You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
42 lines
1.3 KiB
42 lines
1.3 KiB
From e6d7c30734487246e83b95520e81bc1ccf0a2376 Mon Sep 17 00:00:00 2001
|
|
From: Kamil Dudka <kdudka@redhat.com>
|
|
Date: Thu, 28 May 2015 20:04:35 +0200
|
|
Subject: [PATCH] http: do not leak basic auth credentials on re-used
|
|
connections
|
|
|
|
CVE-2015-3236
|
|
|
|
This partially reverts commit curl-7_39_0-237-g87c4abb
|
|
|
|
Bug: http://curl.haxx.se/docs/adv_20150617A.html
|
|
---
|
|
lib/http.c | 16 ++++------------
|
|
1 file changed, 4 insertions(+), 12 deletions(-)
|
|
|
|
--- a/lib/http.c
|
|
+++ b/lib/http.c
|
|
@@ -2327,20 +2327,12 @@ CURLcode Curl_http(struct connectdata *c
|
|
te
|
|
);
|
|
|
|
- /*
|
|
- * Free userpwd for Negotiate/NTLM. Cannot reuse as it is associated with
|
|
- * the connection and shouldn't be repeated over it either.
|
|
- */
|
|
- switch (data->state.authhost.picked) {
|
|
- case CURLAUTH_NEGOTIATE:
|
|
- case CURLAUTH_NTLM:
|
|
- case CURLAUTH_NTLM_WB:
|
|
- Curl_safefree(conn->allocptr.userpwd);
|
|
- break;
|
|
- }
|
|
+ /* clear userpwd to avoid re-using credentials from re-used connections */
|
|
+ Curl_safefree(conn->allocptr.userpwd);
|
|
|
|
/*
|
|
- * Same for proxyuserpwd
|
|
+ * Free proxyuserpwd for Negotiate/NTLM. Cannot reuse as it is associated
|
|
+ * with the connection and shouldn't be repeated over it either.
|
|
*/
|
|
switch (data->state.authproxy.picked) {
|
|
case CURLAUTH_NEGOTIATE:
|