Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
curl.28253
curl-CVE-2023-27535.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File curl-CVE-2023-27535.patch of Package curl.28253
From 8f4608468b890dce2dad9f91d5607ee7e9c1aba1 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg <daniel@haxx.se> Date: Thu, 9 Mar 2023 17:47:06 +0100 Subject: [PATCH] ftp: add more conditions for connection reuse Reported-by: Harry Sintonen Closes #10730 --- lib/ftp.c | 28 ++++++++++++++++++++++++++-- lib/ftp.h | 5 +++++ lib/setopt.c | 2 +- lib/url.c | 17 +++++++++++++++-- lib/urldata.h | 4 ++-- 5 files changed, 49 insertions(+), 7 deletions(-) Index: curl-7.37.0/lib/ftp.c =================================================================== --- curl-7.37.0.orig/lib/ftp.c +++ curl-7.37.0/lib/ftp.c @@ -4179,6 +4179,8 @@ static CURLcode ftp_disconnect(struct co } freedirs(ftpc); + Curl_safefree(ftpc->account); + Curl_safefree(ftpc->alternative_to_user); if(ftpc->prevpath) { free(ftpc->prevpath); ftpc->prevpath = NULL; @@ -4498,6 +4500,7 @@ static CURLcode ftp_setup_connection(str char *type; char command; struct FTP *ftp; + struct ftp_conn *ftpc = &conn->proto.ftpc; if(conn->bits.httpproxy && !data->set.tunnel_thru_httpproxy) { /* Unless we have asked to tunnel ftp operations through the proxy, we @@ -4521,10 +4524,29 @@ static CURLcode ftp_setup_connection(str #endif } - conn->data->req.protop = ftp = malloc(sizeof(struct FTP)); + ftp = calloc(sizeof(struct FTP), 1); if(NULL == ftp) return CURLE_OUT_OF_MEMORY; + /* clone connection related data that is FTP specific */ + if(data->set.str[STRING_FTP_ACCOUNT]) { + ftpc->account = strdup(data->set.str[STRING_FTP_ACCOUNT]); + if(!ftpc->account) { + free(ftp); + return CURLE_OUT_OF_MEMORY; + } + } + if(data->set.str[STRING_FTP_ALTERNATIVE_TO_USER]) { + ftpc->alternative_to_user = + strdup(data->set.str[STRING_FTP_ALTERNATIVE_TO_USER]); + if(!ftpc->alternative_to_user) { + Curl_safefree(ftpc->account); + free(ftp); + return CURLE_OUT_OF_MEMORY; + } + } + conn->data->req.protop = ftp; + data->state.path++; /* don't include the initial slash */ data->state.slash_removed = TRUE; /* we've skipped the slash */ @@ -4561,6 +4583,9 @@ static CURLcode ftp_setup_connection(str ftp->bytecountp = &conn->data->req.bytecount; ftp->transfer = FTPTRANSFER_BODY; ftp->downloadsize = 0; + ftpc->known_filesize = -1; /* unknown size for now */ + ftpc->use_ssl = data->set.use_ssl; + ftpc->ccc = data->set.ftp_ccc; /* No need to duplicate user+password, the connectdata struct won't change during a session, but we re-init them here since on subsequent inits Index: curl-7.37.0/lib/ftp.h =================================================================== --- curl-7.37.0.orig/lib/ftp.h +++ curl-7.37.0/lib/ftp.h @@ -117,6 +117,8 @@ struct FTP { struct */ struct ftp_conn { struct pingpong pp; + char *account; + char *alternative_to_user; char *entrypath; /* the PWD reply when we logged on */ char **dirs; /* realloc()ed array for path components */ int dirdepth; /* number of entries used in the 'dirs' array */ @@ -142,6 +144,9 @@ struct ftp_conn { ftpstate state; /* always use ftp.c:state() to change state! */ ftpstate state_saved; /* transfer type saved to be reloaded after data connection is established */ + unsigned char use_ssl; /* if AUTH TLS is to be attempted etc, for FTP or + * IMAP or POP3 or others! (type: curl_usessl) */ + unsigned char ccc; /* ccc level for this connection */ curl_off_t retr_size_saved; /* Size of retrieved file saved */ char * server_os; /* The target server operating