import curl-7.61.1-22.el8_6.3
This commit is contained in:
parent
4615b7a994
commit
946cf39148
338
SOURCES/0036-curl-7.61.1-CVE-2022-22576.patch
Normal file
338
SOURCES/0036-curl-7.61.1-CVE-2022-22576.patch
Normal file
@ -0,0 +1,338 @@
|
|||||||
|
From 295124c256ed25f097192cfa9a67e460f7bb587f Mon Sep 17 00:00:00 2001
|
||||||
|
From: nao <naost3rn@gmail.com>
|
||||||
|
Date: Tue, 21 Jan 2020 10:30:37 +0100
|
||||||
|
Subject: [PATCH 1/2] http: move "oauth_bearer" from connectdata to Curl_easy
|
||||||
|
|
||||||
|
Fixes the bug where oauth_bearer gets deallocated when we re-use a
|
||||||
|
connection.
|
||||||
|
|
||||||
|
Closes #4824
|
||||||
|
|
||||||
|
Upstream-commit: dea17b519dc1d83265ca6aa9a484a2cf242db3b9
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
lib/curl_sasl.c | 14 ++++++++------
|
||||||
|
lib/http.c | 12 +++++-------
|
||||||
|
lib/url.c | 9 ---------
|
||||||
|
lib/urldata.h | 2 --
|
||||||
|
4 files changed, 13 insertions(+), 24 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/curl_sasl.c b/lib/curl_sasl.c
|
||||||
|
index 354bc54..c767bef 100644
|
||||||
|
--- a/lib/curl_sasl.c
|
||||||
|
+++ b/lib/curl_sasl.c
|
||||||
|
@@ -269,6 +269,7 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct connectdata *conn,
|
||||||
|
data->set.str[STRING_SERVICE_NAME] :
|
||||||
|
sasl->params->service;
|
||||||
|
#endif
|
||||||
|
+ const char *oauth_bearer = data->set.str[STRING_BEARER];
|
||||||
|
|
||||||
|
sasl->force_ir = force_ir; /* Latch for future use */
|
||||||
|
sasl->authused = 0; /* No mechanism used yet */
|
||||||
|
@@ -339,7 +340,7 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct connectdata *conn,
|
||||||
|
}
|
||||||
|
else
|
||||||
|
#endif
|
||||||
|
- if((enabledmechs & SASL_MECH_OAUTHBEARER) && conn->oauth_bearer) {
|
||||||
|
+ if((enabledmechs & SASL_MECH_OAUTHBEARER) && oauth_bearer) {
|
||||||
|
mech = SASL_MECH_STRING_OAUTHBEARER;
|
||||||
|
state1 = SASL_OAUTH2;
|
||||||
|
state2 = SASL_OAUTH2_RESP;
|
||||||
|
@@ -349,10 +350,10 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct connectdata *conn,
|
||||||
|
result = Curl_auth_create_oauth_bearer_message(data, conn->user,
|
||||||
|
hostname,
|
||||||
|
port,
|
||||||
|
- conn->oauth_bearer,
|
||||||
|
+ oauth_bearer,
|
||||||
|
&resp, &len);
|
||||||
|
}
|
||||||
|
- else if((enabledmechs & SASL_MECH_XOAUTH2) && conn->oauth_bearer) {
|
||||||
|
+ else if((enabledmechs & SASL_MECH_XOAUTH2) && oauth_bearer) {
|
||||||
|
mech = SASL_MECH_STRING_XOAUTH2;
|
||||||
|
state1 = SASL_OAUTH2;
|
||||||
|
sasl->authused = SASL_MECH_XOAUTH2;
|
||||||
|
@@ -360,7 +361,7 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct connectdata *conn,
|
||||||
|
if(force_ir || data->set.sasl_ir)
|
||||||
|
result = Curl_auth_create_oauth_bearer_message(data, conn->user,
|
||||||
|
NULL, 0,
|
||||||
|
- conn->oauth_bearer,
|
||||||
|
+ oauth_bearer,
|
||||||
|
&resp, &len);
|
||||||
|
}
|
||||||
|
else if(enabledmechs & SASL_MECH_PLAIN) {
|
||||||
|
@@ -429,6 +430,7 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct connectdata *conn,
|
||||||
|
char *serverdata;
|
||||||
|
#endif
|
||||||
|
size_t len = 0;
|
||||||
|
+ const char *oauth_bearer = data->set.str[STRING_BEARER];
|
||||||
|
|
||||||
|
*progress = SASL_INPROGRESS;
|
||||||
|
|
||||||
|
@@ -556,7 +558,7 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct connectdata *conn,
|
||||||
|
result = Curl_auth_create_oauth_bearer_message(data, conn->user,
|
||||||
|
hostname,
|
||||||
|
port,
|
||||||
|
- conn->oauth_bearer,
|
||||||
|
+ oauth_bearer,
|
||||||
|
&resp, &len);
|
||||||
|
|
||||||
|
/* Failures maybe sent by the server as continuations for OAUTHBEARER */
|
||||||
|
@@ -565,7 +567,7 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct connectdata *conn,
|
||||||
|
else
|
||||||
|
result = Curl_auth_create_oauth_bearer_message(data, conn->user,
|
||||||
|
NULL, 0,
|
||||||
|
- conn->oauth_bearer,
|
||||||
|
+ oauth_bearer,
|
||||||
|
&resp, &len);
|
||||||
|
break;
|
||||||
|
|
||||||
|
diff --git a/lib/http.c b/lib/http.c
|
||||||
|
index 26eb52d..bf19077 100644
|
||||||
|
--- a/lib/http.c
|
||||||
|
+++ b/lib/http.c
|
||||||
|
@@ -326,7 +326,7 @@ static CURLcode http_output_bearer(struct connectdata *conn)
|
||||||
|
userp = &conn->allocptr.userpwd;
|
||||||
|
free(*userp);
|
||||||
|
*userp = aprintf("Authorization: Bearer %s\r\n",
|
||||||
|
- conn->oauth_bearer);
|
||||||
|
+ conn->data->set.str[STRING_BEARER]);
|
||||||
|
|
||||||
|
if(!*userp) {
|
||||||
|
result = CURLE_OUT_OF_MEMORY;
|
||||||
|
@@ -510,7 +510,7 @@ CURLcode Curl_http_auth_act(struct connectdata *conn)
|
||||||
|
CURLcode result = CURLE_OK;
|
||||||
|
unsigned long authmask = ~0ul;
|
||||||
|
|
||||||
|
- if(!conn->oauth_bearer)
|
||||||
|
+ if(!data->set.str[STRING_BEARER])
|
||||||
|
authmask &= (unsigned long)~CURLAUTH_BEARER;
|
||||||
|
|
||||||
|
if(100 <= data->req.httpcode && 199 >= data->req.httpcode)
|
||||||
|
@@ -520,7 +520,7 @@ CURLcode Curl_http_auth_act(struct connectdata *conn)
|
||||||
|
if(data->state.authproblem)
|
||||||
|
return data->set.http_fail_on_error?CURLE_HTTP_RETURNED_ERROR:CURLE_OK;
|
||||||
|
|
||||||
|
- if((conn->bits.user_passwd || conn->oauth_bearer) &&
|
||||||
|
+ if((conn->bits.user_passwd || data->set.str[STRING_BEARER]) &&
|
||||||
|
((data->req.httpcode == 401) ||
|
||||||
|
(conn->bits.authneg && data->req.httpcode < 300))) {
|
||||||
|
pickhost = pickoneauth(&data->state.authhost, authmask);
|
||||||
|
@@ -590,9 +590,7 @@ output_auth_headers(struct connectdata *conn,
|
||||||
|
{
|
||||||
|
const char *auth = NULL;
|
||||||
|
CURLcode result = CURLE_OK;
|
||||||
|
-#if !defined(CURL_DISABLE_VERBOSE_STRINGS) || defined(USE_SPNEGO)
|
||||||
|
struct Curl_easy *data = conn->data;
|
||||||
|
-#endif
|
||||||
|
#ifdef USE_SPNEGO
|
||||||
|
struct negotiatedata *negdata = proxy ?
|
||||||
|
&data->state.proxyneg : &data->state.negotiate;
|
||||||
|
@@ -664,7 +662,7 @@ output_auth_headers(struct connectdata *conn,
|
||||||
|
}
|
||||||
|
if(authstatus->picked == CURLAUTH_BEARER) {
|
||||||
|
/* Bearer */
|
||||||
|
- if((!proxy && conn->oauth_bearer &&
|
||||||
|
+ if((!proxy && data->set.str[STRING_BEARER] &&
|
||||||
|
!Curl_checkheaders(conn, "Authorization:"))) {
|
||||||
|
auth = "Bearer";
|
||||||
|
result = http_output_bearer(conn);
|
||||||
|
@@ -722,7 +720,7 @@ Curl_http_output_auth(struct connectdata *conn,
|
||||||
|
authproxy = &data->state.authproxy;
|
||||||
|
|
||||||
|
if((conn->bits.httpproxy && conn->bits.proxy_user_passwd) ||
|
||||||
|
- conn->bits.user_passwd || conn->oauth_bearer)
|
||||||
|
+ conn->bits.user_passwd || data->set.str[STRING_BEARER])
|
||||||
|
/* continue please */;
|
||||||
|
else {
|
||||||
|
authhost->done = TRUE;
|
||||||
|
diff --git a/lib/url.c b/lib/url.c
|
||||||
|
index 4803653..fca0855 100644
|
||||||
|
--- a/lib/url.c
|
||||||
|
+++ b/lib/url.c
|
||||||
|
@@ -686,7 +686,6 @@ static void conn_free(struct connectdata *conn)
|
||||||
|
|
||||||
|
Curl_safefree(conn->user);
|
||||||
|
Curl_safefree(conn->passwd);
|
||||||
|
- Curl_safefree(conn->oauth_bearer);
|
||||||
|
Curl_safefree(conn->options);
|
||||||
|
Curl_safefree(conn->http_proxy.user);
|
||||||
|
Curl_safefree(conn->socks_proxy.user);
|
||||||
|
@@ -4161,14 +4160,6 @@ static CURLcode create_conn(struct Curl_easy *data,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- if(data->set.str[STRING_BEARER]) {
|
||||||
|
- conn->oauth_bearer = strdup(data->set.str[STRING_BEARER]);
|
||||||
|
- if(!conn->oauth_bearer) {
|
||||||
|
- result = CURLE_OUT_OF_MEMORY;
|
||||||
|
- goto out;
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
#ifdef USE_UNIX_SOCKETS
|
||||||
|
if(data->set.str[STRING_UNIX_SOCKET_PATH]) {
|
||||||
|
conn->unix_domain_socket = strdup(data->set.str[STRING_UNIX_SOCKET_PATH]);
|
||||||
|
diff --git a/lib/urldata.h b/lib/urldata.h
|
||||||
|
index 72a36fb..73a185c 100644
|
||||||
|
--- a/lib/urldata.h
|
||||||
|
+++ b/lib/urldata.h
|
||||||
|
@@ -850,8 +850,6 @@ struct connectdata {
|
||||||
|
char *passwd; /* password string, allocated */
|
||||||
|
char *options; /* options string, allocated */
|
||||||
|
|
||||||
|
- char *oauth_bearer; /* bearer token for OAuth 2.0, allocated */
|
||||||
|
-
|
||||||
|
int httpversion; /* the HTTP version*10 reported by the server */
|
||||||
|
int rtspversion; /* the RTSP version*10 reported by the server */
|
||||||
|
|
||||||
|
--
|
||||||
|
2.34.1
|
||||||
|
|
||||||
|
|
||||||
|
From 85d1103c2fc0c9b1bdfae470dbafd45758e1c2f0 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Patrick Monnerat <patrick@monnerat.net>
|
||||||
|
Date: Mon, 25 Apr 2022 11:44:05 +0200
|
||||||
|
Subject: [PATCH 2/2] url: check sasl additional parameters for connection
|
||||||
|
reuse.
|
||||||
|
|
||||||
|
Also move static function safecmp() as non-static Curl_safecmp() since
|
||||||
|
its purpose is needed at several places.
|
||||||
|
|
||||||
|
Bug: https://curl.se/docs/CVE-2022-22576.html
|
||||||
|
|
||||||
|
CVE-2022-22576
|
||||||
|
|
||||||
|
Closes #8746
|
||||||
|
|
||||||
|
Upstream-commit: 852aa5ad351ea53e5f01d2f44b5b4370c2bf5425
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
lib/strcase.c | 10 ++++++++++
|
||||||
|
lib/strcase.h | 2 ++
|
||||||
|
lib/url.c | 12 +++++++++++-
|
||||||
|
lib/urldata.h | 2 ++
|
||||||
|
lib/vtls/vtls.c | 19 +++++--------------
|
||||||
|
5 files changed, 30 insertions(+), 15 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/strcase.c b/lib/strcase.c
|
||||||
|
index dd46ca1..692a3f1 100644
|
||||||
|
--- a/lib/strcase.c
|
||||||
|
+++ b/lib/strcase.c
|
||||||
|
@@ -165,6 +165,16 @@ void Curl_strntoupper(char *dest, const char *src, size_t n)
|
||||||
|
} while(*src++ && --n);
|
||||||
|
}
|
||||||
|
|
||||||
|
+/* Compare case-sensitive NUL-terminated strings, taking care of possible
|
||||||
|
+ * null pointers. Return true if arguments match.
