File curl-CVE-2023-27535.patch of Package curl.27112

Overview Repositories Revisions Requests Users Attributes Meta

File curl-CVE-2023-27535.patch of Package curl.27112

From 8f4608468b890dce2dad9f91d5607ee7e9c1aba1 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 9 Mar 2023 17:47:06 +0100
Subject: [PATCH] ftp: add more conditions for connection reuse

Index: curl-7.60.0/lib/ftp.c
===================================================================
--- curl-7.60.0.orig/lib/ftp.c
+++ curl-7.60.0/lib/ftp.c
@@ -4083,6 +4083,8 @@ static CURLcode ftp_disconnect(struct co
   }
 
   freedirs(ftpc);
+  Curl_safefree(ftpc->account);
+  Curl_safefree(ftpc->alternative_to_user);
   free(ftpc->prevpath);
   ftpc->prevpath = NULL;
   free(ftpc->server_os);
@@ -4395,11 +4397,31 @@ static CURLcode ftp_setup_connection(str
   char *type;
   char command;
   struct FTP *ftp;
+  struct ftp_conn *ftpc = &conn->proto.ftpc;
 
-  conn->data->req.protop = ftp = malloc(sizeof(struct FTP));
+  ftp = calloc(sizeof(struct FTP), 1);
   if(NULL == ftp)
     return CURLE_OUT_OF_MEMORY;
 
+  /* clone connection related data that is FTP specific */
+  if(data->set.str[STRING_FTP_ACCOUNT]) {
+    ftpc->account = strdup(data->set.str[STRING_FTP_ACCOUNT]);
+    if(!ftpc->account) {
+      free(ftp);
+      return CURLE_OUT_OF_MEMORY;
+    }
+  }
+  if(data->set.str[STRING_FTP_ALTERNATIVE_TO_USER]) {
+    ftpc->alternative_to_user =
+      strdup(data->set.str[STRING_FTP_ALTERNATIVE_TO_USER]);
+    if(!ftpc->alternative_to_user) {
+      Curl_safefree(ftpc->account);
+      free(ftp);
+      return CURLE_OUT_OF_MEMORY;
+    }
+  }
+  conn->data->req.protop = ftp;
+
   data->state.path++;   /* don't include the initial slash */
   data->state.slash_removed = TRUE; /* we've skipped the slash */
 
@@ -4436,6 +4458,9 @@ static CURLcode ftp_setup_connection(str
   ftp->bytecountp = &conn->data->req.bytecount;
   ftp->transfer = FTPTRANSFER_BODY;
   ftp->downloadsize = 0;
+  ftpc->known_filesize = -1; /* unknown size for now */
+  ftpc->use_ssl = data->set.use_ssl;
+  ftpc->ccc = data->set.ftp_ccc;
 
   /* No need to duplicate user+password, the connectdata struct won't change
      during a session, but we re-init them here since on subsequent inits
Index: curl-7.60.0/lib/ftp.h
===================================================================
--- curl-7.60.0.orig/lib/ftp.h
+++ curl-7.60.0/lib/ftp.h
@@ -117,6 +117,8 @@ struct FTP {
    struct */
 struct ftp_conn {
   struct pingpong pp;
+  char *account;
+  char *alternative_to_user;
   char *entrypath; /* the PWD reply when we logged on */
   char **dirs;   /* realloc()ed array for path components */
   int dirdepth;  /* number of entries used in the 'dirs' array */
@@ -144,6 +146,9 @@ struct ftp_conn {
   ftpstate state; /* always use ftp.c:state() to change state! */
   ftpstate state_saved; /* transfer type saved to be reloaded after
                            data connection is established */
+  unsigned char use_ssl;   /* if AUTH TLS is to be attempted etc, for FTP or
+                            * IMAP or POP3 or others! (type: curl_usessl) */
+  unsigned char ccc;       /* ccc level for this connection */
   curl_off_t retr_size_saved; /* Size of retrieved file saved */
   char *server_os;     /* The target server operating system. */
   curl_off_t known_filesize; /* file size is different from -1, if wildcard
Index: curl-7.60.0/lib/setopt.c
===================================================================
--- curl-7.60.0.orig/lib/setopt.c
+++ curl-7.60.0/lib/setopt.c
@@ -2007,7 +2007,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *
     arg = va_arg(param, long);
     if((arg < CURLUSESSL_NONE) || (arg > CURLUSESSL_ALL))
       return CURLE_BAD_FUNCTION_ARGUMENT;
-    data->set.use_ssl = (curl_usessl)arg;
+    data->set.use_ssl = (unsigned char)arg;
     break;
 
   case CURLOPT_SSL_OPTIONS:
Index: curl-7.60.0/lib/url.c
===================================================================
--- curl-7.60.0.orig/lib/url.c
+++ curl-7.60.0/lib/url.c
@@ -1040,12 +1040,16 @@ static size_t max_pipeline_length(struct
   return multi ? multi->max_pipeline_length : 0;
 }
 
