Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:Update
curl.20444
curl-CVE-2021-22876.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File curl-CVE-2021-22876.patch of Package curl.20444
From 3dec1183be112e587f89edc059c1c11cf8fdc0ae Mon Sep 17 00:00:00 2001 From: Viktor Szakats <commit@vsz.me> Date: Tue, 23 Feb 2021 14:54:46 +0100 Subject: [PATCH] transfer: strip credentials from the auto-referer header field --- From f65d7889b5c8eeefbb9f41c7588199be18b38a20 Mon Sep 17 00:00:00 2001 From: Viktor Szakats <commit@vsz.me> Date: Fri, 19 Feb 2021 16:17:44 +0000 Subject: [PATCH] http: add new files missed from referrer commit --- From 6bb028dbda6cbfe83f66de773544f71e4813160f Mon Sep 17 00:00:00 2001 From: Daniel Stenberg <daniel@haxx.se> Date: Mon, 29 Mar 2021 09:32:14 +0200 Subject: [PATCH] transfer: clear 'referer' in declaration --- From fb30ac5a2d63773c529c19259754e2b306ac2e2e Mon Sep 17 00:00:00 2001 From: Daniel Stenberg <daniel@haxx.se> Date: Sun, 5 Aug 2018 11:51:07 +0200 Subject: [PATCH] URL-API Index: curl-7.37.0/lib/transfer.c =================================================================== --- curl-7.37.0.orig/lib/transfer.c +++ curl-7.37.0/lib/transfer.c @@ -1634,6 +1634,10 @@ CURLcode Curl_follow(struct SessionHandl data->set.followlocation++; /* count location-followers */ if(data->set.http_auto_referer) { + CURLU *u; + CURLUcode uc; + char *referer = NULL; + /* We are asked to automatically set the previous URL as the referer when we get the next URL. We pick the ->url field, which may or may not be 100% correct */ @@ -1643,9 +1647,26 @@ CURLcode Curl_follow(struct SessionHandl data->change.referer_alloc = FALSE; } - data->change.referer = strdup(data->change.url); - if(!data->change.referer) + /* Make a copy of the URL without crenditals and fragment */ + u = curl_url(); + if(!u) return CURLE_OUT_OF_MEMORY; + uc = curl_url_set(u, CURLUPART_URL, data->change.url, 0); + if(!uc) + uc = curl_url_set(u, CURLUPART_FRAGMENT, NULL, 0); + if(!uc) + uc = curl_url_set(u, CURLUPART_USER, NULL, 0); + if(!uc) + uc = curl_url_set(u, CURLUPART_PASSWORD, NULL, 0); + if(!uc) + uc = curl_url_get(u, CURLUPART_URL, &referer, 0); + + curl_url_cleanup(u); + + if(uc != CURLUE_OK || !referer) + return CURLE_OUT_OF_MEMORY; + + data->change.referer = referer; data->change.referer_alloc = TRUE; /* yes, free this later */ } } Index: curl-7.37.0/tests/data/Makefile.am =================================================================== --- curl-7.37.0.orig/tests/data/Makefile.am +++ curl-7.37.0/tests/data/Makefile.am @@ -144,7 +144,8 @@ test2000 test2001 test2002 test2003 test test2008 test2009 test2010 test2011 test2012 test2013 test2014 test2015 \ test2016 test2017 test2018 test2019 test2020 test2021 test2022 test2023 \ test2024 test2025 test2026 test2027 test2028 test2029 test2030 test2031 \ -test2032 test2033 +test2032 test2033 \ +test2081 EXTRA_DIST = $(TESTCASES) DISABLED Index: curl-7.37.0/tests/data/test2081 =================================================================== --- /dev/null +++ curl-7.37.0/tests/data/test2081 @@ -0,0 +1,69 @@ +<testcase> +<info> +<keywords> +HTTP +HTTP GET +referer +followlocation +--write-out +</keywords> +</info> + +# Server-side +<reply> +<data nocheck="yes"> +HTTP/1.1 301 This is a weirdo text message swsclose +Location: data/20810002.txt?coolsite=yes +Content-Length: 62 +Connection: close + +This server reply is for testing a simple Location: following +</data> +</reply> + +# Client-side +<client> +<server> +http +</server> + <name> +Automatic referrer credential and anchor stripping check + </name> + <command> +http://user:pass@%HOSTIP:%HTTPPORT/we/want/our/2081#anchor --location --referer ';auto' +</command> +</client> + +# Verify data after the test has been "shot" +<verify> +<strip> +^User-Agent:.* +</strip> +<errorcode> +52 +</errorcode> +<protocol> +GET /we/want/our/2081 HTTP/1.1 +Authorization: Basic dXNlcjpwYXNz +Host: %HOSTIP:%HTTPPORT +User-Agent: curl/%VERSION +Accept: */* +Referer: + +GET /we/want/our/data/20810002.txt?coolsite=yes HTTP/1.1 +Authorization: Basic dXNlcjpwYXNz +Host: %HOSTIP:%HTTPPORT +User-Agent: curl/%VERSION +Accept: */* +Referer: http://%HOSTIP:%HTTPPORT/we/want/our/2081 + +</protocol> +<stdout> +HTTP/1.1 301 This is a weirdo text message swsclose +Location: data/20810002.txt?coolsite=yes +Content-Length: 62 +Connection: close + +</stdout> +</verify> +</testcase>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
