diff options
author | Daniel Stenberg <daniel@haxx.se> | 2021-03-19 12:38:49 +0100 |
---|---|---|
committer | Paul Gevers <elbrus@debian.org> | 2021-06-25 20:59:54 +0200 |
commit | 62039b2528d3cdd62070148aba746091b4ecb3d4 (patch) | |
tree | cd9456f1acf840bf9fcf47610318f344b812bc03 /lib/vtls/mbedtls.c | |
parent | 66cc4260f03022284068105bb0198658398d8a8b (diff) |
vtls: add 'isproxy' argument to Curl_ssl_get/addsessionid()
Origin: https://github.com/curl/curl/commit/b09c8ee15771c614c4bf3ddac893cdb12187c844
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-22890
To make sure we set and extract the correct session.
Reported-by: Mingtao Yang
Bug: https://curl.se/docs/CVE-2021-22890.html
CVE-2021-22890
[Salvatore Bonaccorso: Backport to 7.74.0 for context changes]
Gbp-Pq: Name 15_vtls-add-isproxy-argument-to-Curl_ssl_get-addsession.patch
Diffstat (limited to 'lib/vtls/mbedtls.c')
-rw-r--r-- | lib/vtls/mbedtls.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c index 191315df..3985bc3c 100644 --- a/lib/vtls/mbedtls.c +++ b/lib/vtls/mbedtls.c @@ -464,7 +464,9 @@ mbed_connect_step1(struct connectdata *conn, void *old_session = NULL; Curl_ssl_sessionid_lock(conn); - if(!Curl_ssl_getsessionid(conn, &old_session, NULL, sockindex)) { + if(!Curl_ssl_getsessionid(conn, + SSL_IS_PROXY() ? TRUE : FALSE, + &old_session, NULL, sockindex)) { ret = mbedtls_ssl_set_session(&backend->ssl, old_session); if(ret) { Curl_ssl_sessionid_unlock(conn); @@ -727,6 +729,7 @@ mbed_connect_step3(struct connectdata *conn, int ret; mbedtls_ssl_session *our_ssl_sessionid; void *old_ssl_sessionid = NULL; + bool isproxy = SSL_IS_PROXY() ? TRUE : FALSE; our_ssl_sessionid = malloc(sizeof(mbedtls_ssl_session)); if(!our_ssl_sessionid) @@ -745,10 +748,12 @@ mbed_connect_step3(struct connectdata *conn, /* If there's already a matching session in the cache, delete it */ Curl_ssl_sessionid_lock(conn); - if(!Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL, sockindex)) + if(!Curl_ssl_getsessionid(conn, isproxy, &old_ssl_sessionid, NULL, + sockindex)) Curl_ssl_delsessionid(conn, old_ssl_sessionid); - retcode = Curl_ssl_addsessionid(conn, our_ssl_sessionid, 0, sockindex); + retcode = Curl_ssl_addsessionid(conn, isproxy, our_ssl_sessionid, 0, + sockindex); Curl_ssl_sessionid_unlock(conn); if(retcode) { mbedtls_ssl_session_free(our_ssl_sessionid); |