|
||||||
|
+ */
|
||||||
|
+bool Curl_safecmp(char *a, char *b)
|
||||||
|
+{
|
||||||
|
+ if(a && b)
|
||||||
|
+ return !strcmp(a, b);
|
||||||
|
+ return !a && !b;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
/* --- public functions --- */
|
||||||
|
|
||||||
|
int curl_strequal(const char *first, const char *second)
|
||||||
|
diff --git a/lib/strcase.h b/lib/strcase.h
|
||||||
|
index b628656..382b80a 100644
|
||||||
|
--- a/lib/strcase.h
|
||||||
|
+++ b/lib/strcase.h
|
||||||
|
@@ -47,4 +47,6 @@ char Curl_raw_toupper(char in);
|
||||||
|
|
||||||
|
void Curl_strntoupper(char *dest, const char *src, size_t n);
|
||||||
|
|
||||||
|
+bool Curl_safecmp(char *a, char *b);
|
||||||
|
+
|
||||||
|
#endif /* HEADER_CURL_STRCASE_H */
|
||||||
|
diff --git a/lib/url.c b/lib/url.c
|
||||||
|
index adef2cd..94e3406 100644
|
||||||
|
--- a/lib/url.c
|
||||||
|
+++ b/lib/url.c
|
||||||
|
@@ -701,6 +701,7 @@ static void conn_free(struct connectdata *conn)
|
||||||
|
Curl_safefree(conn->allocptr.host);
|
||||||
|
Curl_safefree(conn->allocptr.cookiehost);
|
||||||
|
Curl_safefree(conn->allocptr.rtsp_transport);
|
||||||
|
+ Curl_safefree(conn->oauth_bearer);
|
||||||
|
Curl_safefree(conn->trailer);
|
||||||
|
Curl_safefree(conn->host.rawalloc); /* host name buffer */
|
||||||
|
Curl_safefree(conn->conn_to_host.rawalloc); /* host name buffer */
|
||||||
|
@@ -1291,7 +1292,8 @@ ConnectionExists(struct Curl_easy *data,
|
||||||
|
/* This protocol requires credentials per connection,
|
||||||
|
so verify that we're using the same name and password as well */
|
||||||
|
if(strcmp(needle->user, check->user) ||
|
||||||
|
- strcmp(needle->passwd, check->passwd)) {
|
||||||
|
+ strcmp(needle->passwd, check->passwd) ||
|
||||||
|
+ !Curl_safecmp(needle->oauth_bearer, check->oauth_bearer)) {
|
||||||
|
/* one of them was different */
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
@@ -4160,6 +4162,14 @@ static CURLcode create_conn(struct Curl_easy *data,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+ if(data->set.str[STRING_BEARER]) {
|
||||||
|
+ conn->oauth_bearer = strdup(data->set.str[STRING_BEARER]);
|
||||||
|
+ if(!conn->oauth_bearer) {
|
||||||
|
+ result = CURLE_OUT_OF_MEMORY;
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
#ifdef USE_UNIX_SOCKETS
|
||||||
|
if(data->set.str[STRING_UNIX_SOCKET_PATH]) {
|
||||||
|
conn->unix_domain_socket = strdup(data->set.str[STRING_UNIX_SOCKET_PATH]);
|
||||||
|
diff --git a/lib/urldata.h b/lib/urldata.h
|
||||||
|
index cc8a600..03da59a 100644
|
||||||
|
--- a/lib/urldata.h
|
||||||
|
+++ b/lib/urldata.h
|
||||||
|
@@ -850,6 +850,8 @@ struct connectdata {
|
||||||
|
char *passwd; /* password string, allocated */
|
||||||
|
char *options; /* options string, allocated */
|
||||||
|
|
||||||
|
+ char *oauth_bearer; /* OAUTH2 bearer, allocated */
|
||||||
|
+
|
||||||
|
int httpversion; /* the HTTP version*10 reported by the server */
|
||||||
|
int rtspversion; /* the RTSP version*10 reported by the server */
|
||||||
|
|
||||||
|
diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c
|
||||||
|
index 03b85ba..a40ac06 100644
|
||||||
|
--- a/lib/vtls/vtls.c
|
||||||
|
+++ b/lib/vtls/vtls.c
|
||||||
|
@@ -82,15 +82,6 @@
|
||||||
|
else \
|
||||||
|
dest->var = NULL;
|
||||||
|
|
||||||
|
-static bool safecmp(char *a, char *b)
|
||||||
|
-{
|
||||||
|
- if(a && b)
|
||||||
|
- return !strcmp(a, b);
|
||||||
|
- else if(!a && !b)
|
||||||
|
- return TRUE; /* match */
|
||||||
|
- return FALSE; /* no match */
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
bool
|
||||||
|
Curl_ssl_config_matches(struct ssl_primary_config* data,
|
||||||
|
struct ssl_primary_config* needle)
|
||||||
|
@@ -100,11 +91,11 @@ Curl_ssl_config_matches(struct ssl_primary_config* data,
|
||||||
|
(data->verifypeer == needle->verifypeer) &&
|
||||||
|
(data->verifyhost == needle->verifyhost) &&
|
||||||
|
(data->verifystatus == needle->verifystatus) &&
|
||||||
|
- safecmp(data->CApath, needle->CApath) &&
|
||||||
|
- safecmp(data->CAfile, needle->CAfile) &&
|
||||||
|
- safecmp(data->clientcert, needle->clientcert) &&
|
||||||
|
- safecmp(data->random_file, needle->random_file) &&
|
||||||
|
- safecmp(data->egdsocket, needle->egdsocket) &&
|
||||||
|
+ Curl_safecmp(data->CApath, needle->CApath) &&
|
||||||
|
+ Curl_safecmp(data->CAfile, needle->CAfile) &&
|
||||||
|
+ Curl_safecmp(data->clientcert, needle->clientcert) &&
|
||||||
|
+ Curl_safecmp(data->random_file, needle->random_file) &&
|
||||||
|
+ Curl_safecmp(data->egdsocket, needle->egdsocket) &&
|
||||||
|
Curl_safe_strcasecompare(data->cipher_list, needle->cipher_list) &&
|
||||||
|
Curl_safe_strcasecompare(data->cipher_list13, needle->cipher_list13))
|
||||||
|
return TRUE;
|
||||||
|
--
|
||||||
|
2.34.1
|
||||||
|
|
710
SOURCES/0037-curl-7.61.1-CVE-2022-27776.patch
Normal file
710
SOURCES/0037-curl-7.61.1-CVE-2022-27776.patch
Normal file
@ -0,0 +1,710 @@
|
|||||||
|
From 24ff6b126726201cf778038c332b3b921c7f5b2f Mon Sep 17 00:00:00 2001
|
||||||
|
From: Katsuhiko YOSHIDA <claddvd@gmail.com>
|
||||||
|
Date: Sun, 30 Dec 2018 09:44:30 +0900
|
||||||
|
Subject: [PATCH 1/6] cookies: skip custom cookies when redirecting cross-site
|
||||||
|
|
||||||
|
Closes #3417
|
||||||
|
|
||||||
|
Upstream-commit: 1f30dc886d1a4a6e81599a9f5f5e9f60d97801d4
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
docs/libcurl/opts/CURLOPT_HTTPHEADER.3 | 4 ++
|
||||||
|
lib/http.c | 3 +-
|
||||||
|
tests/data/Makefile.inc | 2 +-
|
||||||
|
tests/data/test330 | 90 ++++++++++++++++++++++++++
|
||||||
|
4 files changed, 97 insertions(+), 2 deletions(-)
|
||||||
|
create mode 100644 tests/data/test330
|
||||||
|
|
||||||
|
diff --git a/docs/libcurl/opts/CURLOPT_HTTPHEADER.3 b/docs/libcurl/opts/CURLOPT_HTTPHEADER.3
|
||||||
|
index f5826e1..4af69f4 100644
|
||||||
|
--- a/docs/libcurl/opts/CURLOPT_HTTPHEADER.3
|
||||||
|
+++ b/docs/libcurl/opts/CURLOPT_HTTPHEADER.3
|
||||||
|
@@ -88,6 +88,10 @@ those servers will get all the contents of your custom headers too.
|
||||||
|
Starting in 7.58.0, libcurl will specifically prevent "Authorization:" headers
|
||||||
|
from being sent to other hosts than the first used one, unless specifically
|
||||||
|
permitted with the \fICURLOPT_UNRESTRICTED_AUTH(3)\fP option.
|
||||||
|
+
|
||||||
|
+Starting in 7.64.0, libcurl will specifically prevent "Cookie:" headers
|
||||||
|
+from being sent to other hosts than the first used one, unless specifically
|
||||||
|
+permitted with the \fICURLOPT_UNRESTRICTED_AUTH(3)\fP option.
|
||||||
|
.SH DEFAULT
|
||||||
|
NULL
|
||||||
|
.SH PROTOCOLS
|
||||||
|
diff --git a/lib/http.c b/lib/http.c
|
||||||
|
index bf19077..0b5e476 100644
|
||||||
|
--- a/lib/http.c
|
||||||
|
+++ b/lib/http.c
|
||||||
|
@@ -1774,7 +1774,8 @@ CURLcode Curl_add_custom_headers(struct connectdata *conn,
|
||||||
|
checkprefix("Transfer-Encoding:", headers->data))
|
||||||
|
/* HTTP/2 doesn't support chunked requests */
|
||||||
|
;
|
||||||
|
- else if(checkprefix("Authorization:", headers->data) &&
|
||||||
|
+ else if((checkprefix("Authorization:", headers->data) ||
|
||||||
|
+ checkprefix("Cookie:", headers->data)) &&
|
||||||
|
/* be careful of sending this potentially sensitive header to
|
||||||
|
other hosts */
|
||||||
|
(data->state.this_is_a_follow &&
|
||||||
|
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
|
||||||
|
index e0f1ef4..77e85fd 100644
|
||||||
|
--- a/tests/data/Makefile.inc
|
||||||
|
+++ b/tests/data/Makefile.inc
|
||||||
|
@@ -56,7 +56,7 @@ test289 test290 test291 test292 test293 test294 test295 test296 test297 \
|
||||||
|
test298 test299 test300 test301 test302 test303 test304 test305 test306 \
|
||||||
|
test307 test308 test309 test310 test311 test312 test313 test314 test315 \
|
||||||
|
test316 test317 test318 test319 test320 test321 test322 test323 test324 \
|
||||||
|
-test325 test326 \
|
||||||
|
+test325 test326 test330 \
|
||||||
|
\
|
||||||
|
test340 \
|
||||||
|
\
|
||||||
|
diff --git a/tests/data/test330 b/tests/data/test330
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000..74607d5
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/tests/data/test330
|
||||||
|
@@ -0,0 +1,90 @@
|
||||||
|
+<testcase>
|
||||||
|
+<info>
|
||||||
|
+<keywords>
|
||||||
|
+HTTP
|
||||||
|
+followlocation
|
||||||
|
+cookies
|
||||||
|
+</keywords>
|
||||||
|
+</info>
|
||||||
|
+#
|
||||||
|
+# Server-side
|
||||||
|
+<reply>
|
||||||
|
+<data>
|
||||||
|
+HTTP/1.1 302 OK
|
||||||
|
+Date: Thu, 09 Nov 2010 14:49:00 GMT
|
||||||
|
+Server: test-server/fake swsclose
|
||||||
|
+Content-Type: text/html
|
||||||
|
+Funny-head: yesyes
|
||||||
|
+Location: http://goto.second.host.now/3170002
|
||||||
|
+Content-Length: 8
|
||||||
|
+Connection: close
|
||||||
|
+
|
||||||
|
+contents
|
||||||
|
+</data>
|
||||||
|
+<data2>
|
||||||
|
+HTTP/1.1 200 OK
|
||||||
|
+Date: Thu, 09 Nov 2010 14:49:00 GMT
|
||||||
|
+Server: test-server/fake swsclose
|
||||||
|
+Content-Type: text/html
|
||||||
|
+Funny-head: yesyes
|
||||||
|
+Content-Length: 9
|
||||||
|
+
|
||||||
|
+contents
|
||||||
|
+</data2>
|
||||||
|
+
|
||||||
|
+<datacheck>
|
||||||
|
+HTTP/1.1 302 OK
|
||||||
|
+Date: Thu, 09 Nov 2010 14:49:00 GMT
|
||||||
|
+Server: test-server/fake swsclose
|
||||||
|
+Content-Type: text/html
|
||||||
|
+Funny-head: yesyes
|
||||||
|
+Location: http://goto.second.host.now/3170002
|
||||||
|
+Content-Length: 8
|
||||||
|
+Connection: close
|
||||||
|
+
|
||||||
|
+HTTP/1.1 200 OK
|
||||||
|
+Date: Thu, 09 Nov 2010 14:49:00 GMT
|
||||||
|
+Server: test-server/fake swsclose
|
||||||
|
+Content-Type: text/html
|
||||||
|
+Funny-head: yesyes
|
||||||
|
+Content-Length: 9
|
||||||
|
+
|
||||||
|
+contents
|
||||||
|
+</datacheck>
|
||||||
|
+</reply>
|
||||||
|
+
|
||||||
|
+#
|
||||||
|
+# Client-side
|
||||||
|
+<client>
|
||||||
|
+<server>
|
||||||
|
+http
|
||||||
|
+</server>
|
||||||
|
+ <name>
|
||||||
|
+HTTP with custom Cookie: and redirect to new host
|
||||||
|
+ </name>
|
||||||
|
+ <command>
|
||||||
|
+http://first.host.it.is/we/want/that/page/317 -x %HOSTIP:%HTTPPORT -H "Cookie: test=yes" --location
|
||||||
|
+</command>
|
||||||
|
+</client>
|
||||||
|
+
|
||||||
|
+#
|
||||||
|
+# Verify data after the test has been "shot"
|
||||||
|
+<verify>
|
||||||
|
+<strip>
|
||||||
|
+^User-Agent:.*
|
||||||
|
+</strip>
|
||||||
|
+<protocol>
|
||||||
|
+GET http://first.host.it.is/we/want/that/page/317 HTTP/1.1
|
||||||
|
+Host: first.host.it.is
|
||||||
|
+Accept: */*
|
||||||
|
+Proxy-Connection: Keep-Alive
|
||||||
|
+Cookie: test=yes
|
||||||
|
+
|
||||||
|
+GET http://goto.second.host.now/3170002 HTTP/1.1
|
||||||
|
+Host: goto.second.host.now
|
||||||
|
+Accept: */*
|
||||||
|
+Proxy-Connection: Keep-Alive
|
||||||
|
+
|
||||||
|
+</protocol>
|
||||||
|
+</verify>
|
||||||
|
+</testcase>
|
||||||
|
--
|
||||||
|
2.34.1
|
||||||
|
|
||||||
|
|
||||||
|
From a3f3855c8bf3a39ef0d86ef04087c200bca765f1 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daniel Stenberg <daniel@haxx.se>
|
||||||
|
Date: Thu, 19 Dec 2019 16:45:53 +0100
|
||||||
|
Subject: [PATCH 2/6] sws: search for "Testno:" header uncondtionally if no
|
||||||
|
testno
|
||||||
|
|
||||||
|
Even if the initial request line wasn't found. With the fix to 1455, the
|
||||||
|
test number is now detected correctly.
|
||||||
|
|
||||||
|
(Problem found when running tests in random order.)
