登录 注册
开源 企业版 高校版 私有云 Gitee AI NEW
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
1 Star 0 Fork 137

cheng_jinsong/third_party_curl

forked from OpenHarmony/third_party_curl 
代码 Issues 0 Pull Requests 0 Wiki 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
该仓库未声明开源许可证文件(LICENSE),使用请关注具体项目描述及其代码上游依赖。
项目仓库所选许可证以仓库主分支所使用许可证为准
克隆/下载
backport-001-CVE-2022-27774.patch 2.36 KB
一键复制 编辑 原始数据 按行查看 历史
周海锋 提交于 2023-04-21 10:10 . upgrade from v7.78.0 to OpenEuler Curl
1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677
From 620ea21410030a9977396b4661806bc187231b79 Mon Sep 17 00:00:00 2001

From: Daniel Stenberg <daniel@haxx.se>

Date: Mon, 25 Apr 2022 16:24:33 +0200

Subject: [PATCH] transfer: redirects to other protocols or ports clear auth



... unless explicitly permitted.



Bug: https://curl.se/docs/CVE-2022-27774.html

Reported-by: Harry Sintonen

Closes #8748

---

 lib/transfer.c | 49 ++++++++++++++++++++++++++++++++++++++++++++++++-

 1 file changed, 48 insertions(+), 1 deletion(-)



diff --git a/lib/transfer.c b/lib/transfer.c

index 53ef0b03b8e0..315da876c4a8 100644

--- a/lib/transfer.c

+++ b/lib/transfer.c

@@ -1611,10 +1611,57 @@ CURLcode Curl_follow(struct Curl_easy *data,

       return CURLE_OUT_OF_MEMORY;

   }

   else {

-

     uc = curl_url_get(data->state.uh, CURLUPART_URL, &newurl, 0);

     if(uc)

       return Curl_uc_to_curlcode(uc);

+

+    /* Clear auth if this redirects to a different port number or protocol,

+       unless permitted */

+    if(!data->set.allow_auth_to_other_hosts && (type != FOLLOW_FAKE)) {

+      char *portnum;

+      int port;

+      bool clear = FALSE;

+

+      if(data->set.use_port && data->state.allow_port)

+        /* a custom port is used */

+        port = (int)data->set.use_port;

+      else {

+        uc = curl_url_get(data->state.uh, CURLUPART_PORT, &portnum,

+                          CURLU_DEFAULT_PORT);

+        if(uc) {

+          free(newurl);

+          return Curl_uc_to_curlcode(uc);

+        }

+        port = atoi(portnum);

+        free(portnum);

+      }

+      if(port != data->info.conn_remote_port) {

+        infof(data, "Clear auth, redirects to port from %u to %u",

+              data->info.conn_remote_port, port);

+        clear = TRUE;

+      }

+      else {

+        char *scheme;

+        const struct Curl_handler *p;

+        uc = curl_url_get(data->state.uh, CURLUPART_SCHEME, &scheme, 0);

+        if(uc) {

+          free(newurl);

+          return Curl_uc_to_curlcode(uc);

+        }

+

+        p = Curl_builtin_scheme(scheme);

+        if(p && (p->protocol != data->info.conn_protocol)) {

+          infof(data, "Clear auth, redirects scheme from %s to %s",

+                data->info.conn_scheme, scheme);

+          clear = TRUE;

+        }

+        free(scheme);

+      }

+      if(clear) {

+        Curl_safefree(data->state.aptr.user);

+        Curl_safefree(data->state.aptr.passwd);

+      }

+    }

   }

 

   if(type == FOLLOW_FAKE) {
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
1
https://gitee.com/chneg-jinsong/third_party_curl.git
git@gitee.com:chneg-jinsong/third_party_curl.git
chneg-jinsong
third_party_curl
third_party_curl
master
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
评论
仓库举报
回到顶部