diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2021-03-19 12:38:49 +0100 |
|---|---|---|
| committer | Paul Gevers <elbrus@debian.org> | 2021-06-25 20:59:54 +0200 |
| commit | 62039b2528d3cdd62070148aba746091b4ecb3d4 (patch) | |
| tree | cd9456f1acf840bf9fcf47610318f344b812bc03 /lib/vtls/schannel.c | |
| parent | 66cc4260f03022284068105bb0198658398d8a8b (diff) | |
vtls: add 'isproxy' argument to Curl_ssl_get/addsessionid()
Origin: https://github.com/curl/curl/commit/b09c8ee15771c614c4bf3ddac893cdb12187c844
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-22890
To make sure we set and extract the correct session.
Reported-by: Mingtao Yang
Bug: https://curl.se/docs/CVE-2021-22890.html
CVE-2021-22890
[Salvatore Bonaccorso: Backport to 7.74.0 for context changes]
Gbp-Pq: Name 15_vtls-add-isproxy-argument-to-Curl_ssl_get-addsession.patch
Diffstat (limited to 'lib/vtls/schannel.c')
| -rw-r--r-- | lib/vtls/schannel.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c index d7bc3891..c1a454e7 100644 --- a/lib/vtls/schannel.c +++ b/lib/vtls/schannel.c @@ -494,7 +494,9 @@ schannel_connect_step1(struct connectdata *conn, int sockindex) /* check for an existing re-usable credential handle */ if(SSL_SET_OPTION(primary.sessionid)) { Curl_ssl_sessionid_lock(conn); - if(!Curl_ssl_getsessionid(conn, (void **)&old_cred, NULL, sockindex)) { + if(!Curl_ssl_getsessionid(conn, + SSL_IS_PROXY() ? TRUE : FALSE, + (void **)&old_cred, NULL, sockindex)) { BACKEND->cred = old_cred; DEBUGF(infof(data, "schannel: re-using existing credential handle\n")); @@ -1334,8 +1336,9 @@ schannel_connect_step3(struct connectdata *conn, int sockindex) struct ssl_connect_data *connssl = &conn->ssl[sockindex]; SECURITY_STATUS sspi_status = SEC_E_OK; CERT_CONTEXT *ccert_context = NULL; + bool isproxy = SSL_IS_PROXY(); #ifdef DEBUGBUILD - const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name : + const char * const hostname = isproxy ? conn->http_proxy.host.name : conn->host.name; #endif #ifdef HAS_ALPN @@ -1411,7 +1414,7 @@ schannel_connect_step3(struct connectdata *conn, int sockindex) struct Curl_schannel_cred *old_cred = NULL; Curl_ssl_sessionid_lock(conn); - incache = !(Curl_ssl_getsessionid(conn, (void **)&old_cred, NULL, + incache = !(Curl_ssl_getsessionid(conn, isproxy, (void **)&old_cred, NULL, sockindex)); if(incache) { if(old_cred != BACKEND->cred) { @@ -1423,7 +1426,7 @@ schannel_connect_step3(struct connectdata *conn, int sockindex) } } if(!incache) { - result = Curl_ssl_addsessionid(conn, (void *)BACKEND->cred, + result = Curl_ssl_addsessionid(conn, isproxy, (void *)BACKEND->cred, sizeof(struct Curl_schannel_cred), sockindex); if(result) { |