diff options
Diffstat (limited to 'package/network/utils/curl/patches/015-CVE-2015-3236.patch')
-rw-r--r-- | package/network/utils/curl/patches/015-CVE-2015-3236.patch | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/package/network/utils/curl/patches/015-CVE-2015-3236.patch b/package/network/utils/curl/patches/015-CVE-2015-3236.patch new file mode 100644 index 0000000000..720fb94aa0 --- /dev/null +++ b/package/network/utils/curl/patches/015-CVE-2015-3236.patch @@ -0,0 +1,42 @@ +From e6d7c30734487246e83b95520e81bc1ccf0a2376 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka <kdudka@redhat.com> +Date: Thu, 28 May 2015 20:04:35 +0200 +Subject: [PATCH] http: do not leak basic auth credentials on re-used + connections + +CVE-2015-3236 + +This partially reverts commit curl-7_39_0-237-g87c4abb + +Bug: http://curl.haxx.se/docs/adv_20150617A.html +--- + lib/http.c | 16 ++++------------ + 1 file changed, 4 insertions(+), 12 deletions(-) + +--- a/lib/http.c ++++ b/lib/http.c +@@ -2333,20 +2333,12 @@ CURLcode Curl_http(struct connectdata *c + te + ); + +- /* +- * Free userpwd for Negotiate/NTLM. Cannot reuse as it is associated with +- * the connection and shouldn't be repeated over it either. +- */ +- switch (data->state.authhost.picked) { +- case CURLAUTH_NEGOTIATE: +- case CURLAUTH_NTLM: +- case CURLAUTH_NTLM_WB: +- Curl_safefree(conn->allocptr.userpwd); +- break; +- } ++ /* clear userpwd to avoid re-using credentials from re-used connections */ ++ Curl_safefree(conn->allocptr.userpwd); + + /* +- * Same for proxyuserpwd ++ * Free proxyuserpwd for Negotiate/NTLM. Cannot reuse as it is associated ++ * with the connection and shouldn't be repeated over it either. + */ + switch (data->state.authproxy.picked) { + case CURLAUTH_NEGOTIATE: |