diff options
author | Hauke Mehrtens <hauke@openwrt.org> | 2015-07-12 16:03:51 +0000 |
---|---|---|
committer | Hauke Mehrtens <hauke@openwrt.org> | 2015-07-12 16:03:51 +0000 |
commit | db9be1fa75e9e673275ab2994c4e5045ecda101e (patch) | |
tree | 9ee4290bb0e67442c631b7c424128a2689f78cd3 /package/network/utils/curl/patches/015-CVE-2015-3236.patch | |
parent | 3a969d7290eddab376ee01502c8224871e3b2423 (diff) | |
download | upstream-db9be1fa75e9e673275ab2994c4e5045ecda101e.tar.gz upstream-db9be1fa75e9e673275ab2994c4e5045ecda101e.tar.bz2 upstream-db9be1fa75e9e673275ab2994c4e5045ecda101e.zip |
CC: curl: fix some security vulnerabilities
This fixes the following security vulnerabilities in curl:
* CVE-2015-3143
* CVE-2015-3144
* CVE-2015-3145
* CVE-2015-3148
* CVE-2015-3153
* CVE-2015-3236
* CVE-2015-3237
This was fixed in trunk with update to version 7.43.0 in r46169.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46312 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'package/network/utils/curl/patches/015-CVE-2015-3236.patch')
-rw-r--r-- | package/network/utils/curl/patches/015-CVE-2015-3236.patch | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/package/network/utils/curl/patches/015-CVE-2015-3236.patch b/package/network/utils/curl/patches/015-CVE-2015-3236.patch new file mode 100644 index 0000000000..720fb94aa0 --- /dev/null +++ b/package/network/utils/curl/patches/015-CVE-2015-3236.patch @@ -0,0 +1,42 @@ +From e6d7c30734487246e83b95520e81bc1ccf0a2376 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka <kdudka@redhat.com> +Date: Thu, 28 May 2015 20:04:35 +0200 +Subject: [PATCH] http: do not leak basic auth credentials on re-used + connections + +CVE-2015-3236 + +This partially reverts commit curl-7_39_0-237-g87c4abb + +Bug: http://curl.haxx.se/docs/adv_20150617A.html +--- + lib/http.c | 16 ++++------------ + 1 file changed, 4 insertions(+), 12 deletions(-) + +--- a/lib/http.c ++++ b/lib/http.c +@@ -2333,20 +2333,12 @@ CURLcode Curl_http(struct connectdata *c + te + ); + +- /* +- * Free userpwd for Negotiate/NTLM. Cannot reuse as it is associated with +- * the connection and shouldn't be repeated over it either. +- */ +- switch (data->state.authhost.picked) { +- case CURLAUTH_NEGOTIATE: +- case CURLAUTH_NTLM: +- case CURLAUTH_NTLM_WB: +- Curl_safefree(conn->allocptr.userpwd); +- break; +- } ++ /* clear userpwd to avoid re-using credentials from re-used connections */ ++ Curl_safefree(conn->allocptr.userpwd); + + /* +- * Same for proxyuserpwd ++ * Free proxyuserpwd for Negotiate/NTLM. Cannot reuse as it is associated ++ * with the connection and shouldn't be repeated over it either. + */ + switch (data->state.authproxy.picked) { + case CURLAUTH_NEGOTIATE: |