diff options
Diffstat (limited to 'meta/recipes-support/curl/curl/CVE-2023-27536.patch')
-rw-r--r-- | meta/recipes-support/curl/curl/CVE-2023-27536.patch | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2023-27536.patch b/meta/recipes-support/curl/curl/CVE-2023-27536.patch new file mode 100644 index 0000000000..b04a77de25 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2023-27536.patch @@ -0,0 +1,55 @@ +From cb49e67303dbafbab1cebf4086e3ec15b7d56ee5 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Fri, 10 Mar 2023 09:22:43 +0100 +Subject: [PATCH] url: only reuse connections with same GSS delegation + +Reported-by: Harry Sintonen +Closes #10731 + +Upstream-Status: Backport [https://github.com/curl/curl/commit/cb49e67303dbafbab1cebf4086e3ec15b7d56ee5] +CVE: CVE-2023-27536 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + lib/url.c | 6 ++++++ + lib/urldata.h | 1 + + 2 files changed, 7 insertions(+) + +diff --git a/lib/url.c b/lib/url.c +index f84375c..87f4eb0 100644 +--- a/lib/url.c ++++ b/lib/url.c +@@ -1257,6 +1257,11 @@ ConnectionExists(struct Curl_easy *data, + } + } + ++ /* GSS delegation differences do not actually affect every connection ++ and auth method, but this check takes precaution before efficiency */ ++ if(needle->gssapi_delegation != check->gssapi_delegation) ++ continue; ++ + #ifdef USE_SSH + else if(get_protocol_family(needle->handler->protocol) & PROTO_FAMILY_SSH) { + if(!ssh_config_matches(needle, check)) +@@ -1708,6 +1713,7 @@ static struct connectdata *allocate_conn(struct Curl_easy *data) + conn->fclosesocket = data->set.fclosesocket; + conn->closesocket_client = data->set.closesocket_client; + conn->lastused = Curl_now(); /* used now */ ++ conn->gssapi_delegation = data->set.gssapi_delegation; + + return conn; + error: +diff --git a/lib/urldata.h b/lib/urldata.h +index 51b793b..b8a611b 100644 +--- a/lib/urldata.h ++++ b/lib/urldata.h +@@ -1118,6 +1118,7 @@ struct connectdata { + handle */ + BIT(sock_accepted); /* TRUE if the SECONDARYSOCKET was created with + accept() */ ++ long gssapi_delegation; /* inherited from set.gssapi_delegation */ + }; + + /* The end of connectdata. */ +-- +2.25.1 + |