015-CVE-2015-3236.patch 1.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142
  1. From e6d7c30734487246e83b95520e81bc1ccf0a2376 Mon Sep 17 00:00:00 2001
  2. From: Kamil Dudka <kdudka@redhat.com>
  3. Date: Thu, 28 May 2015 20:04:35 +0200
  4. Subject: [PATCH] http: do not leak basic auth credentials on re-used
  5. connections
  6. CVE-2015-3236
  7. This partially reverts commit curl-7_39_0-237-g87c4abb
  8. Bug: http://curl.haxx.se/docs/adv_20150617A.html
  9. ---
  10. lib/http.c | 16 ++++------------
  11. 1 file changed, 4 insertions(+), 12 deletions(-)
  12. --- a/lib/http.c
  13. +++ b/lib/http.c
  14. @@ -2333,20 +2333,12 @@ CURLcode Curl_http(struct connectdata *c
  15. te
  16. );
  17. - /*
  18. - * Free userpwd for Negotiate/NTLM. Cannot reuse as it is associated with
  19. - * the connection and shouldn't be repeated over it either.
  20. - */
  21. - switch (data->state.authhost.picked) {
  22. - case CURLAUTH_NEGOTIATE:
  23. - case CURLAUTH_NTLM:
  24. - case CURLAUTH_NTLM_WB:
  25. - Curl_safefree(conn->allocptr.userpwd);
  26. - break;
  27. - }
  28. + /* clear userpwd to avoid re-using credentials from re-used connections */
  29. + Curl_safefree(conn->allocptr.userpwd);
  30. /*
  31. - * Same for proxyuserpwd
  32. + * Free proxyuserpwd for Negotiate/NTLM. Cannot reuse as it is associated
  33. + * with the connection and shouldn't be repeated over it either.
  34. */
  35. switch (data->state.authproxy.picked) {
  36. case CURLAUTH_NEGOTIATE: