Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
curl.28253
curl-CVE-2021-22924.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File curl-CVE-2021-22924.patch of Package curl.28253
From 6c07d0c65e2c8d381efe100947d20e147da2217b Mon Sep 17 00:00:00 2001 From: Daniel Stenberg <daniel@haxx.se> Date: Sat, 19 Jun 2021 00:42:28 +0200 Subject: [PATCH] vtls: fix connection reuse checks for issuer cert and case sensitivity CVE-2021-22924 Reported-by: Harry Sintonen Bug: https://curl.se/docs/CVE-2021-22924.html --- lib/vtls/vtls.c | 26 +++++++++++++++++++++----- Index: curl-7.37.0/lib/vtls/vtls.c =================================================================== --- curl-7.37.0.orig/lib/vtls/vtls.c +++ curl-7.37.0/lib/vtls/vtls.c @@ -109,6 +109,7 @@ Curl_ssl_config_matches(struct ssl_confi (data->verifyhost == needle->verifyhost) && safe_strequal(data->CApath, needle->CApath) && safe_strequal(data->CAfile, needle->CAfile) && + safe_strequal(data->issuercert, needle->issuercert) && safe_strequal(data->clientcert, needle->clientcert) && safe_strequal(data->random_file, needle->random_file) && safe_strequal(data->egdsocket, needle->egdsocket) && @@ -143,6 +144,14 @@ Curl_clone_ssl_config(struct ssl_config_ else dest->CApath = NULL; + if(source->issuercert) { + dest->issuercert = strdup(source->issuercert); + if(!dest->issuercert) + return FALSE; + } + else + dest->issuercert = NULL; + if(source->cipher_list) { dest->cipher_list = strdup(source->cipher_list); if(!dest->cipher_list) @@ -183,6 +192,7 @@ void Curl_free_ssl_config(struct ssl_con { Curl_safefree(sslc->CAfile); Curl_safefree(sslc->CApath); + Curl_safefree(sslc->issuercert); Curl_safefree(sslc->cipher_list); Curl_safefree(sslc->egdsocket); Curl_safefree(sslc->random_file);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor