Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
curl.28253
curl-CVE-2015-3143.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File curl-CVE-2015-3143.patch of Package curl.28253
From d7d1bc8f08eea1a85ab0d794bc1561659462d937 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg <daniel@haxx.se> Date: Thu, 16 Apr 2015 13:26:46 +0200 Subject: [PATCH] ConnectionExists: for NTLM re-use, require credentials to match CVE-2015-3143 Bug: http://curl.haxx.se/docs/adv_20150422A.html Reported-by: Paras Sethia --- lib/url.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/url.c b/lib/url.c index 018bb88..ee3d176 100644 --- a/lib/url.c +++ b/lib/url.c @@ -3207,11 +3207,11 @@ ConnectionExists(struct SessionHandle *data, strcmp(check->localdev, needle->localdev)) continue; } if((!(needle->handler->flags & PROTOPT_CREDSPERREQUEST)) || - wantNTLMhttp) { + (wantNTLMhttp || check->ntlm.state != NTLMSTATE_NONE)) { /* This protocol requires credentials per connection or is HTTP+NTLM, so verify that we're using the same name and password as well */ if(!strequal(needle->user, check->user) || !strequal(needle->passwd, check->passwd)) { /* one of them was different */ -- 2.1.4
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor