com> - 7.76.1-24
 - fix SSH connection too eager reuse still (CVE-2023-27538)
 - fix GSS delegation too eager connection re-use (CVE-2023-27536)