1
0
forked from rpms/curl

Resolves: CVE-2023-27536 - fix GSS delegation too eager connection re-use

This commit is contained in:
Kamil Dudka 2023-03-24 13:25:23 +01:00
parent bd2517cc9b
commit 9d1931d0ec
2 changed files with 59 additions and 0 deletions

View File

@ -0,0 +1,54 @@
From 9d6dd7bc1dea42ae8e710aeae714e2a2c290de61 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 10 Mar 2023 09:22:43 +0100
Subject: [PATCH] url: only reuse connections with same GSS delegation
Reported-by: Harry Sintonen
Closes #10731
Upstream-commit: cb49e67303dbafbab1cebf4086e3ec15b7d56ee5
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
lib/url.c | 6 ++++++
lib/urldata.h | 1 +
2 files changed, 7 insertions(+)
diff --git a/lib/url.c b/lib/url.c
index 3b11b7e..cbbc7f3 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -1325,6 +1325,11 @@ ConnectionExists(struct Curl_easy *data,
}
}
+ /* GSS delegation differences do not actually affect every connection
+ and auth method, but this check takes precaution before efficiency */
+ if(needle->gssapi_delegation != check->gssapi_delegation)
+ continue;
+
#ifdef USE_SSH
else if(get_protocol_family(needle->handler) == PROTO_FAMILY_SSH) {
if(!ssh_config_matches(needle, check))
@@ -1787,6 +1792,7 @@ static struct connectdata *allocate_conn(struct Curl_easy *data)
conn->fclosesocket = data->set.fclosesocket;
conn->closesocket_client = data->set.closesocket_client;
conn->lastused = Curl_now(); /* used now */
+ conn->gssapi_delegation = data->set.gssapi_delegation;
return conn;
error:
diff --git a/lib/urldata.h b/lib/urldata.h
index ce90304..9e16f26 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -995,6 +995,7 @@ struct connectdata {
char *sasl_authzid; /* authorisation identity string, allocated */
char *oauth_bearer; /* OAUTH2 bearer, allocated */
unsigned char httpversion; /* the HTTP version*10 reported by the server */
+ unsigned char gssapi_delegation; /* inherited from set.gssapi_delegation */
struct curltime now; /* "current" time */
struct curltime created; /* creation time */
struct curltime lastused; /* when returned to the connection cache */
--
2.39.2

View File

@ -83,6 +83,9 @@ Patch26: 0026-curl-7.76.1-CVE-2023-27534.patch
# fix FTP too eager connection reuse (CVE-2023-27535) # fix FTP too eager connection reuse (CVE-2023-27535)
Patch27: 0027-curl-7.76.1-CVE-2023-27535.patch Patch27: 0027-curl-7.76.1-CVE-2023-27535.patch
# fix GSS delegation too eager connection re-use (CVE-2023-27536)
Patch28: 0028-curl-7.76.1-CVE-2023-27536.patch
# patch making libcurl multilib ready # patch making libcurl multilib ready
Patch101: 0101-curl-7.32.0-multilib.patch Patch101: 0101-curl-7.32.0-multilib.patch
@ -284,6 +287,7 @@ be installed.
%patch25 -p1 %patch25 -p1
%patch26 -p1 %patch26 -p1
%patch27 -p1 %patch27 -p1
%patch28 -p1
# Fedora patches # Fedora patches
%patch101 -p1 %patch101 -p1
@ -510,6 +514,7 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
%changelog %changelog
* Fri Mar 24 2023 Kamil Dudka <kdudka@redhat.com> - 7.76.1-24 * Fri Mar 24 2023 Kamil Dudka <kdudka@redhat.com> - 7.76.1-24
- fix GSS delegation too eager connection re-use (CVE-2023-27536)
- fix FTP too eager connection reuse (CVE-2023-27535) - fix FTP too eager connection reuse (CVE-2023-27535)
- fix SFTP path ~ resolving discrepancy (CVE-2023-27534) - fix SFTP path ~ resolving discrepancy (CVE-2023-27534)
- fix TELNET option IAC injection (CVE-2023-27533) - fix TELNET option IAC injection (CVE-2023-27533)