Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
curl
curl-CVE-2015-3148.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File curl-CVE-2015-3148.patch of Package curl
From 21b8c694881ce8a48121d6e0152e834ed3901e25 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg <daniel@haxx.se> Date: Sat, 18 Apr 2015 23:50:16 +0200 Subject: [PATCH] http_done: close Negotiate connections if not 401 When doing HTTP requests Negotiate authenticated, the entire connnection may become authenticated and not just the specific HTTP request which is otherwise how HTTP works, as Negotiate can basically use NTLM under the hood. curl was not adhering to this fact but would assume that such requests would also be authenticated per request. Bug: http://curl.haxx.se/docs/adv_20150422B.html Reported-by: Isaac Boukris commit f78ae415d24b9bd89d6c121c556e411fdb21c6aa Author: David Woodhouse <David.Woodhouse@intel.com> Date: Fri Jul 11 11:09:34 2014 +0100 Don't clear GSSAPI state between each exchange in the negotiation GSSAPI doesn't work very well if we forget everything ever time. XX: Is Curl_http_done() the right place to do the final cleanup? Index: curl-7.37.0/lib/http.c =================================================================== --- curl-7.37.0.orig/lib/http.c 2014-05-20 19:16:53.000000000 +0200 +++ curl-7.37.0/lib/http.c 2015-04-24 10:49:29.702294822 +0200 @@ -1442,6 +1442,18 @@ CURLcode Curl_http_done(struct connectda Curl_unencode_cleanup(conn); +#ifdef USE_HTTP_NEGOTIATE + if(data->state.proxyneg.state == GSS_AUTHSENT || + data->state.negotiate.state == GSS_AUTHSENT) { + /* add forbid re-use if http-code != 401/407 as a WA only needed for + * 401/407 that signal auth failure (empty) otherwise state will be RECV + * with current code */ + if((data->req.httpcode != 401) && (data->req.httpcode != 407)) + conn->bits.close = TRUE; + Curl_cleanup_negotiate(data); + } +#endif + /* set the proper values (possibly modified on POST) */ conn->fread_func = data->set.fread_func; /* restore */ conn->fread_in = data->set.in; /* restore */ Index: curl-7.37.0/lib/http_negotiate.c =================================================================== --- curl-7.37.0.orig/lib/http_negotiate.c 2014-04-25 14:01:03.000000000 +0200 +++ curl-7.37.0/lib/http_negotiate.c 2015-04-20 14:03:05.296884827 +0200 @@ -355,7 +355,6 @@ CURLcode Curl_output_negotiate(struct co } Curl_safefree(encoded); - Curl_cleanup_negotiate(conn->data); return (userp == NULL) ? CURLE_OUT_OF_MEMORY : CURLE_OK; } Index: curl-7.37.0/lib/http_negotiate_sspi.c =================================================================== --- curl-7.37.0.orig/lib/http_negotiate_sspi.c 2014-04-25 14:01:03.000000000 +0200 +++ curl-7.37.0/lib/http_negotiate_sspi.c 2015-04-20 14:03:05.296884827 +0200 @@ -268,7 +268,6 @@ CURLcode Curl_output_negotiate(struct co else conn->allocptr.userpwd = userp; free(encoded); - Curl_cleanup_negotiate (conn->data); return (userp == NULL) ? CURLE_OUT_OF_MEMORY : CURLE_OK; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor