Home Explore Help
Register Sign In
wareck
/
openwrt_chaos_calmer
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: c3df3ea581
Branches Tags
openwrt_chaos_c...
/
package
/
network
/
utils
/
curl
/
patches
/
010-CVE-2015-3143.patch

010-CVE-2015-3143.patch 904 B
History Raw

12345678910111213141516171819202122232425262728 
  1. From d7d1bc8f08eea1a85ab0d794bc1561659462d937 Mon Sep 17 00:00:00 2001
    2. 

  2. From: Daniel Stenberg <daniel@haxx.se>
    3. 

  3. Date: Thu, 16 Apr 2015 13:26:46 +0200
    4. 

  4. Subject: [PATCH] ConnectionExists: for NTLM re-use, require credentials to
    5. 

  5.  match
    6. 

  6. 

  7. CVE-2015-3143
    8. 

  8. 

  9. Bug: http://curl.haxx.se/docs/adv_20150422A.html
    10. 

  10. Reported-by: Paras Sethia
    11. 

  11. ---
    12. 

  12.  lib/url.c | 2 +-
    13. 

  13.  1 file changed, 1 insertion(+), 1 deletion(-)
    14. 

  14. 

  15. --- a/lib/url.c
    16. 

  16. +++ b/lib/url.c
    17. 

  17. @@ -3184,7 +3184,11 @@ ConnectionExists(struct SessionHandle *d
    18. 

  18.        }
    19. 

  19.  
    20. 

  20.        if((!(needle->handler->flags & PROTOPT_CREDSPERREQUEST)) ||
    21. 

  21. +#if defined(USE_NTLM)
    22. 

  22. +         (wantNTLMhttp || check->ntlm.state != NTLMSTATE_NONE)) {
    23. 

  23. +#else
    24. 

  24.           wantNTLMhttp) {
    25. 

  25. +#endif
    26. 

  26.          /* This protocol requires credentials per connection or is HTTP+NTLM,
    27. 

  27.             so verify that we're using the same name and password as well */
    28. 

  28.          if(!strequal(needle->user, check->user) ||
    29.