mirror of
https://github.com/hak5/wifipineapple-openwrt.git
synced 2025-10-29 16:57:19 +00:00
db9be1fa75
This fixes the following security vulnerabilities in curl: * CVE-2015-3143 * CVE-2015-3144 * CVE-2015-3145 * CVE-2015-3148 * CVE-2015-3153 * CVE-2015-3236 * CVE-2015-3237 This was fixed in trunk with update to version 7.43.0 in r46169. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46312 3c298f89-4303-0410-b956-a3cf2f4a3e73
29 lines
904 B
Diff
29 lines
904 B
Diff
From d7d1bc8f08eea1a85ab0d794bc1561659462d937 Mon Sep 17 00:00:00 2001
|
|
From: Daniel Stenberg <daniel@haxx.se>
|
|
Date: Thu, 16 Apr 2015 13:26:46 +0200
|
|
Subject: [PATCH] ConnectionExists: for NTLM re-use, require credentials to
|
|
match
|
|
|
|
CVE-2015-3143
|
|
|
|
Bug: http://curl.haxx.se/docs/adv_20150422A.html
|
|
Reported-by: Paras Sethia
|
|
---
|
|
lib/url.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
--- a/lib/url.c
|
|
+++ b/lib/url.c
|
|
@@ -3184,7 +3184,11 @@ ConnectionExists(struct SessionHandle *d
|
|
}
|
|
|
|
if((!(needle->handler->flags & PROTOPT_CREDSPERREQUEST)) ||
|
|
+#if defined(USE_NTLM)
|
|
+ (wantNTLMhttp || check->ntlm.state != NTLMSTATE_NONE)) {
|
|
+#else
|
|
wantNTLMhttp) {
|
|
+#endif
|
|
/* This protocol requires credentials per connection or is HTTP+NTLM,
|
|
so verify that we're using the same name and password as well */
|
|
if(!strequal(needle->user, check->user) ||
|