Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP1:GA
curl.20435
curl-CVE-2021-22876.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File curl-CVE-2021-22876.patch of Package curl.20435
From 3dec1183be112e587f89edc059c1c11cf8fdc0ae Mon Sep 17 00:00:00 2001 From: Viktor Szakats <commit@vsz.me> Date: Tue, 23 Feb 2021 14:54:46 +0100 Subject: [PATCH] transfer: strip credentials from the auto-referer header field --- From f65d7889b5c8eeefbb9f41c7588199be18b38a20 Mon Sep 17 00:00:00 2001 From: Viktor Szakats <commit@vsz.me> Date: Fri, 19 Feb 2021 16:17:44 +0000 Subject: [PATCH] http: add new files missed from referrer commit --- From 6bb028dbda6cbfe83f66de773544f71e4813160f Mon Sep 17 00:00:00 2001 From: Daniel Stenberg <daniel@haxx.se> Date: Mon, 29 Mar 2021 09:32:14 +0200 Subject: [PATCH] transfer: clear 'referer' in declaration --- From fb30ac5a2d63773c529c19259754e2b306ac2e2e Mon Sep 17 00:00:00 2001 From: Daniel Stenberg <daniel@haxx.se> Date: Sun, 5 Aug 2018 11:51:07 +0200 Subject: [PATCH] URL-API Index: curl-7.60.0/lib/transfer.c =================================================================== --- curl-7.60.0.orig/lib/transfer.c +++ curl-7.60.0/lib/transfer.c @@ -1757,6 +1757,10 @@ CURLcode Curl_follow(struct Curl_easy *d data->set.followlocation++; /* count location-followers */ if(data->set.http_auto_referer) { + CURLU *u; + CURLUcode uc; + char *referer = NULL; + /* We are asked to automatically set the previous URL as the referer when we get the next URL. We pick the ->url field, which may or may not be 100% correct */ @@ -1766,9 +1770,27 @@ CURLcode Curl_follow(struct Curl_easy *d data->change.referer_alloc = FALSE; } - data->change.referer = strdup(data->change.url); - if(!data->change.referer) + /* Make a copy of the URL without crenditals and fragment */ + u = curl_url(); + if(!u) + return CURLE_OUT_OF_MEMORY; + + uc = curl_url_set(u, CURLUPART_URL, data->change.url, 0); + if(!uc) + uc = curl_url_set(u, CURLUPART_FRAGMENT, NULL, 0); + if(!uc) + uc = curl_url_set(u, CURLUPART_USER, NULL, 0); + if(!uc) + uc = curl_url_set(u, CURLUPART_PASSWORD, NULL, 0); + if(!uc) + uc = curl_url_get(u, CURLUPART_URL, &referer, 0); + + curl_url_cleanup(u); + + if(uc != CURLUE_OK || !referer) return CURLE_OUT_OF_MEMORY; + + data->change.referer = referer; data->change.referer_alloc = TRUE; /* yes, free this later */ } } Index: curl-7.60.0/tests/data/Makefile.inc =================================================================== --- curl-7.60.0.orig/tests/data/Makefile.inc +++ curl-7.60.0/tests/data/Makefile.inc @@ -196,5 +196,5 @@ test2056 test2057 test2058 test2059 test test2064 test2065 test2066 test2067 test2068 test2069 \ \ test2070 test2071 test2072 test2073 \ -\ +test2081 \ test3000 test3001 Index: curl-7.60.0/tests/data/test2081 =================================================================== --- /dev/null +++ curl-7.60.0/tests/data/test2081 @@ -0,0 +1,69 @@ +<testcase> +<info> +<keywords> +HTTP +HTTP GET +referer +followlocation +--write-out +</keywords> +</info> + +# Server-side +<reply> +<data nocheck="yes"> +HTTP/1.1 301 This is a weirdo text message swsclose +Location: data/20810002.txt?coolsite=yes +Content-Length: 62 +Connection: close + +This server reply is for testing a simple Location: following +</data> +</reply> + +# Client-side +<client> +<server> +http +</server> + <name> +Automatic referrer credential and anchor stripping check + </name> + <command> +http://user:pass@%HOSTIP:%HTTPPORT/we/want/our/2081#anchor --location --referer ';auto' +</command> +</client> + +# Verify data after the test has been "shot" +<verify> +<strip> +^User-Agent:.* +</strip> +<errorcode> +52 +</errorcode> +<protocol> +GET /we/want/our/2081 HTTP/1.1 +Host: %HOSTIP:%HTTPPORT +Authorization: Basic dXNlcjpwYXNz +User-Agent: curl/%VERSION +Accept: */* +Referer: + +GET /we/want/our/data/20810002.txt?coolsite=yes HTTP/1.1 +Host: %HOSTIP:%HTTPPORT +Authorization: Basic dXNlcjpwYXNz +User-Agent: curl/%VERSION +Accept: */* +Referer: http://%HOSTIP:%HTTPPORT/we/want/our/2081 + +</protocol> +<stdout> +HTTP/1.1 301 This is a weirdo text message swsclose +Location: data/20810002.txt?coolsite=yes +Content-Length: 62 +Connection: close + +</stdout> +</verify> +</testcase>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
