File curl-CVE-2022-22576.patch of Package curl.37304

From e193f712be95dc9e5e2b92eae6381d4572231152 Mon Sep 17 00:00:00 2001
From: Patrick Monnerat <patrick@monnerat.net>
Date: Sun, 17 Apr 2022 23:29:46 +0200
Subject: [PATCH] url: check sasl additional parameters for connection reuse.

Also move static function safecmp() as non-static Curl_safecmp() since
its purpose is needed at several places.

Bug: https://curl.se/docs/CVE-2022-22576.html

CVE-2022-22576
---
 lib/strcase.c   | 10 ++++++++++
 lib/strcase.h   |  2 ++
 lib/url.c       | 13 ++++++++++++-
 lib/urldata.h   |  1 +
 lib/vtls/vtls.c | 21 ++++++---------------
 5 files changed, 31 insertions(+), 16 deletions(-)

Index: curl-7.37.0/lib/url.c
===================================================================
--- curl-7.37.0.orig/lib/url.c
+++ curl-7.37.0/lib/url.c
@@ -3108,7 +3108,8 @@ ConnectionExists(struct SessionHandle *d
         /* This protocol requires credentials per connection,
            so verify that we're using the same name and password as well */
         if(strcmp(needle->user, check->user) ||
-           strcmp(needle->passwd, check->passwd)) {
+           strcmp(needle->passwd, check->passwd) ||
+           !Curl_safecmp(needle->xoauth2_bearer, check->xoauth2_bearer)) {
           /* one of them was different */
           continue;
         }
Index: curl-7.37.0/lib/vtls/vtls.c
===================================================================
--- curl-7.37.0.orig/lib/vtls/vtls.c
+++ curl-7.37.0/lib/vtls/vtls.c
@@ -107,12 +107,12 @@ Curl_ssl_config_matches(struct ssl_confi
   if((data->version == needle->version) &&
      (data->verifypeer == needle->verifypeer) &&
      (data->verifyhost == needle->verifyhost) &&
-     safe_strequal(data->CApath, needle->CApath) &&
-     safe_strequal(data->CAfile, needle->CAfile) &&
-     safe_strequal(data->issuercert, needle->issuercert) &&
-     safe_strequal(data->clientcert, needle->clientcert) &&
-     safe_strequal(data->random_file, needle->random_file) &&
-     safe_strequal(data->egdsocket, needle->egdsocket) &&
+     Curl_safecmp(data->CApath, needle->CApath) &&
+     Curl_safecmp(data->CAfile, needle->CAfile) &&
+     Curl_safecmp(data->issuercert, needle->issuercert) &&
+     Curl_safecmp(data->clientcert, needle->clientcert) &&
+     Curl_safecmp(data->random_file, needle->random_file) &&
+     Curl_safecmp(data->egdsocket, needle->egdsocket) &&
      safe_strequal(data->cipher_list, needle->cipher_list))
     return TRUE;
 
Index: curl-7.37.0/lib/rawstr.c
===================================================================
--- curl-7.37.0.orig/lib/rawstr.c
+++ curl-7.37.0/lib/rawstr.c
@@ -140,3 +140,13 @@ void Curl_strntoupper(char *dest, const
     *dest++ = Curl_raw_toupper(*src);
   } while(*src++ && --n);
 }
+
+/* Compare case-sensitive NUL-terminated strings, taking care of possible
+ * null pointers. Return true if arguments match.
+ */
+bool Curl_safecmp(char *a, char *b)
+{
+  if(a && b)
+    return !strcmp(a, b);
+  return !a && !b;
+}
\ No newline at end of file
Index: curl-7.37.0/lib/rawstr.h
===================================================================
--- curl-7.37.0.orig/lib/rawstr.h
+++ curl-7.37.0/lib/rawstr.h
@@ -42,6 +42,7 @@ char Curl_raw_toupper(char in);
 #define checkprefix(a,b)    Curl_raw_nequal(a,b,strlen(a))
 
 void Curl_strntoupper(char *dest, const char *src, size_t n);
+bool Curl_safecmp(char *a, char *b);
 
 #endif /* HEADER_CURL_RAWSTR_H */