forked from curl/curl-www
-
Notifications
You must be signed in to change notification settings - Fork 0
/
CVE-2015-3236.patch
51 lines (44 loc) · 1.53 KB
/
CVE-2015-3236.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
From e6d7c30734487246e83b95520e81bc1ccf0a2376 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Thu, 28 May 2015 20:04:35 +0200
Subject: [PATCH] http: do not leak basic auth credentials on re-used
connections
CVE-2015-3236
This partially reverts commit curl-7_39_0-237-g87c4abb
Bug: https://curl.haxx.se/docs/adv_20150617A.html
---
lib/http.c | 16 ++++------------
1 file changed, 4 insertions(+), 12 deletions(-)
diff --git a/lib/http.c b/lib/http.c
index 7a5137e..e06c798 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -2310,24 +2310,16 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
!Curl_checkProxyheaders(conn, "Proxy-Connection:"))?
"Proxy-Connection: Keep-Alive\r\n":"",
te
);
- /*
- * Free userpwd for Negotiate/NTLM. Cannot reuse as it is associated with
- * the connection and shouldn't be repeated over it either.
- */
- switch (data->state.authhost.picked) {
- case CURLAUTH_NEGOTIATE:
- case CURLAUTH_NTLM:
- case CURLAUTH_NTLM_WB:
- Curl_safefree(conn->allocptr.userpwd);
- break;
- }
+ /* clear userpwd to avoid re-using credentials from re-used connections */
+ Curl_safefree(conn->allocptr.userpwd);
/*
- * Same for proxyuserpwd
+ * Free proxyuserpwd for Negotiate/NTLM. Cannot reuse as it is associated
+ * with the connection and shouldn't be repeated over it either.
*/
switch (data->state.authproxy.picked) {
case CURLAUTH_NEGOTIATE:
case CURLAUTH_NTLM:
case CURLAUTH_NTLM_WB:
--
2.1.4