Resolves: CVE-2023-27536 - fix GSS delegation too eager connection re-use
This commit is contained in:
parent
bd2517cc9b
commit
9d1931d0ec
54
0028-curl-7.76.1-CVE-2023-27536.patch
Normal file
54
0028-curl-7.76.1-CVE-2023-27536.patch
Normal file
@ -0,0 +1,54 @@
|
|||||||
|
From 9d6dd7bc1dea42ae8e710aeae714e2a2c290de61 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daniel Stenberg <daniel@haxx.se>
|
||||||
|
Date: Fri, 10 Mar 2023 09:22:43 +0100
|
||||||
|
Subject: [PATCH] url: only reuse connections with same GSS delegation
|
||||||
|
|
||||||
|
Reported-by: Harry Sintonen
|
||||||
|
Closes #10731
|
||||||
|
|
||||||
|
Upstream-commit: cb49e67303dbafbab1cebf4086e3ec15b7d56ee5
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
lib/url.c | 6 ++++++
|
||||||
|
lib/urldata.h | 1 +
|
||||||
|
2 files changed, 7 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/lib/url.c b/lib/url.c
|
||||||
|
index 3b11b7e..cbbc7f3 100644
|
||||||
|
--- a/lib/url.c
|
||||||
|
+++ b/lib/url.c
|
||||||
|
@@ -1325,6 +1325,11 @@ ConnectionExists(struct Curl_easy *data,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+ /* GSS delegation differences do not actually affect every connection
|
||||||
|
+ and auth method, but this check takes precaution before efficiency */
|
||||||
|
+ if(needle->gssapi_delegation != check->gssapi_delegation)
|
||||||
|
+ continue;
|
||||||
|
+
|
||||||
|
#ifdef USE_SSH
|
||||||
|
else if(get_protocol_family(needle->handler) == PROTO_FAMILY_SSH) {
|
||||||
|
if(!ssh_config_matches(needle, check))
|
||||||
|
@@ -1787,6 +1792,7 @@ static struct connectdata *allocate_conn(struct Curl_easy *data)
|
||||||
|
conn->fclosesocket = data->set.fclosesocket;
|
||||||
|
conn->closesocket_client = data->set.closesocket_client;
|
||||||
|
conn->lastused = Curl_now(); /* used now */
|
||||||
|
+ conn->gssapi_delegation = data->set.gssapi_delegation;
|
||||||
|
|
||||||
|
return conn;
|
||||||
|
error:
|
||||||
|
diff --git a/lib/urldata.h b/lib/urldata.h
|
||||||
|
index ce90304..9e16f26 100644
|
||||||
|
--- a/lib/urldata.h
|
||||||
|
+++ b/lib/urldata.h
|
||||||
|
@@ -995,6 +995,7 @@ struct connectdata {
|
||||||
|
char *sasl_authzid; /* authorisation identity string, allocated */
|
||||||
|
char *oauth_bearer; /* OAUTH2 bearer, allocated */
|
||||||
|
unsigned char httpversion; /* the HTTP version*10 reported by the server */
|
||||||
|
+ unsigned char gssapi_delegation; /* inherited from set.gssapi_delegation */
|
||||||
|
struct curltime now; /* "current" time */
|
||||||
|
struct curltime created; /* creation time */
|
||||||
|
struct curltime lastused; /* when returned to the connection cache */
|
||||||
|
--
|
||||||
|
2.39.2
|
||||||
|
|
@ -83,6 +83,9 @@ Patch26: 0026-curl-7.76.1-CVE-2023-27534.patch
|
|||||||
# fix FTP too eager connection reuse (CVE-2023-27535)
|
# fix FTP too eager connection reuse (CVE-2023-27535)
|
||||||
Patch27: 0027-curl-7.76.1-CVE-2023-27535.patch
|
Patch27: 0027-curl-7.76.1-CVE-2023-27535.patch
|
||||||
|
|
||||||
|
# fix GSS delegation too eager connection re-use (CVE-2023-27536)
|
||||||
|
Patch28: 0028-curl-7.76.1-CVE-2023-27536.patch
|
||||||
|
|
||||||
# patch making libcurl multilib ready
|
# patch making libcurl multilib ready
|
||||||
Patch101: 0101-curl-7.32.0-multilib.patch
|
Patch101: 0101-curl-7.32.0-multilib.patch
|
||||||
|
|
||||||
@ -284,6 +287,7 @@ be installed.
|
|||||||
%patch25 -p1
|
%patch25 -p1
|
||||||
%patch26 -p1
|
%patch26 -p1
|
||||||
%patch27 -p1
|
%patch27 -p1
|
||||||
|
%patch28 -p1
|
||||||
|
|
||||||
# Fedora patches
|
# Fedora patches
|
||||||
%patch101 -p1
|
%patch101 -p1
|
||||||
@ -510,6 +514,7 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
|
|||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Fri Mar 24 2023 Kamil Dudka <kdudka@redhat.com> - 7.76.1-24
|
* Fri Mar 24 2023 Kamil Dudka <kdudka@redhat.com> - 7.76.1-24
|
||||||
|
- fix GSS delegation too eager connection re-use (CVE-2023-27536)
|
||||||
- fix FTP too eager connection reuse (CVE-2023-27535)
|
- fix FTP too eager connection reuse (CVE-2023-27535)
|
||||||
- fix SFTP path ~ resolving discrepancy (CVE-2023-27534)
|
- fix SFTP path ~ resolving discrepancy (CVE-2023-27534)
|
||||||
- fix TELNET option IAC injection (CVE-2023-27533)
|
- fix TELNET option IAC injection (CVE-2023-27533)
|
||||||
|
Loading…
Reference in New Issue
Block a user