|
||||||
|
|
||||||
|
Closes #4744
|
||||||
|
|
||||||
|
Upstream-commit: 25b69c482f45c7acd817920bd8fdf68887be51a2
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
tests/data/test1455 | 3 ++-
|
||||||
|
tests/server/sws.c | 40 +++++++++++++++++++++++-----------------
|
||||||
|
2 files changed, 25 insertions(+), 18 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/tests/data/test1455 b/tests/data/test1455
|
||||||
|
index 0b77dc4..25f742e 100644
|
||||||
|
--- a/tests/data/test1455
|
||||||
|
+++ b/tests/data/test1455
|
||||||
|
@@ -35,7 +35,7 @@ http
|
||||||
|
HTTP GET when PROXY Protocol enabled
|
||||||
|
</name>
|
||||||
|
<command>
|
||||||
|
-http://%HOSTIP:%HTTPPORT/1455 --haproxy-protocol
|
||||||
|
+http://%HOSTIP:%HTTPPORT/1455 --haproxy-protocol -H "Testno: 1455"
|
||||||
|
</command>
|
||||||
|
</client>
|
||||||
|
|
||||||
|
@@ -53,6 +53,7 @@ proxy-line
|
||||||
|
GET /1455 HTTP/1.1
|
||||||
|
Host: %HOSTIP:%HTTPPORT
|
||||||
|
Accept: */*
|
||||||
|
+Testno: 1455
|
||||||
|
|
||||||
|
</protocol>
|
||||||
|
</verify>
|
||||||
|
diff --git a/tests/server/sws.c b/tests/server/sws.c
|
||||||
|
index fbe7761..4ece830 100644
|
||||||
|
--- a/tests/server/sws.c
|
||||||
|
+++ b/tests/server/sws.c
|
||||||
|
@@ -367,6 +367,8 @@ static int parse_servercmd(struct httprequest *req)
|
||||||
|
|
||||||
|
filename = test2file(req->testno);
|
||||||
|
req->close = FALSE;
|
||||||
|
+ req->connmon = FALSE;
|
||||||
|
+
|
||||||
|
stream = fopen(filename, "rb");
|
||||||
|
if(!stream) {
|
||||||
|
error = errno;
|
||||||
|
@@ -391,8 +393,6 @@ static int parse_servercmd(struct httprequest *req)
|
||||||
|
return 1; /* done */
|
||||||
|
}
|
||||||
|
|
||||||
|
- req->connmon = FALSE;
|
||||||
|
-
|
||||||
|
cmd = orgcmd;
|
||||||
|
while(cmd && cmdsize) {
|
||||||
|
char *check;
|
||||||
|
@@ -548,12 +548,11 @@ static int ProcessRequest(struct httprequest *req)
|
||||||
|
snprintf(logbuf, sizeof(logbuf), "Requested test number %ld part %ld",
|
||||||
|
req->testno, req->partno);
|
||||||
|
logmsg("%s", logbuf);
|
||||||
|
-
|
||||||
|
- /* find and parse <servercmd> for this test */
|
||||||
|
- parse_servercmd(req);
|
||||||
|
}
|
||||||
|
- else
|
||||||
|
+ else {
|
||||||
|
+ logmsg("No test number");
|
||||||
|
req->testno = DOCNUMBER_NOTHING;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -613,14 +612,6 @@ static int ProcessRequest(struct httprequest *req)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- if(req->testno == DOCNUMBER_NOTHING) {
|
||||||
|
- /* check for a Testno: header with the test case number */
|
||||||
|
- char *testno = strstr(line, "\nTestno: ");
|
||||||
|
- if(testno) {
|
||||||
|
- req->testno = strtol(&testno[9], NULL, 10);
|
||||||
|
- logmsg("Found test number %d in Testno: header!", req->testno);
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
if(req->testno == DOCNUMBER_NOTHING) {
|
||||||
|
/* Still no test case number. Try to get the the number off the last dot
|
||||||
|
instead, IE we consider the TLD to be the test number. Test 123 can
|
||||||
|
@@ -661,8 +652,8 @@ static int ProcessRequest(struct httprequest *req)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else if((req->offset >= 3) && (req->testno == DOCNUMBER_NOTHING)) {
|
||||||
|
- logmsg("** Unusual request. Starts with %02x %02x %02x",
|
||||||
|
- line[0], line[1], line[2]);
|
||||||
|
+ logmsg("** Unusual request. Starts with %02x %02x %02x (%c%c%c)",
|
||||||
|
+ line[0], line[1], line[2], line[0], line[1], line[2]);
|
||||||
|
}
|
||||||
|
|
||||||
|
if(!end) {
|
||||||
|
@@ -670,7 +661,22 @@ static int ProcessRequest(struct httprequest *req)
|
||||||
|
logmsg("request not complete yet");
|
||||||
|
return 0; /* not complete yet */
|
||||||
|
}
|
||||||
|
- logmsg("- request found to be complete");
|
||||||
|
+ logmsg("- request found to be complete (%d)", req->testno);
|
||||||
|
+
|
||||||
|
+ if(req->testno == DOCNUMBER_NOTHING) {
|
||||||
|
+ /* check for a Testno: header with the test case number */
|
||||||
|
+ char *testno = strstr(line, "\nTestno: ");
|
||||||
|
+ if(testno) {
|
||||||
|
+ req->testno = strtol(&testno[9], NULL, 10);
|
||||||
|
+ logmsg("Found test number %d in Testno: header!", req->testno);
|
||||||
|
+ }
|
||||||
|
+ else {
|
||||||
|
+ logmsg("No Testno: header");
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /* find and parse <servercmd> for this test */
|
||||||
|
+ parse_servercmd(req);
|
||||||
|
|
||||||
|
if(use_gopher) {
|
||||||
|
/* when using gopher we cannot check the request until the entire
|
||||||
|
--
|
||||||
|
2.34.1
|
||||||
|
|
||||||
|
|
||||||
|
From 3772ea764c05a1cf37b96c091ae266138e8a2867 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daniel Stenberg <daniel@haxx.se>
|
||||||
|
Date: Thu, 16 Apr 2020 14:16:22 +0200
|
||||||
|
Subject: [PATCH 3/6] runtests: always put test number in servercmd file
|
||||||
|
|
||||||
|
Upstream-commit: d1a2816b4128faa8ebc50ce93285c7364652856e
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
tests/runtests.pl | 10 +++-------
|
||||||
|
1 file changed, 3 insertions(+), 7 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/tests/runtests.pl b/tests/runtests.pl
|
||||||
|
index a0fd991..8d8ed81 100755
|
||||||
|
--- a/tests/runtests.pl
|
||||||
|
+++ b/tests/runtests.pl
|
||||||
|
@@ -3878,10 +3878,9 @@ sub singletest {
|
||||||
|
unlink($SERVER2IN);
|
||||||
|
unlink($PROXYIN);
|
||||||
|
|
||||||
|
- if(@ftpservercmd) {
|
||||||
|
- # write the instructions to file
|
||||||
|
- writearray($FTPDCMD, \@ftpservercmd);
|
||||||
|
- }
|
||||||
|
+ push @ftpservercmd, "Testnum $testnum\n";
|
||||||
|
+ # write the instructions to file
|
||||||
|
+ writearray($FTPDCMD, \@ftpservercmd);
|
||||||
|
|
||||||
|
# get the command line options to use
|
||||||
|
my @blaha;
|
||||||
|
@@ -4222,9 +4221,6 @@ sub singletest {
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- # remove the test server commands file after each test
|
||||||
|
- unlink($FTPDCMD) if(-f $FTPDCMD);
|
||||||
|
-
|
||||||
|
# run the postcheck command
|
||||||
|
my @postcheck= getpart("client", "postcheck");
|
||||||
|
if(@postcheck) {
|
||||||
|
--
|
||||||
|
2.34.1
|
||||||
|
|
||||||
|
|
||||||
|
From ac04f6feaa19c636aa09a1b50643d70a77be4465 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daniel Stenberg <daniel@haxx.se>
|
||||||
|
Date: Thu, 14 May 2020 17:45:40 +0200
|
||||||
|
Subject: [PATCH 4/6] sws: as last resort, get test number from server cmd file
|
||||||
|
|
||||||
|
If it can't be found in the request. Also support --cmdfile to set it to
|
||||||
|
a custom file name.
|
||||||
|
|
||||||
|
runtests.pl always writes this file with the test number in it since a
|
||||||
|
while back.
|
||||||
|
|
||||||
|
Upstream-commit: a3b0699d5c110270f09ac51b5b465ca8753b35a9
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
tests/server/sws.c | 68 ++++++++++++++++++++++++++++++++++------------
|
||||||
|
1 file changed, 51 insertions(+), 17 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/tests/server/sws.c b/tests/server/sws.c
|
||||||
|
index 4ece830..2696872 100644
|
||||||
|
--- a/tests/server/sws.c
|
||||||
|
+++ b/tests/server/sws.c
|
||||||
|
@@ -155,6 +155,10 @@ const char *serverlogfile = DEFAULT_LOGFILE;
|
||||||
|
#define REQUEST_PROXY_DUMP "log/proxy.input"
|
||||||
|
#define RESPONSE_PROXY_DUMP "log/proxy.response"
|
||||||
|
|
||||||
|
+/* file in which additional instructions may be found */
|
||||||
|
+#define DEFAULT_CMDFILE "log/ftpserver.cmd"
|
||||||
|
+const char *cmdfile = DEFAULT_CMDFILE;
|
||||||
|
+
|
||||||
|
/* very-big-path support */
|
||||||
|
#define MAXDOCNAMELEN 140000
|
||||||
|
#define MAXDOCNAMELEN_TXT "139999"
|
||||||
|
@@ -358,6 +362,24 @@ static bool socket_domain_is_ip(void)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+/* parse the file on disk that might have a test number for us */
|
||||||
|
+static int parse_cmdfile(struct httprequest *req)
|
||||||
|
+{
|
||||||
|
+ int testnum = DOCNUMBER_NOTHING;
|
||||||
|
+ char buf[256];
|
||||||
|
+ FILE *f = fopen(cmdfile, FOPEN_READTEXT);
|
||||||
|
+ if(f) {
|
||||||
|
+ while(fgets(buf, sizeof(buf), f)) {
|
||||||
|
+ if(1 == sscanf(buf, "Testnum %d", &testnum)) {
|
||||||
|
+ logmsg("[%s] cmdfile says testnum %d", cmdfile, testnum);
|
||||||
|
+ req->testno = testnum;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ fclose(f);
|
||||||
|
+ }
|
||||||
|
+ return 0;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
/* based on the testno, parse the correct server commands */
|
||||||
|
static int parse_servercmd(struct httprequest *req)
|
||||||
|
{
|
||||||
|
@@ -622,34 +644,41 @@ static int ProcessRequest(struct httprequest *req)
|
||||||
|
|
||||||
|
/* get the number after it */
|
||||||
|
if(ptr) {
|
||||||
|
+ long num;
|
||||||
|
ptr++; /* skip the dot */
|
||||||
|
|
||||||
|
- req->testno = strtol(ptr, &ptr, 10);
|
||||||
|
+ num = strtol(ptr, &ptr, 10);
|
||||||
|
|
||||||
|
- if(req->testno > 10000) {
|
||||||
|
- req->partno = req->testno % 10000;
|
||||||
|
- req->testno /= 10000;
|
||||||
|
+ if(num) {
|
||||||
|
+ req->testno = num;
|
||||||
|
+ if(req->testno > 10000) {
|
||||||
|
+ req->partno = req->testno % 10000;
|
||||||
|
+ req->testno /= 10000;
|
||||||
|
|
||||||
|
- logmsg("found test %d in requested host name", req->testno);
|
||||||
|
+ logmsg("found test %d in requested host name", req->testno);
|
||||||
|
|
||||||
|
+ }
|
||||||
|
+ else
|
||||||
|
+ req->partno = 0;
|
||||||
|
}
|
||||||
|
- else
|
||||||
|
- req->partno = 0;
|
||||||
|
|
||||||
|
- snprintf(logbuf, sizeof(logbuf),
|
||||||
|
- "Requested test number %ld part %ld (from host name)",
|
||||||
|
+ if(req->testno != DOCNUMBER_NOTHING) {
|
||||||
|
+ logmsg("Requested test number %ld part %ld (from host name)",
|
||||||
|
req->testno, req->partno);
|
||||||
|
- logmsg("%s", logbuf);
|
||||||
|
-
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
+ }
|
||||||
|
|
||||||
|
- if(!req->testno) {
|
||||||
|
- logmsg("Did not find test number in PATH");
|
||||||
|
- req->testno = DOCNUMBER_404;
|
||||||
|
- }
|
||||||
|
- else
|
||||||
|
- parse_servercmd(req);
|
||||||
|
+ if(req->testno == DOCNUMBER_NOTHING)
|
||||||
|
+ /* might get the test number */
|
||||||
|
+ parse_cmdfile(req);
|
||||||
|
+
|
||||||
|
+ if(req->testno == DOCNUMBER_NOTHING) {
|
||||||
|
+ logmsg("Did not find test number in PATH");
|
||||||
|
+ req->testno = DOCNUMBER_404;
|
||||||
|
}
|
||||||
|
+ else
|
||||||
|
+ parse_servercmd(req);
|
||||||
|
}
|
||||||
|
else if((req->offset >= 3) && (req->testno == DOCNUMBER_NOTHING)) {
|
||||||
|
logmsg("** Unusual request. Starts with %02x %02x %02x (%c%c%c)",
|
||||||
|
@@ -2038,6 +2067,11 @@ int main(int argc, char *argv[])
|
||||||
|
if(argc>arg)
|
||||||
|
serverlogfile = argv[arg++];
|
||||||
|
}
|
||||||
|
+ else if(!strcmp("--cmdfile", argv[arg])) {
|
||||||
|
+ arg++;
|
||||||
|
+ if(argc>arg)
|
||||||
|
+ cmdfile = argv[arg++];
|
||||||
|
+ }
|
||||||
|
else if(!strcmp("--gopher", argv[arg])) {
|
||||||
|
arg++;
|
||||||
|
use_gopher = TRUE;
|
||||||
|
--
|
||||||
|
2.34.1
|
||||||
|
|
||||||
|
|
||||||
|
From 9fa56a1e3ae7feff14668d8abd892fa028a9f32e Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daniel Stenberg <daniel@haxx.se>
|
||||||
|
Date: Mon, 25 Apr 2022 13:05:40 +0200
|
||||||
|
Subject: [PATCH 5/6] http: avoid auth/cookie on redirects same host diff port
|
||||||
|
|
||||||
|
CVE-2022-27776
|
||||||
|
|
||||||
|
Reported-by: Harry Sintonen
|
||||||
|
Bug: https://curl.se/docs/CVE-2022-27776.html
|
||||||
|
Closes #8749
|
||||||
|
|
||||||
|
Upstream-commit: 6e659993952aa5f90f48864be84a1bbb047fc258
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
lib/http.c | 33 +++++++++++++++++++++------------
|
||||||
|
lib/urldata.h | 16 +++++++++-------
|
||||||
|
2 files changed, 30 insertions(+), 19 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/http.c b/lib/http.c
|
||||||
|
index 0b5e476..39fc7aa 100644
|
||||||
|
--- a/lib/http.c
|
||||||
|
+++ b/lib/http.c
|
||||||
|
@@ -688,6 +688,21 @@ output_auth_headers(struct connectdata *conn,
|
||||||
|
return CURLE_OK;
|
||||||
|
}
|
||||||
|
|
||||||
|
+/*
|
||||||
|
+ * allow_auth_to_host() tells if autentication, cookies or other "sensitive
|
||||||
|
+ * data" can (still) be sent to this host.
