Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
curl
curl-CVE-2022-22576.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File curl-CVE-2022-22576.patch of Package curl
From e193f712be95dc9e5e2b92eae6381d4572231152 Mon Sep 17 00:00:00 2001 From: Patrick Monnerat <patrick@monnerat.net> Date: Sun, 17 Apr 2022 23:29:46 +0200 Subject: [PATCH] url: check sasl additional parameters for connection reuse. Also move static function safecmp() as non-static Curl_safecmp() since its purpose is needed at several places. Bug: https://curl.se/docs/CVE-2022-22576.html CVE-2022-22576 --- lib/strcase.c | 10 ++++++++++ lib/strcase.h | 2 ++ lib/url.c | 13 ++++++++++++- lib/urldata.h | 1 + lib/vtls/vtls.c | 21 ++++++--------------- 5 files changed, 31 insertions(+), 16 deletions(-) Index: curl-7.37.0/lib/url.c =================================================================== --- curl-7.37.0.orig/lib/url.c +++ curl-7.37.0/lib/url.c @@ -3108,7 +3108,8 @@ ConnectionExists(struct SessionHandle *d /* This protocol requires credentials per connection, so verify that we're using the same name and password as well */ if(strcmp(needle->user, check->user) || - strcmp(needle->passwd, check->passwd)) { + strcmp(needle->passwd, check->passwd) || + !Curl_safecmp(needle->xoauth2_bearer, check->xoauth2_bearer)) { /* one of them was different */ continue; } Index: curl-7.37.0/lib/vtls/vtls.c =================================================================== --- curl-7.37.0.orig/lib/vtls/vtls.c +++ curl-7.37.0/lib/vtls/vtls.c @@ -107,12 +107,12 @@ Curl_ssl_config_matches(struct ssl_confi if((data->version == needle->version) && (data->verifypeer == needle->verifypeer) && (data->verifyhost == needle->verifyhost) && - safe_strequal(data->CApath, needle->CApath) && - safe_strequal(data->CAfile, needle->CAfile) && - safe_strequal(data->issuercert, needle->issuercert) && - safe_strequal(data->clientcert, needle->clientcert) && - safe_strequal(data->random_file, needle->random_file) && - safe_strequal(data->egdsocket, needle->egdsocket) && + Curl_safecmp(data->CApath, needle->CApath) && + Curl_safecmp(data->CAfile, needle->CAfile) && + Curl_safecmp(data->issuercert, needle->issuercert) && + Curl_safecmp(data->clientcert, needle->clientcert) && + Curl_safecmp(data->random_file, needle->random_file) && + Curl_safecmp(data->egdsocket, needle->egdsocket) && safe_strequal(data->cipher_list, needle->cipher_list)) return TRUE; Index: curl-7.37.0/lib/rawstr.c =================================================================== --- curl-7.37.0.orig/lib/rawstr.c +++ curl-7.37.0/lib/rawstr.c @@ -140,3 +140,13 @@ void Curl_strntoupper(char *dest, const *dest++ = Curl_raw_toupper(*src); } while(*src++ && --n); } + +/* Compare case-sensitive NUL-terminated strings, taking care of possible + * null pointers. Return true if arguments match. + */ +bool Curl_safecmp(char *a, char *b) +{ + if(a && b) + return !strcmp(a, b); + return !a && !b; +} \ No newline at end of file Index: curl-7.37.0/lib/rawstr.h =================================================================== --- curl-7.37.0.orig/lib/rawstr.h +++ curl-7.37.0/lib/rawstr.h @@ -42,6 +42,7 @@ char Curl_raw_toupper(char in); #define checkprefix(a,b) Curl_raw_nequal(a,b,strlen(a)) void Curl_strntoupper(char *dest, const char *src, size_t n); +bool Curl_safecmp(char *a, char *b); #endif /* HEADER_CURL_RAWSTR_H */
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor