mirror of
https://github.com/hak5/wifipineapple-openwrt.git
synced 2025-10-29 16:57:19 +00:00
db9be1fa75
This fixes the following security vulnerabilities in curl: * CVE-2015-3143 * CVE-2015-3144 * CVE-2015-3145 * CVE-2015-3148 * CVE-2015-3153 * CVE-2015-3236 * CVE-2015-3237 This was fixed in trunk with update to version 7.43.0 in r46169. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46312 3c298f89-4303-0410-b956-a3cf2f4a3e73
43 lines
1.3 KiB
Diff
43 lines
1.3 KiB
Diff
From e6d7c30734487246e83b95520e81bc1ccf0a2376 Mon Sep 17 00:00:00 2001
|
|
From: Kamil Dudka <kdudka@redhat.com>
|
|
Date: Thu, 28 May 2015 20:04:35 +0200
|
|
Subject: [PATCH] http: do not leak basic auth credentials on re-used
|
|
connections
|
|
|
|
CVE-2015-3236
|
|
|
|
This partially reverts commit curl-7_39_0-237-g87c4abb
|
|
|
|
Bug: http://curl.haxx.se/docs/adv_20150617A.html
|
|
---
|
|
lib/http.c | 16 ++++------------
|
|
1 file changed, 4 insertions(+), 12 deletions(-)
|
|
|
|
--- a/lib/http.c
|
|
+++ b/lib/http.c
|
|
@@ -2333,20 +2333,12 @@ CURLcode Curl_http(struct connectdata *c
|
|
te
|
|
);
|
|
|
|
- /*
|
|
- * Free userpwd for Negotiate/NTLM. Cannot reuse as it is associated with
|
|
- * the connection and shouldn't be repeated over it either.
|
|
- */
|
|
- switch (data->state.authhost.picked) {
|
|
- case CURLAUTH_NEGOTIATE:
|
|
- case CURLAUTH_NTLM:
|
|
- case CURLAUTH_NTLM_WB:
|
|
- Curl_safefree(conn->allocptr.userpwd);
|
|
- break;
|
|
- }
|
|
+ /* clear userpwd to avoid re-using credentials from re-used connections */
|
|
+ Curl_safefree(conn->allocptr.userpwd);
|
|
|
|
/*
|
|
- * Same for proxyuserpwd
|
|
+ * Free proxyuserpwd for Negotiate/NTLM. Cannot reuse as it is associated
|
|
+ * with the connection and shouldn't be repeated over it either.
|
|
*/
|
|
switch (data->state.authproxy.picked) {
|
|
case CURLAUTH_NEGOTIATE:
|