|
||||||
|
+ */
|
||||||
|
+static bool allow_auth_to_host(struct connectdata *conn)
|
||||||
|
+{
|
||||||
|
+ struct Curl_easy *data = conn->data;
|
||||||
|
+ return (!data->state.this_is_a_follow ||
|
||||||
|
+ data->set.allow_auth_to_other_hosts ||
|
||||||
|
+ (data->state.first_host &&
|
||||||
|
+ strcasecompare(data->state.first_host, conn->host.name) &&
|
||||||
|
+ (data->state.first_remote_port == conn->remote_port) &&
|
||||||
|
+ (data->state.first_remote_protocol == conn->handler->protocol)));
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
/**
|
||||||
|
* Curl_http_output_auth() setups the authentication headers for the
|
||||||
|
* host/proxy and the correct authentication
|
||||||
|
@@ -756,15 +771,11 @@ Curl_http_output_auth(struct connectdata *conn,
|
||||||
|
with it */
|
||||||
|
authproxy->done = TRUE;
|
||||||
|
|
||||||
|
- /* To prevent the user+password to get sent to other than the original
|
||||||
|
- host due to a location-follow, we do some weirdo checks here */
|
||||||
|
- if(!data->state.this_is_a_follow ||
|
||||||
|
- conn->bits.netrc ||
|
||||||
|
- !data->state.first_host ||
|
||||||
|
- data->set.allow_auth_to_other_hosts ||
|
||||||
|
- strcasecompare(data->state.first_host, conn->host.name)) {
|
||||||
|
+ /* To prevent the user+password to get sent to other than the original host
|
||||||
|
+ due to a location-follow */
|
||||||
|
+ if(allow_auth_to_host(conn)
|
||||||
|
+ || conn->bits.netrc)
|
||||||
|
result = output_auth_headers(conn, authhost, request, path, FALSE);
|
||||||
|
- }
|
||||||
|
else
|
||||||
|
authhost->done = TRUE;
|
||||||
|
|
||||||
|
@@ -1778,10 +1789,7 @@ CURLcode Curl_add_custom_headers(struct connectdata *conn,
|
||||||
|
checkprefix("Cookie:", headers->data)) &&
|
||||||
|
/* be careful of sending this potentially sensitive header to
|
||||||
|
other hosts */
|
||||||
|
- (data->state.this_is_a_follow &&
|
||||||
|
- data->state.first_host &&
|
||||||
|
- !data->set.allow_auth_to_other_hosts &&
|
||||||
|
- !strcasecompare(data->state.first_host, conn->host.name)))
|
||||||
|
+ !allow_auth_to_host(conn))
|
||||||
|
;
|
||||||
|
else {
|
||||||
|
result = Curl_add_bufferf(req_buffer, "%s\r\n", headers->data);
|
||||||
|
@@ -1937,6 +1945,7 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
|
||||||
|
return CURLE_OUT_OF_MEMORY;
|
||||||
|
|
||||||
|
data->state.first_remote_port = conn->remote_port;
|
||||||
|
+ data->state.first_remote_protocol = conn->handler->protocol;
|
||||||
|
}
|
||||||
|
http->writebytecount = http->readbytecount = 0;
|
||||||
|
|
||||||
|
diff --git a/lib/urldata.h b/lib/urldata.h
|
||||||
|
index d3b971c..4bb0a84 100644
|
||||||
|
--- a/lib/urldata.h
|
||||||
|
+++ b/lib/urldata.h
|
||||||
|
@@ -1231,13 +1231,15 @@ struct UrlState {
|
||||||
|
bytes / second */
|
||||||
|
bool this_is_a_follow; /* this is a followed Location: request */
|
||||||
|
bool refused_stream; /* this was refused, try again */
|
||||||
|
- char *first_host; /* host name of the first (not followed) request.
|
||||||
|
- if set, this should be the host name that we will
|
||||||
|
- sent authorization to, no else. Used to make Location:
|
||||||
|
- following not keep sending user+password... This is
|
||||||
|
- strdup() data.
|
||||||
|
- */
|
||||||
|
- int first_remote_port; /* remote port of the first (not followed) request */
|
||||||
|
+
|
||||||
|
+ /* host name, port number and protocol of the first (not followed) request.
|
||||||
|
+ if set, this should be the host name that we will sent authorization to,
|
||||||
|
+ no else. Used to make Location: following not keep sending user+password.
|
||||||
|
+ This is strdup()ed data. */
|
||||||
|
+ char *first_host;
|
||||||
|
+ int first_remote_port;
|
||||||
|
+ unsigned int first_remote_protocol;
|
||||||
|
+
|
||||||
|
struct curl_ssl_session *session; /* array of 'max_ssl_sessions' size */
|
||||||
|
long sessionage; /* number of the most recent session */
|
||||||
|
unsigned int tempcount; /* number of entries in use in tempwrite, 0 - 3 */
|
||||||
|
--
|
||||||
|
2.34.1
|
||||||
|
|
||||||
|
|
||||||
|
From a8bb1e37e22788abaca37c59cf447d690fdcdfa4 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daniel Stenberg <daniel@haxx.se>
|
||||||
|
Date: Mon, 25 Apr 2022 13:05:47 +0200
|
||||||
|
Subject: [PATCH 6/6] test898: verify the fix for CVE-2022-27776
|
||||||
|
|
||||||
|
Do not pass on Authorization headers on redirects to another port
|
||||||
|
|
||||||
|
Upstream-commit: afe752e0504ab60bf63787ede0b992cbe1065f78
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
tests/data/Makefile.inc | 2 +-
|
||||||
|
tests/data/test898 | 91 +++++++++++++++++++++++++++++++++++++++++
|
||||||
|
2 files changed, 92 insertions(+), 1 deletion(-)
|
||||||
|
create mode 100644 tests/data/test898
|
||||||
|
|
||||||
|
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
|
||||||
|
index 77e85fd..58c9e31 100644
|
||||||
|
--- a/tests/data/Makefile.inc
|
||||||
|
+++ b/tests/data/Makefile.inc
|
||||||
|
@@ -99,7 +99,7 @@ test850 test851 test852 test853 test854 test855 test856 test857 test858 \
|
||||||
|
test859 test860 test861 test862 test863 test864 test865 test866 test867 \
|
||||||
|
test868 test869 test870 test871 test872 test873 test874 test875 test876 \
|
||||||
|
test877 test878 test879 test880 test881 test882 test883 test884 test885 \
|
||||||
|
-test886 test887 test888 test889 test890 test891 \
|
||||||
|
+test886 test887 test888 test889 test890 test891 test898 \
|
||||||
|
\
|
||||||
|
test900 test901 test902 test903 test904 test905 test906 test907 test908 \
|
||||||
|
test909 test910 test911 test912 test913 test914 test915 test916 test917 \
|
||||||
|
diff --git a/tests/data/test898 b/tests/data/test898
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000..e295c26
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/tests/data/test898
|
||||||
|
@@ -0,0 +1,91 @@
|
||||||
|
+<testcase>
|
||||||
|
+<info>
|
||||||
|
+<keywords>
|
||||||
|
+HTTP
|
||||||
|
+--location
|
||||||
|
+Authorization
|
||||||
|
+Cookie
|
||||||
|
+</keywords>
|
||||||
|
+</info>
|
||||||
|
+
|
||||||
|
+#
|
||||||
|
+# Server-side
|
||||||
|
+<reply>
|
||||||
|
+<data>
|
||||||
|
+HTTP/1.1 301 redirect
|
||||||
|
+Date: Tue, 09 Nov 2010 14:49:00 GMT
|
||||||
|
+Server: test-server/fake
|
||||||
|
+Content-Length: 0
|
||||||
|
+Connection: close
|
||||||
|
+Content-Type: text/html
|
||||||
|
+Location: http://firsthost.com:9999/a/path/8980002
|
||||||
|
+
|
||||||
|
+</data>
|
||||||
|
+<data2>
|
||||||
|
+HTTP/1.1 200 OK
|
||||||
|
+Date: Tue, 09 Nov 2010 14:49:00 GMT
|
||||||
|
+Server: test-server/fake
|
||||||
|
+Content-Length: 4
|
||||||
|
+Connection: close
|
||||||
|
+Content-Type: text/html
|
||||||
|
+
|
||||||
|
+hey
|
||||||
|
+</data2>
|
||||||
|
+
|
||||||
|
+<datacheck>
|
||||||
|
+HTTP/1.1 301 redirect
|
||||||
|
+Date: Tue, 09 Nov 2010 14:49:00 GMT
|
||||||
|
+Server: test-server/fake
|
||||||
|
+Content-Length: 0
|
||||||
|
+Connection: close
|
||||||
|
+Content-Type: text/html
|
||||||
|
+Location: http://firsthost.com:9999/a/path/8980002
|
||||||
|
+
|
||||||
|
+HTTP/1.1 200 OK
|
||||||
|
+Date: Tue, 09 Nov 2010 14:49:00 GMT
|
||||||
|
+Server: test-server/fake
|
||||||
|
+Content-Length: 4
|
||||||
|
+Connection: close
|
||||||
|
+Content-Type: text/html
|
||||||
|
+
|
||||||
|
+hey
|
||||||
|
+</datacheck>
|
||||||
|
+
|
||||||
|
+</reply>
|
||||||
|
+
|
||||||
|
+#
|
||||||
|
+# Client-side
|
||||||
|
+<client>
|
||||||
|
+<server>
|
||||||
|
+http
|
||||||
|
+</server>
|
||||||
|
+ <name>
|
||||||
|
+HTTP with custom auth and cookies redirected to HTTP on a diff port
|
||||||
|
+ </name>
|
||||||
|
+ <command>
|
||||||
|
+-x http://%HOSTIP:%HTTPPORT http://firsthost.com -L -H "Authorization: Basic am9lOnNlY3JldA==" -H "Cookie: userpwd=am9lOnNlY3JldA=="
|
||||||
|
+</command>
|
||||||
|
+</client>
|
||||||
|
+
|
||||||
|
+#
|
||||||
|
+# Verify data after the test has been "shot"
|
||||||
|
+<verify>
|
||||||
|
+<strip>
|
||||||
|
+^User-Agent:.*
|
||||||
|
+</strip>
|
||||||
|
+<protocol>
|
||||||
|
+GET http://firsthost.com/ HTTP/1.1
|
||||||
|
+Host: firsthost.com
|
||||||
|
+Accept: */*
|
||||||
|
+Proxy-Connection: Keep-Alive
|
||||||
|
+Authorization: Basic am9lOnNlY3JldA==
|
||||||
|
+Cookie: userpwd=am9lOnNlY3JldA==
|
||||||
|
+
|
||||||
|
+GET http://firsthost.com:9999/a/path/8980002 HTTP/1.1
|
||||||
|
+Host: firsthost.com:9999
|
||||||
|
+Accept: */*
|
||||||
|
+Proxy-Connection: Keep-Alive
|
||||||
|
+
|
||||||
|
+</protocol>
|
||||||
|
+</verify>
|
||||||
|
+</testcase>
|
||||||
|
--
|
||||||
|
2.34.1
|
||||||
|
|
714
SOURCES/0038-curl-7.61.1-CVE-2022-27774.patch
Normal file
714
SOURCES/0038-curl-7.61.1-CVE-2022-27774.patch
Normal file
@ -0,0 +1,714 @@
|
|||||||
|
From 48f126157d36962e458bf12f90b50cfcef26eee9 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daniel Stenberg <daniel@haxx.se>
|
||||||
|
Date: Mon, 25 Apr 2022 16:24:33 +0200
|
||||||
|
Subject: [PATCH 1/4] connect: store "conn_remote_port" in the info struct
|
||||||
|
|
||||||
|
To make it available after the connection ended.
|
||||||
|
|
||||||
|
Upstream-commit: 08b8ef4e726ba10f45081ecda5b3cea788d3c839
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
lib/connect.c | 1 +
|
||||||
|
lib/urldata.h | 6 +++++-
|
||||||
|
2 files changed, 6 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/lib/connect.c b/lib/connect.c
|
||||||
|
index f724646..12a8aae 100644
|
||||||
|
--- a/lib/connect.c
|
||||||
|
+++ b/lib/connect.c
|
||||||
|
@@ -614,6 +614,7 @@ void Curl_persistconninfo(struct connectdata *conn)
|
||||||
|
conn->data->info.conn_scheme = conn->handler->scheme;
|
||||||
|
conn->data->info.conn_protocol = conn->handler->protocol;
|
||||||
|
conn->data->info.conn_primary_port = conn->primary_port;
|
||||||
|
+ conn->data->info.conn_remote_port = conn->remote_port;
|
||||||
|
conn->data->info.conn_local_port = conn->local_port;
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/lib/urldata.h b/lib/urldata.h
|
||||||
|
index 4bb0a84..cadf0e5 100644
|
||||||
|
--- a/lib/urldata.h
|
||||||
|
+++ b/lib/urldata.h
|
||||||
|
@@ -1050,7 +1050,11 @@ struct PureInfo {
|
||||||
|
reused, in the connection cache. */
|
||||||
|
|
||||||
|
char conn_primary_ip[MAX_IPADR_LEN];
|
||||||
|
- long conn_primary_port;
|
||||||
|
+ long conn_primary_port;/* this is the destination port to the connection,
|
||||||
|
+ which might have been a proxy */
|
||||||
|
+ int conn_remote_port; /* this is the "remote port", which is the port
|
||||||
|
+ number of the used URL, independent of proxy or
|
||||||
|
+ not */
|
||||||
|
|
||||||
|
char conn_local_ip[MAX_IPADR_LEN];
|
||||||
|
long conn_local_port;
|
||||||
|
--
|
||||||
|
2.34.1
|
||||||
|
|
||||||
|
|
||||||
|
From 6307fa6f9784402ba58697f46ba04354225391b7 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daniel Stenberg <daniel@haxx.se>
|
||||||
|
Date: Mon, 25 Apr 2022 16:24:33 +0200
|
||||||
|
Subject: [PATCH 2/4] transfer: redirects to other protocols or ports clear
|
||||||
|
auth
|
||||||
|
|
||||||
|
... unless explicitly permitted.
