diff options
Diffstat (limited to 'meta/recipes-support/curl/curl/CVE-2023-27536.patch')
| -rw-r--r-- | meta/recipes-support/curl/curl/CVE-2023-27536.patch | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2023-27536.patch b/meta/recipes-support/curl/curl/CVE-2023-27536.patch new file mode 100644 index 0000000000..d3d1d2dc2e --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2023-27536.patch @@ -0,0 +1,53 @@ +From cb49e67303dbafbab1cebf4086e3ec15b7d56ee5 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Fri, 10 Mar 2023 09:22:43 +0100 +Subject: [PATCH] url: only reuse connections with same GSS delegation + +Upstream-Status: Backport from [https://github.com/curl/curl/commit/cb49e67303dbafbab1cebf4086e3ec15b7d56ee5] +CVE: CVE-2023-27536 +Signed-off-by: Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +Signed-off-by: Siddharth Doshi <sdoshi@mvista.com> +Signed-off-by: Sourav Kumar Pramanik <pramanik.souravkumar@gmail.com> +--- + lib/url.c | 6 ++++++ + lib/urldata.h | 1 + + 2 files changed, 7 insertions(+) + +diff --git a/lib/url.c b/lib/url.c +index 280171c..c6413a1 100644 +--- a/lib/url.c ++++ b/lib/url.c +@@ -1341,6 +1341,11 @@ ConnectionExists(struct Curl_easy *data, + } + } + ++ /* GSS delegation differences do not actually affect every connection ++ and auth method, but this check takes precaution before efficiency */ ++ if(needle->gssapi_delegation != check->gssapi_delegation) ++ continue; ++ + /* If multiplexing isn't enabled on the h2 connection and h1 is + explicitly requested, handle it: */ + if((needle->handler->protocol & PROTO_FAMILY_HTTP) && +@@ -1813,6 +1818,7 @@ static struct connectdata *allocate_conn(struct Curl_easy *data) + conn->fclosesocket = data->set.fclosesocket; + conn->closesocket_client = data->set.closesocket_client; + conn->lastused = Curl_now(); /* used now */ ++ conn->gssapi_delegation = data->set.gssapi_delegation; + + return conn; + error: +diff --git a/lib/urldata.h b/lib/urldata.h +index 6e6122a..602c735 100644 +--- a/lib/urldata.h ++++ b/lib/urldata.h +@@ -1131,6 +1131,7 @@ struct connectdata { + int socks5_gssapi_enctype; + #endif + unsigned short localport; ++ long gssapi_delegation; /* inherited from set.gssapi_delegation */ + }; + + /* The end of connectdata. */ +-- +2.35.7 |