curl/0029-curl-7.76.1-CVE-2023-27538.patch
Kamil Dudka 40387c061f Resolves: CVE-2023-27535 - adapt the fix for RHEL 9 curl
... where USE_SSH is not defined.  The problem with the backport was
detected by OpenScanHub:

https://cov01.lab.eng.brq2.redhat.com/covscanhub/task/279249//log/added.html
2023-04-12 16:52:10 +02:00

31 lines
899 B
Diff

From 133e25afe4b8961b9c12334ee0bd3374db9a1fd4 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 10 Mar 2023 08:22:51 +0100
Subject: [PATCH] url: fix the SSH connection reuse check
Reported-by: Harry Sintonen
Closes #10735
Upstream-commit: af369db4d3833272b8ed443f7fcc2e757a0872eb
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
lib/url.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/url.c b/lib/url.c
index 0c31486..3b11b7e 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -1330,7 +1330,7 @@ ConnectionExists(struct Curl_easy *data,
if(needle->gssapi_delegation != check->gssapi_delegation)
continue;
- if(get_protocol_family(needle->handler) == PROTO_FAMILY_SSH) {
+ if(get_protocol_family(needle->handler) & PROTO_FAMILY_SSH) {
if(!ssh_config_matches(needle, check))
continue;
}
--
2.39.2