|
||||||
|
|
||||||
|
Bug: https://curl.se/docs/CVE-2022-27774.html
|
||||||
|
Reported-by: Harry Sintonen
|
||||||
|
Closes #8748
|
||||||
|
|
||||||
|
Upstream-commit: 620ea21410030a9977396b4661806bc187231b79
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
lib/transfer.c | 63 ++++++++++++++++++++++++++++++++++++++++++++++++++
|
||||||
|
lib/url.c | 27 ++++++++++++++--------
|
||||||
|
lib/urldata.h | 1 +
|
||||||
|
3 files changed, 81 insertions(+), 10 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/transfer.c b/lib/transfer.c
|
||||||
|
index ad5a7ba..2022cba 100644
|
||||||
|
--- a/lib/transfer.c
|
||||||
|
+++ b/lib/transfer.c
|
||||||
|
@@ -1370,6 +1370,7 @@ CURLcode Curl_pretransfer(struct Curl_easy *data)
|
||||||
|
data->state.wildcardmatch = data->set.wildcard_enabled;
|
||||||
|
data->set.followlocation = 0; /* reset the location-follow counter */
|
||||||
|
data->state.this_is_a_follow = FALSE; /* reset this */
|
||||||
|
+ data->state.this_is_a_follow_without_auth = FALSE;
|
||||||
|
data->state.errorbuf = FALSE; /* no error has occurred */
|
||||||
|
data->state.httpversion = 0; /* don't assume any particular server version */
|
||||||
|
|
||||||
|
@@ -1554,6 +1555,68 @@ CURLcode Curl_follow(struct Curl_easy *data,
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
+ /* Clear auth if this redirects to a different port number or protocol,
|
||||||
|
+ unless permitted */
|
||||||
|
+ if(!data->set.allow_auth_to_other_hosts && (type != FOLLOW_FAKE)) {
|
||||||
|
+ int port;
|
||||||
|
+ bool clear = FALSE;
|
||||||
|
+
|
||||||
|
+ CURLU *u = curl_url();
|
||||||
|
+ if(!u)
|
||||||
|
+ return CURLE_OUT_OF_MEMORY;
|
||||||
|
+
|
||||||
|
+ uc = curl_url_set(u, CURLUPART_URL, newurl,
|
||||||
|
+ ((type == FOLLOW_REDIR) ? CURLU_URLENCODE : 0));
|
||||||
|
+ if(uc) {
|
||||||
|
+ infof(data, "Clear auth, curl_url_set() failed\n");
|
||||||
|
+ clear = TRUE;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if(!clear) {
|
||||||
|
+ if(data->set.use_port && data->state.allow_port)
|
||||||
|
+ /* a custom port is used */
|
||||||
|
+ port = (int)data->set.use_port;
|
||||||
|
+ else {
|
||||||
|
+ char *portnum;
|
||||||
|
+ uc = curl_url_get(u, CURLUPART_PORT, &portnum, CURLU_DEFAULT_PORT);
|
||||||
|
+ if(uc) {
|
||||||
|
+ infof(data, "Clear auth, failed to parse port number\n");
|
||||||
|
+ clear = TRUE;
|
||||||
|
+ }
|
||||||
|
+ else {
|
||||||
|
+ port = atoi(portnum);
|
||||||
|
+ free(portnum);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ if(!clear && port != data->info.conn_remote_port) {
|
||||||
|
+ infof(data, "Clear auth, redirects to port from %u to %u\n",
|
||||||
|
+ data->info.conn_remote_port, port);
|
||||||
|
+ clear = TRUE;
|
||||||
|
+ }
|
||||||
|
+ if(!clear) {
|
||||||
|
+ char *scheme;
|
||||||
|
+ const struct Curl_handler *p;
|
||||||
|
+ uc = curl_url_get(u, CURLUPART_SCHEME, &scheme, 0);
|
||||||
|
+ if(uc) {
|
||||||
|
+ infof(data, "Clear auth, failed to parse scheme\n");
|
||||||
|
+ clear = TRUE;
|
||||||
|
+ }
|
||||||
|
+ else {
|
||||||
|
+ p = Curl_builtin_scheme(scheme);
|
||||||
|
+ if(p && (p->protocol != data->info.conn_protocol)) {
|
||||||
|
+ infof(data, "Clear auth, redirects scheme from %s to %s\n",
|
||||||
|
+ data->info.conn_scheme, scheme);
|
||||||
|
+ clear = TRUE;
|
||||||
|
+ }
|
||||||
|
+ free(scheme);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ if(clear)
|
||||||
|
+ data->state.this_is_a_follow_without_auth = TRUE;
|
||||||
|
+ curl_url_cleanup(u);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if(type == FOLLOW_FAKE) {
|
||||||
|
/* we're only figuring out the new url if we would've followed locations
|
||||||
|
but now we're done so we can get out! */
|
||||||
|
diff --git a/lib/url.c b/lib/url.c
|
||||||
|
index ed3c933..7dd5267 100644
|
||||||
|
--- a/lib/url.c
|
||||||
|
+++ b/lib/url.c
|
||||||
|
@@ -3483,18 +3483,25 @@ static CURLcode override_login(struct Curl_easy *data,
|
||||||
|
struct connectdata *conn,
|
||||||
|
char **userp, char **passwdp, char **optionsp)
|
||||||
|
{
|
||||||
|
- if(data->set.str[STRING_USERNAME]) {
|
||||||
|
- free(*userp);
|
||||||
|
- *userp = strdup(data->set.str[STRING_USERNAME]);
|
||||||
|
- if(!*userp)
|
||||||
|
- return CURLE_OUT_OF_MEMORY;
|
||||||
|
+ if(data->state.this_is_a_follow
|
||||||
|
+ && data->state.this_is_a_follow_without_auth)
|
||||||
|
+ {
|
||||||
|
+ conn->bits.user_passwd = FALSE;
|
||||||
|
}
|
||||||
|
+ else {
|
||||||
|
+ if(data->set.str[STRING_USERNAME]) {
|
||||||
|
+ free(*userp);
|
||||||
|
+ *userp = strdup(data->set.str[STRING_USERNAME]);
|
||||||
|
+ if(!*userp)
|
||||||
|
+ return CURLE_OUT_OF_MEMORY;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
- if(data->set.str[STRING_PASSWORD]) {
|
||||||
|
- free(*passwdp);
|
||||||
|
- *passwdp = strdup(data->set.str[STRING_PASSWORD]);
|
||||||
|
- if(!*passwdp)
|
||||||
|
- return CURLE_OUT_OF_MEMORY;
|
||||||
|
+ if(data->set.str[STRING_PASSWORD]) {
|
||||||
|
+ free(*passwdp);
|
||||||
|
+ *passwdp = strdup(data->set.str[STRING_PASSWORD]);
|
||||||
|
+ if(!*passwdp)
|
||||||
|
+ return CURLE_OUT_OF_MEMORY;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
if(data->set.str[STRING_OPTIONS]) {
|
||||||
|
diff --git a/lib/urldata.h b/lib/urldata.h
|
||||||
|
index cadf0e5..026684b 100644
|
||||||
|
--- a/lib/urldata.h
|
||||||
|
+++ b/lib/urldata.h
|
||||||
|
@@ -1234,6 +1234,7 @@ struct UrlState {
|
||||||
|
curl_off_t current_speed; /* the ProgressShow() function sets this,
|
||||||
|
bytes / second */
|
||||||
|
bool this_is_a_follow; /* this is a followed Location: request */
|
||||||
|
+ bool this_is_a_follow_without_auth;
|
||||||
|
bool refused_stream; /* this was refused, try again */
|
||||||
|
|
||||||
|
/* host name, port number and protocol of the first (not followed) request.
|
||||||
|
--
|
||||||
|
2.34.1
|
||||||
|
|
||||||
|
|
||||||
|
From b142f97840dfb033a1776d5a2986385da7753224 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daniel Stenberg <daniel@haxx.se>
|
||||||
|
Date: Mon, 25 Apr 2022 16:24:33 +0200
|
||||||
|
Subject: [PATCH 3/4] tests: verify the fix for CVE-2022-27774
|
||||||
|
|
||||||
|
- Test 973 redirects from HTTP to FTP, clear auth
|
||||||
|
- Test 974 redirects from HTTP to HTTP different port, clear auth
|
||||||
|
- Test 975 redirects from HTTP to FTP, permitted to keep auth
|
||||||
|
- Test 976 redirects from HTTP to HTTP different port, permitted to keep
|
||||||
|
auth
|
||||||
|
|
||||||
|
Upstream-commit: 5295e8d64ac6949ecb3f9e564317a608f51b90d8
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
tests/data/Makefile.inc | 1 +
|
||||||
|
tests/data/test973 | 90 +++++++++++++++++++++++++++++++++++++++++
|
||||||
|
tests/data/test974 | 88 ++++++++++++++++++++++++++++++++++++++++
|
||||||
|
tests/data/test975 | 90 +++++++++++++++++++++++++++++++++++++++++
|
||||||
|
tests/data/test976 | 89 ++++++++++++++++++++++++++++++++++++++++
|
||||||
|
5 files changed, 358 insertions(+)
|
||||||
|
create mode 100644 tests/data/test973
|
||||||
|
create mode 100644 tests/data/test974
|
||||||
|
create mode 100644 tests/data/test975
|
||||||
|
create mode 100644 tests/data/test976
|
||||||
|
|
||||||
|
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
|
||||||
|
index 58c9e31..6c920ff 100644
|
||||||
|
--- a/tests/data/Makefile.inc
|
||||||
|
+++ b/tests/data/Makefile.inc
|
||||||
|
@@ -108,6 +108,7 @@ test927 test928 test929 test930 test931 test932 test933 test934 test935 \
|
||||||
|
test936 test937 test938 test939 test940 test941 test942 test943 test944 \
|
||||||
|
test945 test946 test947 test948 test949 test950 test951 test952 \
|
||||||
|
\
|
||||||
|
+test973 test974 test975 test976 \
|
||||||
|
test980 test981 test982 test983 test984 test985 test986 \
|
||||||
|
\
|
||||||
|
test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 \
|
||||||
|
diff --git a/tests/data/test973 b/tests/data/test973
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000..6fe6ce0
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/tests/data/test973
|
||||||
|
@@ -0,0 +1,90 @@
|
||||||
|
+<testcase>
|
||||||
|
+<info>
|
||||||
|
+<keywords>
|
||||||
|
+HTTP
|
||||||
|
+FTP
|
||||||
|
+--location
|
||||||
|
+</keywords>
|
||||||
|
+</info>
|
||||||
|
+
|
||||||
|
+#
|
||||||
|
+# Server-side
|
||||||
|
+<reply>
|
||||||
|
+<data>
|
||||||
|
+HTTP/1.1 301 redirect
|
||||||
|
+Date: Tue, 09 Nov 2010 14:49:00 GMT
|
||||||
|
+Server: test-server/fake
|
||||||
|
+Content-Length: 0
|
||||||
|
+Connection: close
|
||||||
|
+Content-Type: text/html
|
||||||
|
+Location: ftp://127.0.0.1:8992/a/path/9730002
|
||||||
|
+
|
||||||
|
+</data>
|
||||||
|
+<data2>
|
||||||
|
+data
|
||||||
|
+ to
|
||||||
|
+ see
|
||||||
|
+that FTP
|
||||||
|
+works
|
||||||
|
+ so does it?
|
||||||
|
+</data2>
|
||||||
|
+
|
||||||
|
+<datacheck>
|
||||||
|
+HTTP/1.1 301 redirect
|
||||||
|
+Date: Tue, 09 Nov 2010 14:49:00 GMT
|
||||||
|
+Server: test-server/fake
|
||||||
|
+Content-Length: 0
|
||||||
|
+Connection: close
|
||||||
|
+Content-Type: text/html
|
||||||
|
+Location: ftp://127.0.0.1:8992/a/path/9730002
|
||||||
|
+
|
||||||
|
+data
|
||||||
|
+ to
|
||||||
|
+ see
|
||||||
|
+that FTP
|
||||||
|
+works
|
||||||
|
+ so does it?
