vtls: add 'isproxy' argument to Curl_ssl_get/addsessionid()

Origin: https://github.com/curl/curl/commit/b09c8ee15771c614c4bf3ddac893cdb12187c844
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-22890

To make sure we set and extract the correct session.

Reported-by: Mingtao Yang
Bug: https://curl.se/docs/CVE-2021-22890.html

CVE-2021-22890

[Salvatore Bonaccorso: Backport to 7.74.0 for context changes]

Gbp-Pq: Name 15_vtls-add-isproxy-argument-to-Curl_ssl_get-addsession.patch

1 files changed, 2 insertions, 0 deletions

diff --git a/lib/vtls/vtls.h b/lib/vtls/vtls.h
index f4cab998..5514f945 100644
--- a/lib/vtls/vtls.h
+++ b/lib/vtls/vtls.h
@@ -217,6 +217,7 @@ void Curl_ssl_sessionid_unlock(struct connectdata *conn);
  * under sessionid mutex).
  */
 bool Curl_ssl_getsessionid(struct connectdata *conn,
+                           const bool isproxy,
                            void **ssl_sessionid,
                            size_t *idsize, /* set 0 if unknown */
                            int sockindex);
@@ -226,6 +227,7 @@ bool Curl_ssl_getsessionid(struct connectdata *conn,
  * object with cache (e.g. incrementing refcount on success)
  */
 CURLcode Curl_ssl_addsessionid(struct connectdata *conn,
+                               const bool isProxy,
                                void *ssl_sessionid,
                                size_t idsize,
                                int sockindex);