Resolves: CVE-2023-27536 - fix GSS delegation too eager connection re-use
This commit is contained in:
Kamil Dudka
parent
39cf42ac8f
commit
4a9d75cd21
55
0049-curl-7.61.1-CVE-2023-27536.patch
Normal file
55
0049-curl-7.61.1-CVE-2023-27536.patch
Normal file
@ -0,0 +1,55 @@
|
||||
From 9d6dd7bc1dea42ae8e710aeae714e2a2c290de61 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Fri, 10 Mar 2023 09:22:43 +0100
|
||||
Subject: [PATCH] url: only reuse connections with same GSS delegation
|
||||
|
||||
Reported-by: Harry Sintonen
|
||||
Closes #10731
|
||||
|
||||
Upstream-commit: cb49e67303dbafbab1cebf4086e3ec15b7d56ee5
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
lib/url.c | 6 ++++++
|
||||
lib/urldata.h | 2 ++
|
||||
2 files changed, 8 insertions(+)
|
||||
|
||||
diff --git a/lib/url.c b/lib/url.c
|
||||
index 3b11b7e..cbbc7f3 100644
|
||||
--- a/lib/url.c
|
||||
+++ b/lib/url.c
|
||||
@@ -1305,6 +1305,11 @@ ConnectionExists(struct Curl_easy *data,
|
||||
}
|
||||
}
|
||||
|
||||
+ /* GSS delegation differences do not actually affect every connection
|
||||
+ and auth method, but this check takes precaution before efficiency */
|
||||
+ if(needle->gssapi_delegation != check->gssapi_delegation)
|
||||
+ continue;
|
||||
+
|
||||
if(needle->handler->protocol & (CURLPROTO_SCP|CURLPROTO_SFTP)) {
|
||||
if(!ssh_config_matches(needle, check))
|
||||
continue;
|
||||
@@ -1949,6 +1954,7 @@ static struct connectdata *allocate_conn(struct Curl_easy *data)
|
||||
it may live on without (this specific) Curl_easy */
|
||||
conn->fclosesocket = data->set.fclosesocket;
|
||||
conn->closesocket_client = data->set.closesocket_client;
|
||||
+ conn->gssapi_delegation = data->set.gssapi_delegation;
|
||||
|
||||
return conn;
|
||||
error:
|
||||
diff --git a/lib/urldata.h b/lib/urldata.h
|
||||
index ce90304..9e16f26 100644
|
||||
--- a/lib/urldata.h
|
||||
+++ b/lib/urldata.h
|
||||
@@ -856,6 +856,8 @@ struct connectdata {
|
||||
int httpversion; /* the HTTP version*10 reported by the server */
|
||||
int rtspversion; /* the RTSP version*10 reported by the server */
|
||||
|
||||
+ unsigned char gssapi_delegation; /* inherited from set.gssapi_delegation */
|
||||
+
|
||||
struct curltime now; /* "current" time */
|
||||
struct curltime created; /* creation time */
|
||||
curl_socket_t sock[2]; /* two sockets, the second is used for the data
|
||||
--
|
||||
2.39.2
|
||||
|
||||
@ -139,6 +139,9 @@ Patch47: 0047-curl-7.61.1-CVE-2023-23916.patch
|
||||
# fix FTP too eager connection reuse (CVE-2023-27535)
|
||||
Patch48: 0048-curl-7.61.1-CVE-2023-27535.patch
|
||||
|
||||
# fix GSS delegation too eager connection re-use (CVE-2023-27536)
|
||||
Patch49: 0049-curl-7.61.1-CVE-2023-27536.patch
|
||||
|
||||
# patch making libcurl multilib ready
|
||||
Patch101: 0101-curl-7.32.0-multilib.patch
|
||||
|
||||
@ -360,6 +363,7 @@ sed -e 's|:8992/|:%{?__isa_bits}92/|g' -i tests/data/test97{3..6}
|
||||
%patch46 -p1
|
||||
%patch47 -p1
|
||||
%patch48 -p1
|
||||
%patch49 -p1
|
||||
|
||||
# make tests/*.py use Python 3
|
||||
sed -e '1 s|^#!/.*python|#!%{__python3}|' -i tests/*.py
|
||||
@ -523,6 +527,7 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
|
||||
|
||||
%changelog
|
||||
* Fri Mar 24 2023 Kamil Dudka <kdudka@redhat.com> - 7.61.1-31
|
||||
- fix GSS delegation too eager connection re-use (CVE-2023-27536)
|
||||
- fix FTP too eager connection reuse (CVE-2023-27535)
|
||||
|
||||
* Wed Feb 15 2023 Kamil Dudka <kdudka@redhat.com> - 7.61.1-30
|
||||
|
||||
Loading…
Reference in New Issue
Block a user