R5Reloaded/r5sdk
1
0
Fork 0
mirror of https://github.com/Mauler125/r5sdk.git synced 2025-02-09 19:15:03 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix CVE-2022-27774

Browse Source 
Merge: curl/curl@139a54ed0a
Note: protocol compare couldn't be added, as this would require adding a new member in the state structure, and therefore, break compatibility with the structures in the compiled executable (breaking the ability to hook any of its code). This fix should be sufficient however.
This commit is contained in:
Kawe Mazidjatari 2023-06-13 13:02:04 +02:00
parent 926a34dbbb
commit e9ba4540cd
2 changed files with 18 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
r5dev/thirdparty/curl/http.c vendored
View File

@ -653,6 +653,19 @@ output_auth_headers(struct connectdata *conn,
return CURLE_OK; return CURLE_OK;
} }
/*
* Curl_allow_auth_to_host() tells if authentication, cookies or other
* "sensitive data" can (still) be sent to this host.
*/
bool Curl_allow_auth_to_host(struct Curl_easy *data, struct connectdata* conn)
{
return (!data->state.this_is_a_follow ||
data->set.allow_auth_to_other_hosts ||
(data->state.first_host &&
strcasecompare(data->state.first_host, conn->host.name) &&
(data->state.first_remote_port == conn->remote_port)));
}
/** /**
* Curl_http_output_auth() setups the authentication headers for the * Curl_http_output_auth() setups the authentication headers for the
* host/proxy and the correct authentication * host/proxy and the correct authentication
@ -723,11 +736,8 @@ Curl_http_output_auth(struct connectdata *conn,
/* To prevent the user+password to get sent to other than the original /* To prevent the user+password to get sent to other than the original
host due to a location-follow, we do some weirdo checks here */ host due to a location-follow, we do some weirdo checks here */
if(!data->state.this_is_a_follow || if(Curl_allow_auth_to_host(data, conn) ||
conn->bits.netrc || conn->bits.netrc) {
!data->state.first_host ||
data->set.allow_auth_to_other_hosts ||
strcasecompare(data->state.first_host, conn->host.name)) {
result = output_auth_headers(conn, authhost, request, path, FALSE); result = output_auth_headers(conn, authhost, request, path, FALSE);
} }
else else
@ -1648,10 +1658,7 @@ CURLcode Curl_add_custom_headers(struct connectdata *conn,
else if(checkprefix("Authorization:", headers->data) && else if(checkprefix("Authorization:", headers->data) &&
/* be careful of sending this potentially sensitive header to /* be careful of sending this potentially sensitive header to
other hosts */ other hosts */
(data->state.this_is_a_follow && !Curl_allow_auth_to_host(data, conn))
data->state.first_host &&
!data->set.allow_auth_to_other_hosts &&
!strcasecompare(data->state.first_host, conn->host.name)))
; ;
else { else {
CURLcode result = Curl_add_bufferf(req_buffer, "%s\r\n", CURLcode result = Curl_add_bufferf(req_buffer, "%s\r\n",

3
r5dev/thirdparty/curl/vtls/openssl.c vendored
View File

@ -2123,7 +2123,8 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
infof(data, "Cipher selection: %s\n", ciphers); infof(data, "Cipher selection: %s\n", ciphers);
#ifdef USE_TLS_SRP #ifdef USE_TLS_SRP
if(ssl_authtype == CURL_TLSAUTH_SRP) { if((ssl_authtype == CURL_TLSAUTH_SRP) &&
Curl_allow_auth_to_host(data, conn)) {
char * const ssl_username = SSL_SET_OPTION(username); char * const ssl_username = SSL_SET_OPTION(username);
infof(data, "Using TLS-SRP username: %s\n", ssl_username); infof(data, "Using TLS-SRP username: %s\n", ssl_username);