File curl-CVE-2023-27536.patch of Package curl.28253

Overview Repositories Revisions Requests Users Attributes Meta

File curl-CVE-2023-27536.patch of Package curl.28253

From cb49e67303dbafbab1cebf4086e3ec15b7d56ee5 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 10 Mar 2023 09:22:43 +0100
Subject: [PATCH] url: only reuse connections with same GSS delegation

Reported-by: Harry Sintonen
Closes #10731
---
 lib/url.c     | 6 ++++++
 lib/urldata.h | 1 +
 2 files changed, 7 insertions(+)

Index: curl-7.37.0/lib/url.c
===================================================================
--- curl-7.37.0.orig/lib/url.c
+++ curl-7.37.0/lib/url.c
@@ -3133,6 +3133,11 @@ ConnectionExists(struct SessionHandle *d
         }
       }
 
+      /* GSS delegation differences do not actually affect every connection
+       * and auth method, but this check takes precaution before efficiency */
+      if(needle->gssapi_delegation != check->gssapi_delegation)
+        continue;
+
       if (1) {
         ; /* noop for the following ifdef and else clauses */
       }
@@ -3756,6 +3761,7 @@ static struct connectdata *allocate_conn
      it may live on without (this specific) SessionHandle */
   conn->fclosesocket = data->set.fclosesocket;
   conn->closesocket_client = data->set.closesocket_client;
+  conn->gssapi_delegation = data->set.gssapi_delegation;
 
   return conn;
   error:
Index: curl-7.37.0/lib/urldata.h
===================================================================
--- curl-7.37.0.orig/lib/urldata.h
+++ curl-7.37.0/lib/urldata.h
@@ -1068,6 +1068,7 @@ struct connectdata {
   struct connectbundle *bundle; /* The bundle we are member of */
 
   enum negotiatenpn negnpn;
+  unsigned char gssapi_delegation; /* inherited from set.gssapi_delegation */
 };
 
 /* The end of connectdata. */

Places

File curl-CVE-2023-27536.patch of Package curl.28253

Places