Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP5:Update
curl.27750
curl-CVE-2022-27774.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File curl-CVE-2022-27774.patch of Package curl.27750
From b92ebe53f3fc7b4a4355724a22690fdef4f1bf2f Mon Sep 17 00:00:00 2001 From: Daniel Stenberg <daniel@haxx.se> Date: Tue, 19 Apr 2022 12:49:28 +0200 Subject: [PATCH 1/3] connect: store "conn_remote_port" in the info struct To make it available after the connection ended. --- lib/connect.c | 1 + lib/urldata.h | 6 +++++- 2 files changed, 6 insertions(+), 1 deletion(-) Index: curl-7.79.1/lib/connect.c =================================================================== --- curl-7.79.1.orig/lib/connect.c +++ curl-7.79.1/lib/connect.c @@ -617,6 +617,7 @@ void Curl_persistconninfo(struct Curl_ea data->info.conn_scheme = conn->handler->scheme; data->info.conn_protocol = conn->handler->protocol; data->info.conn_primary_port = conn->port; + data->info.conn_remote_port = conn->remote_port; data->info.conn_local_port = local_port; } Index: curl-7.79.1/lib/urldata.h =================================================================== --- curl-7.79.1.orig/lib/urldata.h +++ curl-7.79.1/lib/urldata.h @@ -1156,7 +1156,11 @@ struct PureInfo { reused, in the connection cache. */ char conn_primary_ip[MAX_IPADR_LEN]; - int conn_primary_port; + int conn_primary_port; /* this is the destination port to the connection, + which might have been a proxy */ + int conn_remote_port; /* this is the "remote port", which is the port + number of the used URL, independent of proxy or + not */ char conn_local_ip[MAX_IPADR_LEN]; int conn_local_port; const char *conn_scheme; Index: curl-7.79.1/lib/transfer.c =================================================================== --- curl-7.79.1.orig/lib/transfer.c +++ curl-7.79.1/lib/transfer.c @@ -1652,10 +1652,53 @@ CURLcode Curl_follow(struct Curl_easy *d return CURLE_OUT_OF_MEMORY; } else { - uc = curl_url_get(data->state.uh, CURLUPART_URL, &newurl, 0); if(uc) return Curl_uc_to_curlcode(uc); + + /* Clear auth if this redirects to a different port number or protocol, + unless permitted */ + if(!data->set.allow_auth_to_other_hosts && (type != FOLLOW_FAKE)) { + char *portnum; + int port; + bool clear = FALSE; + + uc = curl_url_get(data->state.uh, CURLUPART_PORT, &portnum, + CURLU_DEFAULT_PORT); + if(uc) { + free(newurl); + return Curl_uc_to_curlcode(uc); + } + port = atoi(portnum); + free(portnum); + + if(port != data->info.conn_remote_port) { + infof(data, "Clear auth, redirects to port from %u to %u", + data->info.conn_remote_port, port); + clear = TRUE; + } + else { + char *scheme; + const struct Curl_handler *p; + uc = curl_url_get(data->state.uh, CURLUPART_SCHEME, &scheme, 0); + if(uc) { + free(newurl); + return Curl_uc_to_curlcode(uc); + } + + p = Curl_builtin_scheme(scheme); + if(p && (p->protocol != data->info.conn_protocol)) { + infof(data, "Clear auth, redirects scheme from %s to %s", + data->info.conn_scheme, scheme); + clear = TRUE; + } + free(scheme); + } + if(clear) { + Curl_safefree(data->state.aptr.user); + Curl_safefree(data->state.aptr.passwd); + } + } } if(type == FOLLOW_FAKE) { Index: curl-7.79.1/tests/data/Makefile.inc =================================================================== --- curl-7.79.1.orig/tests/data/Makefile.inc +++ curl-7.79.1/tests/data/Makefile.inc @@ -116,7 +116,7 @@ test936 test937 test938 test939 test940 test945 test946 test947 test948 test949 test950 test951 test952 test953 \ test954 test955 test956 test957 test958 test959 test960 test961 test962 \ test963 test964 test965 test966 test967 test968 test969 test970 test971 \ -test972 \ +test972 test973 test974 test975 test976 \ \ test980 test981 test982 test983 test984 test985 test986 \ \ Index: curl-7.79.1/tests/data/test973 =================================================================== --- /dev/null +++ curl-7.79.1/tests/data/test973 @@ -0,0 +1,88 @@ +<testcase> +<info> +<keywords> +HTTP +FTP +--location +</keywords> +</info> + +# +# Server-side +<reply> +<data> +HTTP/1.1 301 redirect +Date: Tue, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Content-Length: 0 +Connection: close +Content-Type: text/html +Location: ftp://%HOSTIP:%FTPPORT/a/path/%TESTNUMBER0002 + +</data> +<data2> +data + to + see +that FTP +works + so does it? +</data2> + +<datacheck> +HTTP/1.1 301 redirect +Date: Tue, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Content-Length: 0 +Connection: close +Content-Type: text/html +Location: ftp://%HOSTIP:%FTPPORT/a/path/%TESTNUMBER0002 + +data + to + see +that FTP +works + so does it? +</datacheck> + +</reply> + +# +# Client-side +<client> +<server> +http +ftp +</server> + <name> +HTTP with auth redirected to FTP w/o auth + </name> + <command> +http://%HOSTIP:%HTTPPORT/%TESTNUMBER -L -u joe:secret +</command> +</client> + +# +# Verify data after the test has been "shot" +<verify> +<protocol> +GET /%TESTNUMBER HTTP/1.1 +Host: %HOSTIP:%HTTPPORT +Authorization: Basic am9lOnNlY3JldA== +User-Agent: curl/%VERSION +Accept: */* + +USER anonymous +PASS ftp@example.com +PWD +CWD a +CWD path +EPSV +TYPE I +SIZE %TESTNUMBER0002 +RETR %TESTNUMBER0002 +QUIT +</protocol> +</verify> +</testcase> Index: curl-7.79.1/tests/data/test974 =================================================================== --- /dev/null +++ curl-7.79.1/tests/data/test974 @@ -0,0 +1,87 @@ +<testcase> +<info> +<keywords> +HTTP +--location +</keywords> +</info> + +# +# Server-side +<reply> +<data> +HTTP/1.1 301 redirect +Date: Tue, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Content-Length: 0 +Connection: close +Content-Type: text/html +Location: http://firsthost.com:9999/a/path/%TESTNUMBER0002 + +</data> +<data2> +HTTP/1.1 200 OK +Date: Tue, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Content-Length: 4 +Connection: close +Content-Type: text/html + +hey +</data2> + +<datacheck> +HTTP/1.1 301 redirect +Date: Tue, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Content-Length: 0 +Connection: close +Content-Type: text/html +Location: http://firsthost.com:9999/a/path/%TESTNUMBER0002 + +HTTP/1.1 200 OK +Date: Tue, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Content-Length: 4 +Connection: close +Content-Type: text/html + +hey +</datacheck> + +</reply> + +# +# Client-side +<client> +<server> +http +</server> + <name> +HTTP with auth redirected to HTTP on a diff port w/o auth + </name> + <command> +-x http://%HOSTIP:%HTTPPORT http://firsthost.com -L -u joe:secret +</command> +</client> + +# +# Verify data after the test has been "shot" +<verify> +<protocol> +GET http://firsthost.com/ HTTP/1.1 +Host: firsthost.com +Authorization: Basic am9lOnNlY3JldA== +User-Agent: curl/%VERSION +Accept: */* +Proxy-Connection: Keep-Alive + +GET http://firsthost.com:9999/a/path/%TESTNUMBER0002 HTTP/1.1 +Host: firsthost.com:9999 +User-Agent: curl/%VERSION +Accept: */* +Proxy-Connection: Keep-Alive + +</protocol> +</verify> +</testcase> Index: curl-7.79.1/tests/data/test975 =================================================================== --- /dev/null +++ curl-7.79.1/tests/data/test975 @@ -0,0 +1,88 @@ +<testcase> +<info> +<keywords> +HTTP +FTP +--location-trusted +</keywords> +</info> + +# +# Server-side +<reply> +<data> +HTTP/1.1 301 redirect +Date: Tue, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Content-Length: 0 +Connection: close +Content-Type: text/html +Location: ftp://%HOSTIP:%FTPPORT/a/path/%TESTNUMBER0002 + +</data> +<data2> +data + to + see +that FTP +works + so does it? +</data2> + +<datacheck> +HTTP/1.1 301 redirect +Date: Tue, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Content-Length: 0 +Connection: close +Content-Type: text/html +Location: ftp://%HOSTIP:%FTPPORT/a/path/%TESTNUMBER0002 + +data + to + see +that FTP +works + so does it? +</datacheck> + +</reply> + +# +# Client-side +<client> +<server> +http +ftp +</server> + <name> +HTTP with auth redirected to FTP allowing auth to continue + </name> + <command> +http://%HOSTIP:%HTTPPORT/%TESTNUMBER --location-trusted -u joe:secret +</command> +</client> + +# +# Verify data after the test has been "shot" +<verify> +<protocol> +GET /%TESTNUMBER HTTP/1.1 +Host: %HOSTIP:%HTTPPORT +Authorization: Basic am9lOnNlY3JldA== +User-Agent: curl/%VERSION +Accept: */* + +USER joe +PASS secret +PWD +CWD a +CWD path +EPSV +TYPE I +SIZE %TESTNUMBER0002 +RETR %TESTNUMBER0002 +QUIT +</protocol> +</verify> +</testcase> Index: curl-7.79.1/tests/data/test976 =================================================================== --- /dev/null +++ curl-7.79.1/tests/data/test976 @@ -0,0 +1,88 @@ +<testcase> +<info> +<keywords> +HTTP +--location-trusted +</keywords> +</info> + +# +# Server-side +<reply> +<data> +HTTP/1.1 301 redirect +Date: Tue, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Content-Length: 0 +Connection: close +Content-Type: text/html +Location: http://firsthost.com:9999/a/path/%TESTNUMBER0002 + +</data> +<data2> +HTTP/1.1 200 OK +Date: Tue, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Content-Length: 4 +Connection: close +Content-Type: text/html + +hey +</data2> + +<datacheck> +HTTP/1.1 301 redirect +Date: Tue, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Content-Length: 0 +Connection: close +Content-Type: text/html +Location: http://firsthost.com:9999/a/path/%TESTNUMBER0002 + +HTTP/1.1 200 OK +Date: Tue, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Content-Length: 4 +Connection: close +Content-Type: text/html + +hey +</datacheck> + +</reply> + +# +# Client-side +<client> +<server> +http +</server> + <name> +HTTP with auth redirected to HTTP on a diff port --location-trusted + </name> + <command> +-x http://%HOSTIP:%HTTPPORT http://firsthost.com --location-trusted -u joe:secret +</command> +</client> + +# +# Verify data after the test has been "shot" +<verify> +<protocol> +GET http://firsthost.com/ HTTP/1.1 +Host: firsthost.com +Authorization: Basic am9lOnNlY3JldA== +User-Agent: curl/%VERSION +Accept: */* +Proxy-Connection: Keep-Alive + +GET http://firsthost.com:9999/a/path/%TESTNUMBER0002 HTTP/1.1 +Host: firsthost.com:9999 +Authorization: Basic am9lOnNlY3JldA== +User-Agent: curl/%VERSION +Accept: */* +Proxy-Connection: Keep-Alive + +</protocol> +</verify> +</testcase>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