|
||||||
|
+</datacheck>
|
||||||
|
+
|
||||||
|
+</reply>
|
||||||
|
+
|
||||||
|
+#
|
||||||
|
+# Client-side
|
||||||
|
+<client>
|
||||||
|
+<server>
|
||||||
|
+http
|
||||||
|
+ftp
|
||||||
|
+</server>
|
||||||
|
+ <name>
|
||||||
|
+HTTP with auth redirected to FTP w/o auth
|
||||||
|
+ </name>
|
||||||
|
+ <command>
|
||||||
|
+http://%HOSTIP:%HTTPPORT/973 -L -u joe:secret
|
||||||
|
+</command>
|
||||||
|
+</client>
|
||||||
|
+
|
||||||
|
+#
|
||||||
|
+# Verify data after the test has been "shot"
|
||||||
|
+<verify>
|
||||||
|
+<strip>
|
||||||
|
+^User-Agent:.*
|
||||||
|
+</strip>
|
||||||
|
+<protocol>
|
||||||
|
+GET /973 HTTP/1.1
|
||||||
|
+Host: %HOSTIP:%HTTPPORT
|
||||||
|
+Authorization: Basic am9lOnNlY3JldA==
|
||||||
|
+Accept: */*
|
||||||
|
+
|
||||||
|
+USER anonymous
|
||||||
|
+PASS ftp@example.com
|
||||||
|
+PWD
|
||||||
|
+CWD a
|
||||||
|
+CWD path
|
||||||
|
+EPSV
|
||||||
|
+TYPE I
|
||||||
|
+SIZE 9730002
|
||||||
|
+RETR 9730002
|
||||||
|
+QUIT
|
||||||
|
+</protocol>
|
||||||
|
+</verify>
|
||||||
|
+</testcase>
|
||||||
|
diff --git a/tests/data/test974 b/tests/data/test974
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000..de02d89
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/tests/data/test974
|
||||||
|
@@ -0,0 +1,88 @@
|
||||||
|
+<testcase>
|
||||||
|
+<info>
|
||||||
|
+<keywords>
|
||||||
|
+HTTP
|
||||||
|
+--location
|
||||||
|
+</keywords>
|
||||||
|
+</info>
|
||||||
|
+
|
||||||
|
+#
|
||||||
|
+# Server-side
|
||||||
|
+<reply>
|
||||||
|
+<data>
|
||||||
|
+HTTP/1.1 301 redirect
|
||||||
|
+Date: Tue, 09 Nov 2010 14:49:00 GMT
|
||||||
|
+Server: test-server/fake
|
||||||
|
+Content-Length: 0
|
||||||
|
+Connection: close
|
||||||
|
+Content-Type: text/html
|
||||||
|
+Location: http://firsthost.com:9999/a/path/9740002
|
||||||
|
+
|
||||||
|
+</data>
|
||||||
|
+<data2>
|
||||||
|
+HTTP/1.1 200 OK
|
||||||
|
+Date: Tue, 09 Nov 2010 14:49:00 GMT
|
||||||
|
+Server: test-server/fake
|
||||||
|
+Content-Length: 4
|
||||||
|
+Connection: close
|
||||||
|
+Content-Type: text/html
|
||||||
|
+
|
||||||
|
+hey
|
||||||
|
+</data2>
|
||||||
|
+
|
||||||
|
+<datacheck>
|
||||||
|
+HTTP/1.1 301 redirect
|
||||||
|
+Date: Tue, 09 Nov 2010 14:49:00 GMT
|
||||||
|
+Server: test-server/fake
|
||||||
|
+Content-Length: 0
|
||||||
|
+Connection: close
|
||||||
|
+Content-Type: text/html
|
||||||
|
+Location: http://firsthost.com:9999/a/path/9740002
|
||||||
|
+
|
||||||
|
+HTTP/1.1 200 OK
|
||||||
|
+Date: Tue, 09 Nov 2010 14:49:00 GMT
|
||||||
|
+Server: test-server/fake
|
||||||
|
+Content-Length: 4
|
||||||
|
+Connection: close
|
||||||
|
+Content-Type: text/html
|
||||||
|
+
|
||||||
|
+hey
|
||||||
|
+</datacheck>
|
||||||
|
+
|
||||||
|
+</reply>
|
||||||
|
+
|
||||||
|
+#
|
||||||
|
+# Client-side
|
||||||
|
+<client>
|
||||||
|
+<server>
|
||||||
|
+http
|
||||||
|
+</server>
|
||||||
|
+ <name>
|
||||||
|
+HTTP with auth redirected to HTTP on a diff port w/o auth
|
||||||
|
+ </name>
|
||||||
|
+ <command>
|
||||||
|
+-x http://%HOSTIP:%HTTPPORT http://firsthost.com -L -u joe:secret
|
||||||
|
+</command>
|
||||||
|
+</client>
|
||||||
|
+
|
||||||
|
+#
|
||||||
|
+# Verify data after the test has been "shot"
|
||||||
|
+<verify>
|
||||||
|
+<strip>
|
||||||
|
+^User-Agent:.*
|
||||||
|
+</strip>
|
||||||
|
+<protocol>
|
||||||
|
+GET http://firsthost.com/ HTTP/1.1
|
||||||
|
+Host: firsthost.com
|
||||||
|
+Authorization: Basic am9lOnNlY3JldA==
|
||||||
|
+Accept: */*
|
||||||
|
+Proxy-Connection: Keep-Alive
|
||||||
|
+
|
||||||
|
+GET http://firsthost.com:9999/a/path/9740002 HTTP/1.1
|
||||||
|
+Host: firsthost.com:9999
|
||||||
|
+Accept: */*
|
||||||
|
+Proxy-Connection: Keep-Alive
|
||||||
|
+
|
||||||
|
+</protocol>
|
||||||
|
+</verify>
|
||||||
|
+</testcase>
|
||||||
|
diff --git a/tests/data/test975 b/tests/data/test975
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000..3a4eccf
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/tests/data/test975
|
||||||
|
@@ -0,0 +1,90 @@
|
||||||
|
+<testcase>
|
||||||
|
+<info>
|
||||||
|
+<keywords>
|
||||||
|
+HTTP
|
||||||
|
+FTP
|
||||||
|
+--location-trusted
|
||||||
|
+</keywords>
|
||||||
|
+</info>
|
||||||
|
+
|
||||||
|
+#
|
||||||
|
+# Server-side
|
||||||
|
+<reply>
|
||||||
|
+<data>
|
||||||
|
+HTTP/1.1 301 redirect
|
||||||
|
+Date: Tue, 09 Nov 2010 14:49:00 GMT
|
||||||
|
+Server: test-server/fake
|
||||||
|
+Content-Length: 0
|
||||||
|
+Connection: close
|
||||||
|
+Content-Type: text/html
|
||||||
|
+Location: ftp://127.0.0.1:8992/a/path/9750002
|
||||||
|
+
|
||||||
|
+</data>
|
||||||
|
+<data2>
|
||||||
|
+data
|
||||||
|
+ to
|
||||||
|
+ see
|
||||||
|
+that FTP
|
||||||
|
+works
|
||||||
|
+ so does it?
|
||||||
|
+</data2>
|
||||||
|
+
|
||||||
|
+<datacheck>
|
||||||
|
+HTTP/1.1 301 redirect
|
||||||
|
+Date: Tue, 09 Nov 2010 14:49:00 GMT
|
||||||
|
+Server: test-server/fake
|
||||||
|
+Content-Length: 0
|
||||||
|
+Connection: close
|
||||||
|
+Content-Type: text/html
|
||||||
|
+Location: ftp://127.0.0.1:8992/a/path/9750002
|
||||||
|
+
|
||||||
|
+data
|
||||||
|
+ to
|
||||||
|
+ see
|
||||||
|
+that FTP
|
||||||
|
+works
|
||||||
|
+ so does it?
|
||||||
|
+</datacheck>
|
||||||
|
+
|
||||||
|
+</reply>
|
||||||
|
+
|
||||||
|
+#
|
||||||
|
+# Client-side
|
||||||
|
+<client>
|
||||||
|
+<server>
|
||||||
|
+http
|
||||||
|
+ftp
|
||||||
|
+</server>
|
||||||
|
+ <name>
|
||||||
|
+HTTP with auth redirected to FTP allowing auth to continue
|
||||||
|
+ </name>
|
||||||
|
+ <command>
|
||||||
|
+http://%HOSTIP:%HTTPPORT/975 --location-trusted -u joe:secret
|
||||||
|
+</command>
|
||||||
|
+</client>
|
||||||
|
+
|
||||||
|
+#
|
||||||
|
+# Verify data after the test has been "shot"
|
||||||
|
+<verify>
|
||||||
|
+<strip>
|
||||||
|
+^User-Agent:.*
|
||||||
|
+</strip>
|
||||||
|
+<protocol>
|
||||||
|
+GET /975 HTTP/1.1
|
||||||
|
+Host: %HOSTIP:%HTTPPORT
|
||||||
|
+Authorization: Basic am9lOnNlY3JldA==
|
||||||
|
+Accept: */*
|
||||||
|
+
|
||||||
|
+USER joe
|
||||||
|
+PASS secret
|
||||||
|
+PWD
|
||||||
|
+CWD a
|
||||||
|
+CWD path
|
||||||
|
+EPSV
|
||||||
|
+TYPE I
|
||||||
|
+SIZE 9750002
|
||||||
|
+RETR 9750002
|
||||||
|
+QUIT
|
||||||
|
+</protocol>
|
||||||
|
+</verify>
|
||||||
|
+</testcase>
|
||||||
|
diff --git a/tests/data/test976 b/tests/data/test976
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000..3b6fac7
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/tests/data/test976
|
||||||
|
@@ -0,0 +1,89 @@
|
||||||
|
+<testcase>
|
||||||
|
+<info>
|
||||||
|
+<keywords>
|
||||||
|
+HTTP
|
||||||
|
+--location-trusted
|
||||||
|
+</keywords>
|
||||||
|
+</info>
|
||||||
|
+
|
||||||
|
+#
|
||||||
|
+# Server-side
|
||||||
|
+<reply>
|
||||||
|
+<data>
|
||||||
|
+HTTP/1.1 301 redirect
|
||||||
|
+Date: Tue, 09 Nov 2010 14:49:00 GMT
|
||||||
|
+Server: test-server/fake
|
||||||
|
+Content-Length: 0
|
||||||
|
+Connection: close
|
||||||
|
+Content-Type: text/html
|
||||||
|
+Location: http://firsthost.com:9999/a/path/9760002
|
||||||
|
+
|
||||||
|
+</data>
|
||||||
|
+<data2>
|
||||||
|
+HTTP/1.1 200 OK
|
||||||
|
+Date: Tue, 09 Nov 2010 14:49:00 GMT
|
||||||
|
+Server: test-server/fake
|
||||||
|
+Content-Length: 4
|
||||||
|
+Connection: close
|
||||||
|
+Content-Type: text/html
|
||||||
|
+
|
||||||
|
+hey
|
||||||
|
+</data2>
|
||||||
|
+
|
||||||
|
+<datacheck>
|
||||||
|
+HTTP/1.1 301 redirect
|
||||||
|
+Date: Tue, 09 Nov 2010 14:49:00 GMT
|
||||||
|
+Server: test-server/fake
|
||||||
|
+Content-Length: 0
|
||||||
|
+Connection: close
|
||||||
|
+Content-Type: text/html
|
||||||
|
+Location: http://firsthost.com:9999/a/path/9760002
|
||||||
|
+
|
||||||
|
+HTTP/1.1 200 OK
|
||||||
|
+Date: Tue, 09 Nov 2010 14:49:00 GMT
|
||||||
|
+Server: test-server/fake
|
||||||
|
+Content-Length: 4
|
||||||
|
+Connection: close
|
||||||
|
+Content-Type: text/html
|
||||||
|
+
|
||||||
|
+hey
|
||||||
|
+</datacheck>
|
||||||
|
+
|
||||||
|
+</reply>
|
||||||
|
+
|
||||||
|
+#
|
||||||
|
+# Client-side
|
||||||
|
+<client>
|
||||||
|
+<server>
|
||||||
|
+http
|
||||||
|
+</server>
|
||||||
|
+ <name>
|
||||||
|
+HTTP with auth redirected to HTTP on a diff port --location-trusted
|
||||||
|
+ </name>
|
||||||
|
+ <command>
|
||||||
|
+-x http://%HOSTIP:%HTTPPORT http://firsthost.com --location-trusted -u joe:secret
|
||||||
|
+</command>
|
||||||
|
+</client>
|
||||||
|
+
|
||||||
|
+#
|
||||||
|
+# Verify data after the test has been "shot"
|
||||||
|
+<verify>
|
||||||
|
+<strip>
|
||||||
|
+^User-Agent:.*
|
||||||
|
+</strip>
|
||||||
|
+<protocol>
|
||||||
|
+GET http://firsthost.com/ HTTP/1.1
|
||||||
|
+Host: firsthost.com
|
||||||
|
+Authorization: Basic am9lOnNlY3JldA==
|
||||||
|
+Accept: */*
|
||||||
|
+Proxy-Connection: Keep-Alive
|
||||||
|
+
|
||||||
|
+GET http://firsthost.com:9999/a/path/9760002 HTTP/1.1
|
||||||
|
+Host: firsthost.com:9999
|
||||||
|
+Authorization: Basic am9lOnNlY3JldA==
|
||||||
|
+Accept: */*
|
||||||
|
+Proxy-Connection: Keep-Alive
|
||||||
|
+
|
||||||
|
+</protocol>
|
||||||
|
+</verify>
|
||||||
|
+</testcase>
|
||||||
|
--
|
||||||
|
2.34.1
|
||||||
|
|
||||||
|
|
||||||
|
From cf98bd64b9949c50d4726eb26745c2f7fdf3a075 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daniel Stenberg <daniel@haxx.se>
|
||||||
|
Date: Mon, 25 Apr 2022 17:59:15 +0200
|
||||||
|
Subject: [PATCH 4/4] openssl: don't leak the SRP credentials in redirects
|
||||||
|
either
|
||||||
|
|
||||||
|
Follow-up to 620ea21410030
|
||||||
|
|
||||||
|
Reported-by: Harry Sintonen
|
||||||
|
Closes #8751
|
||||||
|
|
||||||
|
Upstream-commit: 139a54ed0a172adaaf1a78d6f4fff50b2c3f9e08
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
lib/http.c | 10 +++++-----
|
||||||
|
lib/http.h | 6 ++++++
|
||||||
|
lib/vtls/openssl.c | 3 ++-
|
||||||
|
3 files changed, 13 insertions(+), 6 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/http.c b/lib/http.c
|
||||||
|
index 39fc7aa..d413738 100644
|
||||||
|
--- a/lib/http.c
|
||||||
|
+++ b/lib/http.c
|
||||||
|
@@ -689,10 +689,10 @@ output_auth_headers(struct connectdata *conn,
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
- * allow_auth_to_host() tells if autentication, cookies or other "sensitive
|
||||||
|
- * data" can (still) be sent to this host.
|
||||||
|
+ * Curl_allow_auth_to_host() tells if authentication, cookies or other
|
||||||
|
+ * "sensitive data" can (still) be sent to this host.
|
||||||
|
*/
|
||||||
|
-static bool allow_auth_to_host(struct connectdata *conn)
|
||||||
|
+bool Curl_allow_auth_to_host(struct connectdata *conn)
|
||||||
|
{
|
||||||
|
struct Curl_easy *data = conn->data;
|
||||||
|
return (!data->state.this_is_a_follow ||
|
||||||
|
@@ -773,7 +773,7 @@ Curl_http_output_auth(struct connectdata *conn,
|
||||||
|
|
||||||
|
/* To prevent the user+password to get sent to other than the original host
|
||||||
|
due to a location-follow */
|
||||||
|
- if(allow_auth_to_host(conn)
|
||||||
|
+ if(Curl_allow_auth_to_host(conn)
|
||||||
|
|| conn->bits.netrc)
|
||||||
|
result = output_auth_headers(conn, authhost, request, path, FALSE);
|
||||||
|
else
|
||||||
|
@@ -1789,7 +1789,7 @@ CURLcode Curl_add_custom_headers(struct connectdata *conn,
|
||||||
|
checkprefix("Cookie:", headers->data)) &&
|
||||||
|
/* be careful of sending this potentially sensitive header to
|
||||||
|
other hosts */
|
||||||
|
- !allow_auth_to_host(conn))
|
||||||
|
+ !Curl_allow_auth_to_host(conn))
|
||||||
|
;
|
||||||
|
else {
|
||||||
|
result = Curl_add_bufferf(req_buffer, "%s\r\n", headers->data);
|
||||||
|
diff --git a/lib/http.h b/lib/http.h
|
||||||
|
index 1d373e8..56a6061 100644
|
||||||
|
--- a/lib/http.h
|
||||||
|
+++ b/lib/http.h
|
||||||
|
@@ -252,5 +252,11 @@ Curl_http_output_auth(struct connectdata *conn,
|
||||||
|
bool proxytunnel); /* TRUE if this is the request setting
|
||||||
|
up the proxy tunnel */
|
||||||
|
|
||||||
|
+/*
|
||||||
|
+ * Curl_allow_auth_to_host() tells if authentication, cookies or other
|
||||||
|
+ * "sensitive data" can (still) be sent to this host.
