Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP4:GA
curl.34221
curl-CVE-2022-27782.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File curl-CVE-2022-27782.patch of Package curl.34221
From c3f8e4e2b4a334697e7ce3168495f20a46b398bd Mon Sep 17 00:00:00 2001 From: Daniel Stenberg <daniel@haxx.se> Date: Tue, 3 May 2022 09:31:11 +0200 Subject: [PATCH 1/2] tls: check more TLS details for connection reuse CVE-2022-27782 Reported-by: Harry Sintonen Bug: https://curl.se/docs/CVE-2022-27782.html --- lib/setopt.c | 29 +++++++++++++++++------------ lib/url.c | 23 ++++++++++++++++------- lib/urldata.h | 13 +++++++------ lib/vtls/gtls.c | 32 +++++++++++++++++--------------- lib/vtls/openssl.c | 10 +++++----- lib/vtls/vtls.c | 20 ++++++++++++++++++++ 6 files changed, 82 insertions(+), 45 deletions(-) Index: curl-7.37.0/lib/url.c =================================================================== --- curl-7.37.0.orig/lib/url.c +++ curl-7.37.0/lib/url.c @@ -150,6 +150,7 @@ static CURLcode parse_url_login(struct S CURLcode parse_login_details(const char *login, const size_t len, char **userptr, char **passwdptr, char **optionsptr); +static unsigned int get_protocol_family(unsigned int protocol); /* * Protocol table. @@ -2133,6 +2134,7 @@ CURLcode Curl_setopt(struct SessionHandl case CURLOPT_SSL_OPTIONS: arg = va_arg(param, long); + data->set.ssl.ssl_options = (unsigned char)(arg & 0xff); data->set.ssl_enable_beast = arg&CURLSSLOPT_ALLOW_BEAST?TRUE:FALSE; break; @@ -2922,6 +2924,17 @@ find_oldest_idle_connection_in_bundle(st return conn_candidate; } +static bool ssh_config_matches(struct connectdata *one, + struct connectdata *two) +{ +#ifdef USE_LIBSSH2 + return (Curl_safecmp(one->proto.sshc.rsa, two->proto.sshc.rsa) && + Curl_safecmp(one->proto.sshc.rsa_pub, two->proto.sshc.rsa_pub)); +#else + return TRUE; +#endif +} + /* * Given one filled in connection struct (named needle), this function should * detect if there already is one that has all the significant details @@ -3062,6 +3075,12 @@ ConnectionExists(struct SessionHandle *d } } + if(get_protocol_family(needle->handler) == CURLPROTO_SFTP || + get_protocol_family(needle->handler) == CURLPROTO_SCP ) { + if(!ssh_config_matches(needle, check)) + continue; + } + if((needle->handler->flags&PROTOPT_SSL) != (check->handler->flags&PROTOPT_SSL)) /* don't do mixed SSL and non-SSL connections */ @@ -3673,6 +3692,8 @@ static struct connectdata *allocate_conn conn->verifypeer = data->set.ssl.verifypeer; conn->verifyhost = data->set.ssl.verifyhost; + conn->ssl_config.ssl_options = data->set.ssl.ssl_options; + conn->ip_version = data->set.ipver; #if defined(USE_NTLM) && defined(NTLM_WB_ENABLED) @@ -6042,3 +6063,112 @@ CURLcode Curl_do_more(struct connectdata return result; } +/* +* get_protocol_family() +* +* This is used to return the protocol family for a given protocol. +* +* Parameters: +* +* protocol [in] - A single bit protocol identifier such as HTTP or HTTPS. +* +* Returns the family as a single bit protocol identifier. +*/ + +static unsigned int get_protocol_family(unsigned int protocol) +{ + unsigned int family; + + switch(protocol) { + case CURLPROTO_HTTP: + case CURLPROTO_HTTPS: + family = CURLPROTO_HTTP; + break; + + case CURLPROTO_FTP: + case CURLPROTO_FTPS: + family = CURLPROTO_FTP; + break; + + case CURLPROTO_SCP: + family = CURLPROTO_SCP; + break; + + case CURLPROTO_SFTP: + family = CURLPROTO_SFTP; + break; + + case CURLPROTO_TELNET: + family = CURLPROTO_TELNET; + break; + + case CURLPROTO_LDAP: + case CURLPROTO_LDAPS: + family = CURLPROTO_LDAP; + break; + + case CURLPROTO_DICT: + family = CURLPROTO_DICT; + break; + + case CURLPROTO_FILE: + family = CURLPROTO_FILE; + break; + + case CURLPROTO_TFTP: + family = CURLPROTO_TFTP; + break; + + case CURLPROTO_IMAP: + case CURLPROTO_IMAPS: + family = CURLPROTO_IMAP; + break; + + case CURLPROTO_POP3: + case CURLPROTO_POP3S: + family = CURLPROTO_POP3; + break; + + case CURLPROTO_SMTP: + case CURLPROTO_SMTPS: + family = CURLPROTO_SMTP; + break; + + case CURLPROTO_RTSP: + family = CURLPROTO_RTSP; + break; + + case