diff options
author | Daniel Stenberg <daniel@haxx.se> | 2021-03-19 12:38:49 +0100 |
---|---|---|
committer | Paul Gevers <elbrus@debian.org> | 2021-06-25 20:59:54 +0200 |
commit | 62039b2528d3cdd62070148aba746091b4ecb3d4 (patch) | |
tree | cd9456f1acf840bf9fcf47610318f344b812bc03 /lib/vtls/vtls.c | |
parent | 66cc4260f03022284068105bb0198658398d8a8b (diff) |
vtls: add 'isproxy' argument to Curl_ssl_get/addsessionid()
Origin: https://github.com/curl/curl/commit/b09c8ee15771c614c4bf3ddac893cdb12187c844
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-22890
To make sure we set and extract the correct session.
Reported-by: Mingtao Yang
Bug: https://curl.se/docs/CVE-2021-22890.html
CVE-2021-22890
[Salvatore Bonaccorso: Backport to 7.74.0 for context changes]
Gbp-Pq: Name 15_vtls-add-isproxy-argument-to-Curl_ssl_get-addsession.patch
Diffstat (limited to 'lib/vtls/vtls.c')
-rw-r--r-- | lib/vtls/vtls.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c index 3bd51fda..0881cb73 100644 --- a/lib/vtls/vtls.c +++ b/lib/vtls/vtls.c @@ -361,6 +361,7 @@ void Curl_ssl_sessionid_unlock(struct connectdata *conn) * there's one suitable, it is provided. Returns TRUE when no entry matched. */ bool Curl_ssl_getsessionid(struct connectdata *conn, + const bool isProxy, void **ssl_sessionid, size_t *idsize, /* set 0 if unknown */ int sockindex) @@ -372,7 +373,6 @@ bool Curl_ssl_getsessionid(struct connectdata *conn, bool no_match = TRUE; #ifndef CURL_DISABLE_PROXY - const bool isProxy = CONNECT_PROXY_SSL(); struct ssl_primary_config * const ssl_config = isProxy ? &conn->proxy_ssl_config : &conn->ssl_config; @@ -384,10 +384,15 @@ bool Curl_ssl_getsessionid(struct connectdata *conn, struct ssl_primary_config * const ssl_config = &conn->ssl_config; const char * const name = conn->host.name; int port = conn->remote_port; - (void)sockindex; #endif + (void)sockindex; *ssl_sessionid = NULL; +#ifdef CURL_DISABLE_PROXY + if(isProxy) + return TRUE; +#endif + DEBUGASSERT(SSL_SET_OPTION(primary.sessionid)); if(!SSL_SET_OPTION(primary.sessionid)) @@ -475,6 +480,7 @@ void Curl_ssl_delsessionid(struct connectdata *conn, void *ssl_sessionid) * later on. */ CURLcode Curl_ssl_addsessionid(struct connectdata *conn, + bool isProxy, void *ssl_sessionid, size_t idsize, int sockindex) @@ -488,7 +494,6 @@ CURLcode Curl_ssl_addsessionid(struct connectdata *conn, int conn_to_port; long *general_age; #ifndef CURL_DISABLE_PROXY - const bool isProxy = CONNECT_PROXY_SSL(); struct ssl_primary_config * const ssl_config = isProxy ? &conn->proxy_ssl_config : &conn->ssl_config; @@ -501,6 +506,7 @@ CURLcode Curl_ssl_addsessionid(struct connectdata *conn, const char *hostname = conn->host.name; (void)sockindex; #endif + (void)sockindex; DEBUGASSERT(SSL_SET_OPTION(primary.sessionid)); clone_host = strdup(hostname); |