curl/SOURCES/0028-curl-7.76.1-CVE-2023-27536.patch

From 9d6dd7bc1dea42ae8e710aeae714e2a2c290de61 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 10 Mar 2023 09:22:43 +0100
Subject: [PATCH] url: only reuse connections with same GSS delegation

Reported-by: Harry Sintonen
Closes #10731

Upstream-commit: cb49e67303dbafbab1cebf4086e3ec15b7d56ee5
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
 lib/url.c     | 6 ++++++
 lib/urldata.h | 1 +
 2 files changed, 7 insertions(+)

diff --git a/lib/url.c b/lib/url.c
index 3b11b7e..cbbc7f3 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -1325,6 +1325,11 @@ ConnectionExists(struct Curl_easy *data,
         }
       }
 
+      /* GSS delegation differences do not actually affect every connection
+         and auth method, but this check takes precaution before efficiency */
+      if(needle->gssapi_delegation != check->gssapi_delegation)
+        continue;
+
       if(get_protocol_family(needle->handler) == PROTO_FAMILY_SSH) {
         if(!ssh_config_matches(needle, check))
           continue;
@@ -1785,6 +1790,7 @@ static struct connectdata *allocate_conn(struct Curl_easy *data)
   conn->fclosesocket = data->set.fclosesocket;
   conn->closesocket_client = data->set.closesocket_client;
   conn->lastused = Curl_now(); /* used now */
+  conn->gssapi_delegation = data->set.gssapi_delegation;
 
   return conn;
   error:
diff --git a/lib/urldata.h b/lib/urldata.h
index ce90304..9e16f26 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -995,6 +995,7 @@ struct connectdata {
   char *sasl_authzid;     /* authorisation identity string, allocated */
   char *oauth_bearer; /* OAUTH2 bearer, allocated */
   unsigned char httpversion; /* the HTTP version*10 reported by the server */
+  unsigned char gssapi_delegation; /* inherited from set.gssapi_delegation */
   struct curltime now;     /* "current" time */
   struct curltime created; /* creation time */
   struct curltime lastused; /* when returned to the connection cache */
-- 
2.39.2