diff options
Diffstat (limited to 'meta/recipes-support/curl/curl/CVE-2015-3143.patch')
-rw-r--r-- | meta/recipes-support/curl/curl/CVE-2015-3143.patch | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2015-3143.patch b/meta/recipes-support/curl/curl/CVE-2015-3143.patch new file mode 100644 index 0000000..745e945 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2015-3143.patch @@ -0,0 +1,38 @@ +From d7d1bc8f08eea1a85ab0d794bc1561659462d937 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Thu, 16 Apr 2015 13:26:46 +0200 +Subject: [PATCH] ConnectionExists: for NTLM re-use, require credentials to + match + +Upstream-Status: Backport + +CVE-2015-3143 + +Bug: http://curl.haxx.se/docs/adv_20150422A.html +Reported-by: Paras Sethia +Signed-off-by: Daniel Stenberg <daniel@haxx.se> +Signed-off-by: Maxin B. John <maxin.john@enea.com> +--- + lib/url.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/url.c b/lib/url.c +index 018bb88..ee3d176 100644 +--- a/lib/url.c ++++ b/lib/url.c +@@ -3207,11 +3207,11 @@ ConnectionExists(struct SessionHandle *data, + strcmp(check->localdev, needle->localdev)) + continue; + } + + if((!(needle->handler->flags & PROTOPT_CREDSPERREQUEST)) || +- wantNTLMhttp) { ++ (wantNTLMhttp || check->ntlm.state != NTLMSTATE_NONE)) { + /* This protocol requires credentials per connection or is HTTP+NTLM, + so verify that we're using the same name and password as well */ + if(!strequal(needle->user, check->user) || + !strequal(needle->passwd, check->passwd)) { + /* one of them was different */ +-- +2.1.4 + |