|
||||||
|
+ */
|
||||||
|
+bool Curl_allow_auth_to_host(struct connectdata *conn);
|
||||||
|
+
|
||||||
|
#endif /* HEADER_CURL_HTTP_H */
|
||||||
|
|
||||||
|
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
|
||||||
|
index 28eaa6d..6c8faa2 100644
|
||||||
|
--- a/lib/vtls/openssl.c
|
||||||
|
+++ b/lib/vtls/openssl.c
|
||||||
|
@@ -2499,7 +2499,8 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifdef USE_TLS_SRP
|
||||||
|
- if(ssl_authtype == CURL_TLSAUTH_SRP) {
|
||||||
|
+ if((ssl_authtype == CURL_TLSAUTH_SRP) &&
|
||||||
|
+ Curl_allow_auth_to_host(conn)) {
|
||||||
|
char * const ssl_username = SSL_SET_OPTION(username);
|
||||||
|
|
||||||
|
infof(data, "Using TLS-SRP username: %s\n", ssl_username);
|
||||||
|
--
|
||||||
|
2.34.1
|
||||||
|
|
364
SOURCES/0039-curl-7.61.1-CVE-2022-27782.patch
Normal file
364
SOURCES/0039-curl-7.61.1-CVE-2022-27782.patch
Normal file
@ -0,0 +1,364 @@
|
|||||||
|
From d4247fa7baf0859729fff2fe5cf0bfab8322d1a5 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daniel Stenberg <daniel@haxx.se>
|
||||||
|
Date: Mon, 9 May 2022 23:13:53 +0200
|
||||||
|
Subject: [PATCH 1/2] tls: check more TLS details for connection reuse
|
||||||
|
|
||||||
|
CVE-2022-27782
|
||||||
|
|
||||||
|
Reported-by: Harry Sintonen
|
||||||
|
Bug: https://curl.se/docs/CVE-2022-27782.html
|
||||||
|
Closes #8825
|
||||||
|
|
||||||
|
Upstream-commit: f18af4f874cecab82a9797e8c7541e0990c7a64c
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
lib/setopt.c | 29 +++++++++++++++++------------
|
||||||
|
lib/url.c | 19 ++++++++++++-------
|
||||||
|
lib/urldata.h | 14 +++++++-------
|
||||||
|
lib/vtls/openssl.c | 10 +++++-----
|
||||||
|
lib/vtls/vtls.c | 21 +++++++++++++++++++++
|
||||||
|
5 files changed, 62 insertions(+), 31 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/setopt.c b/lib/setopt.c
|
||||||
|
index b07ccfe..319a010 100644
|
||||||
|
--- a/lib/setopt.c
|
||||||
|
+++ b/lib/setopt.c
|
||||||
|
@@ -2044,6 +2044,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option,
|
||||||
|
|
||||||
|
case CURLOPT_SSL_OPTIONS:
|
||||||
|
arg = va_arg(param, long);
|
||||||
|
+ data->set.ssl.primary.ssl_options = (unsigned char)(arg & 0xff);
|
||||||
|
data->set.ssl.enable_beast = arg&CURLSSLOPT_ALLOW_BEAST?TRUE:FALSE;
|
||||||
|
data->set.ssl.no_revoke = !!(arg & CURLSSLOPT_NO_REVOKE);
|
||||||
|
data->set.ssl.no_partialchain = !!(arg & CURLSSLOPT_NO_PARTIALCHAIN);
|
||||||
|
@@ -2051,6 +2052,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option,
|
||||||
|
|
||||||
|
case CURLOPT_PROXY_SSL_OPTIONS:
|
||||||
|
arg = va_arg(param, long);
|
||||||
|
+ data->set.proxy_ssl.primary.ssl_options = (unsigned char)(arg & 0xff);
|
||||||
|
data->set.proxy_ssl.enable_beast = arg&CURLSSLOPT_ALLOW_BEAST?TRUE:FALSE;
|
||||||
|
data->set.proxy_ssl.no_revoke = !!(arg & CURLSSLOPT_NO_REVOKE);
|
||||||
|
break;
|
||||||
|
@@ -2451,44 +2453,47 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option,
|
||||||
|
case CURLOPT_TLSAUTH_USERNAME:
|
||||||
|
result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_USERNAME],
|
||||||
|
va_arg(param, char *));
|
||||||
|
- if(data->set.str[STRING_TLSAUTH_USERNAME] && !data->set.ssl.authtype)
|
||||||
|
- data->set.ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */
|
||||||
|
+ if(data->set.str[STRING_TLSAUTH_USERNAME] &&
|
||||||
|
+ !data->set.ssl.primary.authtype)
|
||||||
|
+ data->set.ssl.primary.authtype = CURL_TLSAUTH_SRP; /* default to SRP */
|
||||||
|
break;
|
||||||
|
case CURLOPT_PROXY_TLSAUTH_USERNAME:
|
||||||
|
result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_USERNAME_PROXY],
|
||||||
|
va_arg(param, char *));
|
||||||
|
if(data->set.str[STRING_TLSAUTH_USERNAME_PROXY] &&
|
||||||
|
- !data->set.proxy_ssl.authtype)
|
||||||
|
- data->set.proxy_ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */
|
||||||
|
+ !data->set.proxy_ssl.primary.authtype)
|
||||||
|
+ data->set.proxy_ssl.primary.authtype = CURL_TLSAUTH_SRP; /* default to
|
||||||
|
+ SRP */
|
||||||
|
break;
|
||||||
|
case CURLOPT_TLSAUTH_PASSWORD:
|
||||||
|
result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_PASSWORD],
|
||||||
|
va_arg(param, char *));
|
||||||
|
- if(data->set.str[STRING_TLSAUTH_USERNAME] && !data->set.ssl.authtype)
|
||||||
|
- data->set.ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */
|
||||||
|
+ if(data->set.str[STRING_TLSAUTH_USERNAME] &&
|
||||||
|
+ !data->set.ssl.primary.authtype)
|
||||||
|
+ data->set.ssl.primary.authtype = CURL_TLSAUTH_SRP; /* default */
|
||||||
|
break;
|
||||||
|
case CURLOPT_PROXY_TLSAUTH_PASSWORD:
|
||||||
|
result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_PASSWORD_PROXY],
|
||||||
|
va_arg(param, char *));
|
||||||
|
if(data->set.str[STRING_TLSAUTH_USERNAME_PROXY] &&
|
||||||
|
- !data->set.proxy_ssl.authtype)
|
||||||
|
- data->set.proxy_ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */
|
||||||
|
+ !data->set.proxy_ssl.primary.authtype)
|
||||||
|
+ data->set.proxy_ssl.primary.authtype = CURL_TLSAUTH_SRP; /* default */
|
||||||
|
break;
|
||||||
|
case CURLOPT_TLSAUTH_TYPE:
|
||||||
|
argptr = va_arg(param, char *);
|
||||||
|
if(!argptr ||
|
||||||
|
strncasecompare(argptr, "SRP", strlen("SRP")))
|
||||||
|
- data->set.ssl.authtype = CURL_TLSAUTH_SRP;
|
||||||
|
+ data->set.ssl.primary.authtype = CURL_TLSAUTH_SRP;
|
||||||
|
else
|
||||||
|
- data->set.ssl.authtype = CURL_TLSAUTH_NONE;
|
||||||
|
+ data->set.ssl.primary.authtype = CURL_TLSAUTH_NONE;
|
||||||
|
break;
|
||||||
|
case CURLOPT_PROXY_TLSAUTH_TYPE:
|
||||||
|
argptr = va_arg(param, char *);
|
||||||
|
if(!argptr ||
|
||||||
|
strncasecompare(argptr, "SRP", strlen("SRP")))
|
||||||
|
- data->set.proxy_ssl.authtype = CURL_TLSAUTH_SRP;
|
||||||
|
+ data->set.proxy_ssl.primary.authtype = CURL_TLSAUTH_SRP;
|
||||||
|
else
|
||||||
|
- data->set.proxy_ssl.authtype = CURL_TLSAUTH_NONE;
|
||||||
|
+ data->set.proxy_ssl.primary.authtype = CURL_TLSAUTH_NONE;
|
||||||
|
break;
|
||||||
|
#endif
|
||||||
|
case CURLOPT_DNS_SERVERS:
|
||||||
|
diff --git a/lib/url.c b/lib/url.c
|
||||||
|
index 7dd5267..30fc5ad 100644
|
||||||
|
--- a/lib/url.c
|
||||||
|
+++ b/lib/url.c
|
||||||
|
@@ -461,7 +461,7 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data)
|
||||||
|
set->ssl.primary.verifypeer = TRUE;
|
||||||
|
set->ssl.primary.verifyhost = TRUE;
|
||||||
|
#ifdef USE_TLS_SRP
|
||||||
|
- set->ssl.authtype = CURL_TLSAUTH_NONE;
|
||||||
|
+ set->ssl.primary.authtype = CURL_TLSAUTH_NONE;
|
||||||
|
#endif
|
||||||
|
set->ssh_auth_types = CURLSSH_AUTH_DEFAULT; /* defaults to any auth
|
||||||
|
type */
|
||||||
|
@@ -1881,10 +1881,12 @@ static struct connectdata *allocate_conn(struct Curl_easy *data)
|
||||||
|
conn->ssl_config.verifystatus = data->set.ssl.primary.verifystatus;
|
||||||
|
conn->ssl_config.verifypeer = data->set.ssl.primary.verifypeer;
|
||||||
|
conn->ssl_config.verifyhost = data->set.ssl.primary.verifyhost;
|
||||||
|
+ conn->ssl_config.ssl_options = data->set.ssl.primary.ssl_options;
|
||||||
|
conn->proxy_ssl_config.verifystatus =
|
||||||
|
data->set.proxy_ssl.primary.verifystatus;
|
||||||
|
conn->proxy_ssl_config.verifypeer = data->set.proxy_ssl.primary.verifypeer;
|
||||||
|
conn->proxy_ssl_config.verifyhost = data->set.proxy_ssl.primary.verifyhost;
|
||||||
|
+ conn->proxy_ssl_config.ssl_options = data->set.proxy_ssl.primary.ssl_options;
|
||||||
|
|
||||||
|
conn->ip_version = data->set.ipver;
|
||||||
|
|
||||||
|
@@ -4362,8 +4364,9 @@ static CURLcode create_conn(struct Curl_easy *data,
|
||||||
|
data->set.proxy_ssl.primary.cipher_list13 =
|
||||||
|
data->set.str[STRING_SSL_CIPHER13_LIST_PROXY];
|
||||||
|
|
||||||
|
- data->set.ssl.CRLfile = data->set.str[STRING_SSL_CRLFILE];
|
||||||
|
- data->set.proxy_ssl.CRLfile = data->set.str[STRING_SSL_CRLFILE_PROXY];
|
||||||
|
+ data->set.ssl.primary.CRLfile = data->set.str[STRING_SSL_CRLFILE];
|
||||||
|
+ data->set.proxy_ssl.primary.CRLfile =
|
||||||
|
+ data->set.str[STRING_SSL_CRLFILE_PROXY];
|
||||||
|
data->set.ssl.cert = data->set.str[STRING_CERT];
|
||||||
|
data->set.proxy_ssl.cert = data->set.str[STRING_CERT_PROXY];
|
||||||
|
data->set.ssl.cert_type = data->set.str[STRING_CERT_TYPE];
|
||||||
|
@@ -4377,10 +4380,12 @@ static CURLcode create_conn(struct Curl_easy *data,
|
||||||
|
data->set.ssl.primary.clientcert = data->set.str[STRING_CERT];
|
||||||
|
data->set.proxy_ssl.primary.clientcert = data->set.str[STRING_CERT_PROXY];
|
||||||
|
#ifdef USE_TLS_SRP
|
||||||
|
- data->set.ssl.username = data->set.str[STRING_TLSAUTH_USERNAME];
|
||||||
|
- data->set.proxy_ssl.username = data->set.str[STRING_TLSAUTH_USERNAME_PROXY];
|
||||||
|
- data->set.ssl.password = data->set.str[STRING_TLSAUTH_PASSWORD];
|
||||||
|
- data->set.proxy_ssl.password = data->set.str[STRING_TLSAUTH_PASSWORD_PROXY];
|
||||||
|
+ data->set.ssl.primary.username = data->set.str[STRING_TLSAUTH_USERNAME];
|
||||||
|
+ data->set.ssl.primary.password = data->set.str[STRING_TLSAUTH_PASSWORD];
|
||||||
|
+ data->set.proxy_ssl.primary.username =
|
||||||
|
+ data->set.str[STRING_TLSAUTH_USERNAME_PROXY];
|
||||||
|
+ data->set.proxy_ssl.primary.password =
|
||||||
|
+ data->set.str[STRING_TLSAUTH_PASSWORD_PROXY];
|
||||||
|
#endif
|
||||||
|
|
||||||
|
if(!Curl_clone_primary_ssl_config(&data->set.ssl.primary,
|
||||||
|
diff --git a/lib/urldata.h b/lib/urldata.h
|
||||||
|
index 026684b..0e48841 100644
|
||||||
|
--- a/lib/urldata.h
|
||||||
|
+++ b/lib/urldata.h
|
||||||
|
@@ -229,6 +229,13 @@ struct ssl_primary_config {
|
||||||
|
char *egdsocket; /* path to file containing the EGD daemon socket */
|
||||||
|
char *cipher_list; /* list of ciphers to use */
|
||||||
|
char *cipher_list13; /* list of TLS 1.3 cipher suites to use */
|
||||||
|
+ char *CRLfile; /* CRL to check certificate revocation */
|
||||||
|
+#ifdef USE_TLS_SRP
|
||||||
|
+ char *username; /* TLS username (for, e.g., SRP) */
|
||||||
|
+ char *password; /* TLS password (for, e.g., SRP) */
|
||||||
|
+ enum CURL_TLSAUTH authtype; /* TLS authentication type (default SRP) */
|
||||||
|
+#endif
|
||||||
|
+ unsigned char ssl_options; /* the CURLOPT_SSL_OPTIONS bitmask */
|
||||||
|
};
|
||||||
|
|
||||||
|
struct ssl_config_data {
|
||||||
|
@@ -238,7 +245,6 @@ struct ssl_config_data {
|
||||||
|
bool no_revoke; /* disable SSL certificate revocation checks */
|
||||||
|
bool no_partialchain; /* don't accept partial certificate chains */
|
||||||
|
long certverifyresult; /* result from the certificate verification */
|
||||||
|
- char *CRLfile; /* CRL to check certificate revocation */
|
||||||
|
curl_ssl_ctx_callback fsslctx; /* function to initialize ssl ctx */
|
||||||
|
void *fsslctxp; /* parameter for call back */
|
||||||
|
bool certinfo; /* gather lots of certificate info */
|
||||||
|
@@ -249,12 +255,6 @@ struct ssl_config_data {
|
||||||
|
char *key; /* private key file name */
|
||||||
|
char *key_type; /* format for private key (default: PEM) */
|
||||||
|
char *key_passwd; /* plain text private key password */
|
||||||
|
-
|
||||||
|
-#ifdef USE_TLS_SRP
|
||||||
|
- char *username; /* TLS username (for, e.g., SRP) */
|
||||||
|
- char *password; /* TLS password (for, e.g., SRP) */
|