system. */ curl_off_t known_filesize; /* file size is different from -1, if wildcard Index: curl-7.37.0/lib/url.c =================================================================== --- curl-7.37.0.orig/lib/url.c +++ curl-7.37.0/lib/url.c @@ -2130,7 +2130,7 @@ CURLcode Curl_setopt(struct SessionHandl /* * Make transfers attempt to use SSL/TLS. */ - data->set.use_ssl = (curl_usessl)va_arg(param, long); + data->set.use_ssl = (unsigned char)va_arg(param, long); break; case CURLOPT_SSL_OPTIONS: @@ -2925,6 +2925,7 @@ find_oldest_idle_connection_in_bundle(st return conn_candidate; } +#ifdef USE_SSH static bool ssh_config_matches(struct connectdata *one, struct connectdata *two) { @@ -2935,6 +2936,9 @@ static bool ssh_config_matches(struct co return TRUE; #endif } +#else +#define ssh_config_matches(x,y) FALSE +#endif /* * Given one filled in connection struct (named needle), this function should @@ -3076,12 +3080,6 @@ ConnectionExists(struct SessionHandle *d } } - if(get_protocol_family(needle->handler) == CURLPROTO_SFTP || - get_protocol_family(needle->handler) == CURLPROTO_SCP ) { - if(!ssh_config_matches(needle, check)) - continue; - } - if((needle->handler->flags&PROTOPT_SSL) != (check->handler->flags&PROTOPT_SSL)) /* don't do mixed SSL and non-SSL connections */ @@ -3135,6 +3133,29 @@ ConnectionExists(struct SessionHandle *d } } + if (1) { + ; /* noop for the following ifdef and else clauses */ + } +#ifdef USE_SSH + else if(get_protocol_family(needle->handler->protocol) == CURLPROTO_SFTP || + get_protocol_family(needle->handler->protocol) == CURLPROTO_SCP ) { + if(!ssh_config_matches(needle, check)) + continue; + } +#endif +#ifndef CURL_DISABLE_FTP + else if(get_protocol_family(needle->handler->protocol) & PROTO_FAMILY_FTP) { + /* Also match ACCOUNT, ALTERNATIVE-TO-USER, USE_SSL and CCC options */ + if(Curl_timestrcmp(needle->proto.ftpc.account, + check->proto.ftpc.account) || + Curl_timestrcmp(needle->proto.ftpc.alternative_to_user, + check->proto.ftpc.alternative_to_user) || + (needle->proto.ftpc.use_ssl != check->proto.ftpc.use_ssl) || + (needle->proto.ftpc.ccc != check->proto.ftpc.ccc)) + continue; + } +#endif + if(!needle->bits.httpproxy || needle->handler->flags&PROTOPT_SSL || (needle->bits.httpproxy && check->bits.httpproxy && needle->bits.tunnel_proxy && check->bits.tunnel_proxy && Index: curl-7.37.0/lib/rawstr.c =================================================================== --- curl-7.37.0.orig/lib/rawstr.c +++ curl-7.37.0/lib/rawstr.c @@ -131,6 +131,28 @@ void Curl_strntoupper(char *dest, const } while(*src++ && --n); } +/* + * Curl_timestrcmp() returns 0 if the two strings are identical. The time this + * function spends is a function of the shortest string, not of the contents. + */ +int Curl_timestrcmp(const char *a, const char *b) +{ + int match = 0; + int i = 0; + + if(a && b) { + while(1) { + match |= a[i]^b[i]; + if(!a[i] || !b[i]) + break; + i++; + } + } + else + return a || b; + return match; +} + /* Compare case-sensitive NUL-terminated strings, taking care of possible * null pointers. Return true if arguments match. */ Index: curl-7.37.0/lib/rawstr.h =================================================================== --- curl-7.37.0.orig/lib/rawstr.h +++ curl-7.37.0/lib/rawstr.h @@ -52,6 +52,7 @@ char Curl_raw_toupper(char in); void Curl_strntoupper(char *dest, const char *src, size_t n); bool Curl_safecmp(char *a, char *b); +int Curl_timestrcmp(const char *first, const char *second); #endif /* HEADER_CURL_RAWSTR_H */
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor