Resolves: CVE-2023-27536 - fix GSS delegation too eager connection re-use
This commit is contained in:
Kamil Dudka
parent
bd2517cc9b
commit
9d1931d0ec
|
|
@ -0,0 +1,54 @@
|
|||
From 9d6dd7bc1dea42ae8e710aeae714e2a2c290de61 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Fri, 10 Mar 2023 09:22:43 +0100
|
||||
Subject: [PATCH] url: only reuse connections with same GSS delegation
|
||||
|
||||
Reported-by: Harry Sintonen
|
||||
Closes #10731
|
||||
|
||||
Upstream-commit: cb49e67303dbafbab1cebf4086e3ec15b7d56ee5
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
lib/url.c | 6 ++++++
|
||||
lib/urldata.h | 1 +
|
||||
2 files changed, 7 insertions(+)
|
||||
|
||||
diff --git a/lib/url.c b/lib/url.c
|
||||
index 3b11b7e..cbbc7f3 100644
|
||||
--- a/lib/url.c
|
||||
+++ b/lib/url.c
|
||||
@@ -1325,6 +1325,11 @@ ConnectionExists(struct Curl_easy *data,
|
||||
}
|
||||
}
|
||||
|
||||
+ /* GSS delegation differences do not actually affect every connection
|
||||
+ and auth method, but this check takes precaution before efficiency */
|
||||
+ if(needle->gssapi_delegation != check->gssapi_delegation)
|
||||
+ continue;
|
||||
+
|
||||
#ifdef USE_SSH
|
||||
else if(get_protocol_family(needle->handler) == PROTO_FAMILY_SSH) {
|
||||
if(!ssh_config_matches(needle, check))
|
||||
@@ -1787,6 +1792,7 @@ static struct connectdata *allocate_conn(struct Curl_easy *data)
|
||||
conn->fclosesocket = data->set.fclosesocket;
|
||||
conn->closesocket_client = data->set.closesocket_client;
|
||||
conn->lastused = Curl_now(); /* used now */
|
||||
+ conn->gssapi_delegation = data->set.gssapi_delegation;
|
||||
|
||||
return conn;
|
||||
error:
|
||||
diff --git a/lib/urldata.h b/lib/urldata.h
|
||||
index ce90304..9e16f26 100644
|
||||
--- a/lib/urldata.h
|
||||
+++ b/lib/urldata.h
|
||||
@@ -995,6 +995,7 @@ struct connectdata {
|
||||
char *sasl_authzid; /* authorisation identity string, allocated */
|
||||
char *oauth_bearer; /* OAUTH2 bearer, allocated */
|
||||
unsigned char httpversion; /* the HTTP version*10 reported by the server */
|
||||
+ unsigned char gssapi_delegation; /* inherited from set.gssapi_delegation */
|
||||
struct curltime now; /* "current" time */
|
||||
struct curltime created; /* creation time */
|
||||
struct curltime lastused; /* when returned to the connection cache */
|
||||
--
|
||||
2.39.2
|
||||
|
||||
|
|
@ -83,6 +83,9 @@ Patch26: 0026-curl-7.76.1-CVE-2023-27534.patch
|
|||
# fix FTP too eager connection reuse (CVE-2023-27535)
|
||||
Patch27: 0027-curl-7.76.1-CVE-2023-27535.patch
|
||||
|
||||
# fix GSS delegation too eager connection re-use (CVE-2023-27536)
|
||||
Patch28: 0028-curl-7.76.1-CVE-2023-27536.patch
|
||||
|
||||
# patch making libcurl multilib ready
|
||||
Patch101: 0101-curl-7.32.0-multilib.patch
|
||||
|
||||
|
|
@ -284,6 +287,7 @@ be installed.
|
|||
%patch25 -p1
|
||||
%patch26 -p1
|
||||
%patch27 -p1
|
||||
%patch28 -p1
|
||||
|
||||
# Fedora patches
|
||||
%patch101 -p1
|
||||
|
|
@ -510,6 +514,7 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
|
|||
|
||||
%changelog
|
||||
* Fri Mar 24 2023 Kamil Dudka <kdudka@redhat.com> - 7.76.1-24
|
||||
- fix GSS delegation too eager connection re-use (CVE-2023-27536)
|
||||
- fix FTP too eager connection reuse (CVE-2023-27535)
|
||||
- fix SFTP path ~ resolving discrepancy (CVE-2023-27534)
|
||||
- fix TELNET option IAC injection (CVE-2023-27533)
|
||||
|
|
|
|||
Loading…
Reference in New Issue