||||||
|
- enum CURL_TLSAUTH authtype; /* TLS authentication type (default SRP) */
|
||||||
|
-#endif
|
||||||
|
};
|
||||||
|
|
||||||
|
struct ssl_general_config {
|
||||||
|
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
|
||||||
|
index 6c8faa2..75ff8d8 100644
|
||||||
|
--- a/lib/vtls/openssl.c
|
||||||
|
+++ b/lib/vtls/openssl.c
|
||||||
|
@@ -2232,14 +2232,14 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
|
||||||
|
&data->set.proxy_ssl.certverifyresult : &data->set.ssl.certverifyresult;
|
||||||
|
const long int ssl_version = SSL_CONN_CONFIG(version);
|
||||||
|
#ifdef USE_TLS_SRP
|
||||||
|
- const enum CURL_TLSAUTH ssl_authtype = SSL_SET_OPTION(authtype);
|
||||||
|
+ const enum CURL_TLSAUTH ssl_authtype = SSL_SET_OPTION(primary.authtype);
|
||||||
|
#endif
|
||||||
|
char * const ssl_cert = SSL_SET_OPTION(cert);
|
||||||
|
const char * const ssl_cert_type = SSL_SET_OPTION(cert_type);
|
||||||
|
const char * const ssl_cafile = SSL_CONN_CONFIG(CAfile);
|
||||||
|
const char * const ssl_capath = SSL_CONN_CONFIG(CApath);
|
||||||
|
const bool verifypeer = SSL_CONN_CONFIG(verifypeer);
|
||||||
|
- const char * const ssl_crlfile = SSL_SET_OPTION(CRLfile);
|
||||||
|
+ const char * const ssl_crlfile = SSL_SET_OPTION(primary.CRLfile);
|
||||||
|
char error_buffer[256];
|
||||||
|
|
||||||
|
DEBUGASSERT(ssl_connect_1 == connssl->connecting_state);
|
||||||
|
@@ -2501,15 +2501,15 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
|
||||||
|
#ifdef USE_TLS_SRP
|
||||||
|
if((ssl_authtype == CURL_TLSAUTH_SRP) &&
|
||||||
|
Curl_allow_auth_to_host(conn)) {
|
||||||
|
- char * const ssl_username = SSL_SET_OPTION(username);
|
||||||
|
-
|
||||||
|
+ char * const ssl_username = SSL_SET_OPTION(primary.username);
|
||||||
|
+ char * const ssl_password = SSL_SET_OPTION(primary.password);
|
||||||
|
infof(data, "Using TLS-SRP username: %s\n", ssl_username);
|
||||||
|
|
||||||
|
if(!SSL_CTX_set_srp_username(BACKEND->ctx, ssl_username)) {
|
||||||
|
failf(data, "Unable to set SRP user name");
|
||||||
|
return CURLE_BAD_FUNCTION_ARGUMENT;
|
||||||
|
}
|
||||||
|
- if(!SSL_CTX_set_srp_password(BACKEND->ctx, SSL_SET_OPTION(password))) {
|
||||||
|
+ if(!SSL_CTX_set_srp_password(BACKEND->ctx, ssl_password)) {
|
||||||
|
failf(data, "failed setting SRP password");
|
||||||
|
return CURLE_BAD_FUNCTION_ARGUMENT;
|
||||||
|
}
|
||||||
|
diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c
|
||||||
|
index bdff93f..2b14fa6 100644
|
||||||
|
--- a/lib/vtls/vtls.c
|
||||||
|
+++ b/lib/vtls/vtls.c
|
||||||
|
@@ -88,6 +88,7 @@ Curl_ssl_config_matches(struct ssl_primary_config* data,
|
||||||
|
{
|
||||||
|
if((data->version == needle->version) &&
|
||||||
|
(data->version_max == needle->version_max) &&
|
||||||
|
+ (data->ssl_options == needle->ssl_options) &&
|
||||||
|
(data->verifypeer == needle->verifypeer) &&
|
||||||
|
(data->verifyhost == needle->verifyhost) &&
|
||||||
|
(data->verifystatus == needle->verifystatus) &&
|
||||||
|
@@ -96,6 +97,12 @@ Curl_ssl_config_matches(struct ssl_primary_config* data,
|
||||||
|
Curl_safecmp(data->clientcert, needle->clientcert) &&
|
||||||
|
Curl_safecmp(data->random_file, needle->random_file) &&
|
||||||
|
Curl_safecmp(data->egdsocket, needle->egdsocket) &&
|
||||||
|
+#ifdef USE_TLS_SRP
|
||||||
|
+ Curl_safecmp(data->username, needle->username) &&
|
||||||
|
+ Curl_safecmp(data->password, needle->password) &&
|
||||||
|
+ (data->authtype == needle->authtype) &&
|
||||||
|
+#endif
|
||||||
|
+ Curl_safe_strcasecompare(data->CRLfile, needle->CRLfile) &&
|
||||||
|
Curl_safe_strcasecompare(data->cipher_list, needle->cipher_list) &&
|
||||||
|
Curl_safe_strcasecompare(data->cipher_list13, needle->cipher_list13))
|
||||||
|
return TRUE;
|
||||||
|
@@ -113,6 +120,10 @@ Curl_clone_primary_ssl_config(struct ssl_primary_config *source,
|
||||||
|
dest->verifyhost = source->verifyhost;
|
||||||
|
dest->verifystatus = source->verifystatus;
|
||||||
|
dest->sessionid = source->sessionid;
|
||||||
|
+ dest->ssl_options = source->ssl_options;
|
||||||
|
+#ifdef USE_TLS_SRP
|
||||||
|
+ dest->authtype = source->authtype;
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
CLONE_STRING(CApath);
|
||||||
|
CLONE_STRING(CAfile);
|
||||||
|
@@ -122,6 +133,11 @@ Curl_clone_primary_ssl_config(struct ssl_primary_config *source,
|
||||||
|
CLONE_STRING(egdsocket);
|
||||||
|
CLONE_STRING(cipher_list);
|
||||||
|
CLONE_STRING(cipher_list13);
|
||||||
|
+ CLONE_STRING(CRLfile);
|
||||||
|
+#ifdef USE_TLS_SRP
|
||||||
|
+ CLONE_STRING(username);
|
||||||
|
+ CLONE_STRING(password);
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
return TRUE;
|
||||||
|
}
|
||||||
|
@@ -136,6 +152,11 @@ void Curl_free_primary_ssl_config(struct ssl_primary_config* sslc)
|
||||||
|
Curl_safefree(sslc->egdsocket);
|
||||||
|
Curl_safefree(sslc->cipher_list);
|
||||||
|
Curl_safefree(sslc->cipher_list13);
|
||||||
|
+ Curl_safefree(sslc->CRLfile);
|
||||||
|
+#ifdef USE_TLS_SRP
|
||||||
|
+ Curl_safefree(sslc->username);
|
||||||
|
+ Curl_safefree(sslc->password);
|
||||||
|
+#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
#ifdef USE_SSL
|
||||||
|
--
|
||||||
|
2.34.1
|
||||||
|
|
||||||
|
|
||||||
|
From a9cf46e6c6c9a4261f3ea8500dfef87c1436908b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daniel Stenberg <daniel@haxx.se>
|
||||||
|
Date: Mon, 9 May 2022 23:13:53 +0200
|
||||||
|
Subject: [PATCH 2/2] url: check SSH config match on connection reuse
|
||||||
|
|
||||||
|
CVE-2022-27782
|
||||||
|
|
||||||
|
Reported-by: Harry Sintonen
|
||||||
|
Bug: https://curl.se/docs/CVE-2022-27782.html
|
||||||
|
Closes #8825
|
||||||
|
|
||||||
|
Upstream-commit: 1645e9b44505abd5cbaf65da5282c3f33b5924a5
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
lib/ssh.h | 4 ++--
|
||||||
|
lib/url.c | 11 +++++++++++
|
||||||
|
2 files changed, 13 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/ssh.h b/lib/ssh.h
|
||||||
|
index 0620aac..1114f8a 100644
|
||||||
|
--- a/lib/ssh.h
|
||||||
|
+++ b/lib/ssh.h
|
||||||
|
@@ -117,8 +117,8 @@ struct ssh_conn {
|
||||||
|
|
||||||
|
/* common */
|
||||||
|
const char *passphrase; /* pass-phrase to use */
|
||||||
|
- char *rsa_pub; /* path name */
|
||||||
|
- char *rsa; /* path name */
|
||||||
|
+ char *rsa_pub; /* strdup'ed public key file */
|
||||||
|
+ char *rsa; /* strdup'ed private key file */
|
||||||
|
bool authed; /* the connection has been authenticated fine */
|
||||||
|
sshstate state; /* always use ssh.c:state() to change state! */
|
||||||
|
sshstate nextstate; /* the state to goto after stopping */
|
||||||
|
diff --git a/lib/url.c b/lib/url.c
|
||||||
|
index 30fc5ad..8653ebb 100644
|
||||||
|
--- a/lib/url.c
|
||||||
|
+++ b/lib/url.c
|
||||||
|
@@ -1030,6 +1030,12 @@ static size_t max_pipeline_length(struct Curl_multi *multi)
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
+static bool ssh_config_matches(struct connectdata *one,
|
||||||
|
+ struct connectdata *two)
|
||||||
|
+{
|
||||||
|
+ return (Curl_safecmp(one->proto.sshc.rsa, two->proto.sshc.rsa) &&
|
||||||
|
+ Curl_safecmp(one->proto.sshc.rsa_pub, two->proto.sshc.rsa_pub));
|
||||||
|
+}
|
||||||
|
/*
|
||||||
|
* Given one filled in connection struct (named needle), this function should
|
||||||
|
* detect if there already is one that has all the significant details
|
||||||
|
@@ -1299,6 +1305,11 @@ ConnectionExists(struct Curl_easy *data,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+ if(needle->handler->protocol & (CURLPROTO_SCP|CURLPROTO_SFTP)) {
|
||||||
|
+ if(!ssh_config_matches(needle, check))
|
||||||
|
+ continue;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if(!needle->bits.httpproxy || (needle->handler->flags&PROTOPT_SSL) ||
|
||||||
|
needle->bits.tunnel_proxy) {
|
||||||
|
/* The requested connection does not use a HTTP proxy or it uses SSL or
|
||||||
|
--
|
||||||
|
2.34.1
|
||||||
|
|
@ -1,7 +1,7 @@
|
|||||||
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
||||||
Name: curl
|
Name: curl
|
||||||
Version: 7.61.1
|
Version: 7.61.1
|
||||||
Release: 22%{?dist}
|
Release: 22%{?dist}.3
|
||||||
License: MIT
|
License: MIT
|
||||||
Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz
|
Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz
|
||||||
|
|
||||||
@ -100,6 +100,18 @@ Patch34: 0034-curl-7.61.1-CVE-2021-22946.patch
|
|||||||
# fix STARTTLS protocol injection via MITM (CVE-2021-22947)
|
# fix STARTTLS protocol injection via MITM (CVE-2021-22947)
|
||||||
Patch35: 0035-curl-7.61.1-CVE-2021-22947.patch
|
Patch35: 0035-curl-7.61.1-CVE-2021-22947.patch
|
||||||
|
|
||||||
|
# fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)
|
||||||
|
Patch36: 0036-curl-7.61.1-CVE-2022-22576.patch
|
||||||
|
|
||||||
|
# fix auth/cookie leak on redirect (CVE-2022-27776)
|
||||||
|
Patch37: 0037-curl-7.61.1-CVE-2022-27776.patch
|
||||||
|
|
||||||
|
# fix credential leak on redirect (CVE-2022-27774)
|
||||||
|
Patch38: 0038-curl-7.61.1-CVE-2022-27774.patch
|
||||||
|
|
||||||
|
# fix too eager reuse of TLS and SSH connections (CVE-2022-27782)
|
||||||
|
Patch39: 0039-curl-7.61.1-CVE-2022-27782.patch
|
||||||
|
|
||||||
# patch making libcurl multilib ready
|
# patch making libcurl multilib ready
|
||||||
Patch101: 0101-curl-7.32.0-multilib.patch
|
Patch101: 0101-curl-7.32.0-multilib.patch
|
||||||
|
|
||||||
@ -305,6 +317,13 @@ sed -e 's|%%HTTPPORT|%{?__isa_bits}90|g' -i tests/data/test1448
|
|||||||
%patch33 -p1
|
%patch33 -p1
|
||||||
%patch34 -p1
|
%patch34 -p1
|
||||||
%patch35 -p1
|
%patch35 -p1
|
||||||
|
%patch36 -p1
|
||||||
|
%patch37 -p1
|
||||||
|
|
||||||
|
%patch38 -p1
|
||||||
|
sed -e 's|:8992/|:%{?__isa_bits}92/|g' -i tests/data/test97{3..6}
|
||||||
|
|
||||||
|
%patch39 -p1
|
||||||
|
|
||||||
# make tests/*.py use Python 3
|
# make tests/*.py use Python 3
|
||||||
sed -e '1 s|^#!/.*python|#!%{__python3}|' -i tests/*.py
|
sed -e '1 s|^#!/.*python|#!%{__python3}|' -i tests/*.py
|
||||||
@ -467,6 +486,17 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
|
|||||||
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
|
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed May 11 2022 Kamil Dudka <kdudka@redhat.com> - 7.61.1-22.el8_6.3
|
||||||
|
- fix too eager reuse of TLS and SSH connections (CVE-2022-27782)
|
||||||
|
|
||||||
|
* Tue May 04 2022 Kamil Dudka <kdudka@redhat.com> - 7.61.1-22.el8_6.2
|
||||||
|
- fix invalid type in printf() argument detected by Coverity
|
||||||
|
|
||||||
|
* Thu Apr 28 2022 Kamil Dudka <kdudka@redhat.com> - 7.61.1-22.el8_6.1
|
||||||
|
- fix credential leak on redirect (CVE-2022-27774)
|
||||||
|
- fix auth/cookie leak on redirect (CVE-2022-27776)
|
||||||
|
- fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)
|
||||||
|
|
||||||
* Fri Sep 17 2021 Kamil Dudka <kdudka@redhat.com> - 7.61.1-22
|
* Fri Sep 17 2021 Kamil Dudka <kdudka@redhat.com> - 7.61.1-22
|
||||||
- fix STARTTLS protocol injection via MITM (CVE-2021-22947)
|
- fix STARTTLS protocol injection via MITM (CVE-2021-22947)
|
||||||
- fix protocol downgrade required TLS bypass (CVE-2021-22946)
|
- fix protocol downgrade required TLS bypass (CVE-2021-22946)
|
||||||
|
Loading…
Reference in New Issue
Block a user