+#ifdef USE_SSH
 static bool ssh_config_matches(struct connectdata *one,
                                struct connectdata *two)
 {
   return (Curl_safecmp(one->proto.sshc.rsa, two->proto.sshc.rsa) &&
           Curl_safecmp(one->proto.sshc.rsa_pub, two->proto.sshc.rsa_pub));
 }
+#else
+#define ssh_config_matches(x,y) FALSE
+#endif
 
 /*
  * Given one filled in connection struct (named needle), this function should
@@ -1223,12 +1227,6 @@ ConnectionExists(struct Curl_easy *data,
         continue;
 #endif
 
-      if(get_protocol_family(needle->handler) == CURLPROTO_SFTP ||
-         get_protocol_family(needle->handler) == CURLPROTO_SCP ) {
-        if(!ssh_config_matches(needle, check))
-          continue;
-      }
-
       if((needle->handler->flags&PROTOPT_SSL) !=
          (check->handler->flags&PROTOPT_SSL))
         /* don't do mixed SSL and non-SSL connections */
@@ -1321,6 +1319,29 @@ ConnectionExists(struct Curl_easy *data,
         }
       }
 
+      if (1) {
+        ; /* noop for the following ifdef and else clauses */
+      }
+#ifdef USE_SSH
+      else if(get_protocol_family(needle->handler->protocol) == CURLPROTO_SFTP ||
+	      get_protocol_family(needle->handler->protocol) == CURLPROTO_SCP ) {
+        if(!ssh_config_matches(needle, check))
+          continue;
+      }
+#endif
+#ifndef CURL_DISABLE_FTP
+      else if(get_protocol_family(needle->handler->protocol) & PROTO_FAMILY_FTP) {
+        /* Also match ACCOUNT, ALTERNATIVE-TO-USER, USE_SSL and CCC options */
+        if(Curl_timestrcmp(needle->proto.ftpc.account,
+                           check->proto.ftpc.account) ||
+           Curl_timestrcmp(needle->proto.ftpc.alternative_to_user,
+                           check->proto.ftpc.alternative_to_user) ||
+           (needle->proto.ftpc.use_ssl != check->proto.ftpc.use_ssl) ||
+           (needle->proto.ftpc.ccc != check->proto.ftpc.ccc))
+          continue;
+      }
+#endif
+
       if(!needle->bits.httpproxy || (needle->handler->flags&PROTOPT_SSL) ||
          needle->bits.tunnel_proxy) {
         /* The requested connection does not use a HTTP proxy or it uses SSL or
Index: curl-7.60.0/lib/strcase.c
===================================================================
--- curl-7.60.0.orig/lib/strcase.c
+++ curl-7.60.0/lib/strcase.c
@@ -165,6 +165,28 @@ void Curl_strntoupper(char *dest, const
   } while(*src++ && --n);
 }
 
+/*
+ * Curl_timestrcmp() returns 0 if the two strings are identical. The time this
+ * function spends is a function of the shortest string, not of the contents.
+ */
+int Curl_timestrcmp(const char *a, const char *b)
+{
+  int match = 0;
+  int i = 0;
+
+  if(a && b) {
+    while(1) {
+      match |= a[i]^b[i];
+      if(!a[i] || !b[i])
+        break;
+      i++;
+    }
+  }
+  else
+    return a || b;
+  return match;
+}
+
 /* --- public functions --- */
 
 int curl_strequal(const char *first, const char *second)
Index: curl-7.60.0/lib/strcase.h
===================================================================
--- curl-7.60.0.orig/lib/strcase.h
+++ curl-7.60.0/lib/strcase.h
@@ -49,5 +49,6 @@ void Curl_strntoupper(char *dest, const
 char Curl_raw_toupper(char in);
 
 bool Curl_safecmp(char *a, char *b);
+int Curl_timestrcmp(const char *first, const char *second);
 
 #endif /* HEADER_CURL_STRCASE_H */

Places

File curl-CVE-2023-27535.patch of Package curl.27112

Places