CURLPROTO_RTMP: + case CURLPROTO_RTMPS: + family = CURLPROTO_RTMP; + break; + + case CURLPROTO_RTMPT: + case CURLPROTO_RTMPTS: + family = CURLPROTO_RTMPT; + break; + + case CURLPROTO_RTMPE: + family = CURLPROTO_RTMPE; + break; + + case CURLPROTO_RTMPTE: + family = CURLPROTO_RTMPTE; + break; + + case CURLPROTO_GOPHER: + family = CURLPROTO_GOPHER; + break; + + // case CURLPROTO_SMB: + // case CURLPROTO_SMBS: + // family = CURLPROTO_SMB; + // break; + + default: + family = 0; + break; + } + + return family; +} \ No newline at end of file Index: curl-7.37.0/lib/urldata.h =================================================================== --- curl-7.37.0.orig/lib/urldata.h +++ curl-7.37.0/lib/urldata.h @@ -370,6 +370,7 @@ struct ssl_config_data { char *CAfile; /* certificate to verify peer against */ const char *CRLfile; /* CRL to check certificate revocation */ const char *issuercert;/* optional issuer certificate filename */ + unsigned char ssl_options; /* the CURLOPT_SSL_OPTIONS bitmask */ char *clientcert; char *random_file; /* path to file containing "random" data */ char *egdsocket; /* path to file containing the EGD daemon socket */ Index: curl-7.37.0/lib/vtls/vtls.c =================================================================== --- curl-7.37.0.orig/lib/vtls/vtls.c +++ curl-7.37.0/lib/vtls/vtls.c @@ -105,6 +105,7 @@ Curl_ssl_config_matches(struct ssl_confi struct ssl_config_data* needle) { if((data->version == needle->version) && + (data->ssl_options == needle->ssl_options) && (data->verifypeer == needle->verifypeer) && (data->verifyhost == needle->verifyhost) && Curl_safecmp(data->CApath, needle->CApath) && @@ -113,6 +114,12 @@ Curl_ssl_config_matches(struct ssl_confi Curl_safecmp(data->clientcert, needle->clientcert) && Curl_safecmp(data->random_file, needle->random_file) && Curl_safecmp(data->egdsocket, needle->egdsocket) && +#ifdef USE_TLS_SRP + Curl_safecmp(data->username, needle->username) && + Curl_safecmp(data->password, needle->password) && + (data->authtype == needle->authtype) && +#endif + Curl_safecmp(data->CRLfile, needle->CRLfile) && safe_strequal(data->cipher_list, needle->cipher_list)) return TRUE; @@ -127,6 +134,10 @@ Curl_clone_ssl_config(struct ssl_config_ dest->verifyhost = source->verifyhost; dest->verifypeer = source->verifypeer; dest->version = source->version; + dest->ssl_options = source->ssl_options; +#ifdef USE_TLS_SRP + dest->authtype = source->authtype; +#endif if(source->CAfile) { dest->CAfile = strdup(source->CAfile); @@ -185,6 +196,32 @@ Curl_clone_ssl_config(struct ssl_config_ else dest->clientcert = NULL; + if(source->CRLfile) { + dest->CRLfile = strdup(source->CRLfile); + if(!dest->CRLfile) + return FALSE; + } + else + dest->CRLfile = NULL; + +#ifdef USE_TLS_SRP + if(source->username) { + dest->username = strdup(source->username); + if(!dest->username) + return FALSE; + } + else + dest->username = NULL; + + if(source->password) { + dest->password = strdup(source->password); + if(!dest->password) + return FALSE; + } + else + dest->password = NULL; +#endif + return TRUE; } @@ -197,6 +234,12 @@ void Curl_free_ssl_config(struct ssl_con Curl_safefree(sslc->egdsocket); Curl_safefree(sslc->random_file); Curl_safefree(sslc->clientcert); + + Curl_safefree(sslc->CRLfile); +#ifdef USE_TLS_SRP + Curl_safefree(sslc->username); + Curl_safefree(sslc->password); +#endif } Index: curl-7.37.0/lib/ssh.h =================================================================== --- curl-7.37.0.orig/lib/ssh.h +++ curl-7.37.0/lib/ssh.h @@ -108,8 +108,8 @@ struct ssh_conn { const char *authlist; /* List of auth. methods, managed by libssh2 */ #ifdef USE_LIBSSH2 const char *passphrase; /* pass-phrase to use */ - char *rsa_pub; /* path name */ - char *rsa; /* path name */ + char *rsa_pub; /* strdup'ed public key file */ + char *rsa; /* strdup'ed private key file */ bool authed; /* the connection has been authenticated fine */ sshstate state; /* always use ssh.c:state() to change state! */ sshstate nextstate; /* the state to goto after stopping */
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor