diff options
| author | Kamil Dudka <kdudka@redhat.com> | 2015-05-28 20:04:35 +0200 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2015-06-17 07:43:13 +0200 |
| commit | 24a8359b256f8a3d7892f21f156a4bf0a42710d5 (patch) | |
| tree | 7490da5df95227837ff2adbc272a4e2efffd696a | |
| parent | 24f0b6ebf7c4411ac9d82a6269d4c136856a1166 (diff) | |
| download | gnurl-24a8359b256f8a3d7892f21f156a4bf0a42710d5.tar.gz gnurl-24a8359b256f8a3d7892f21f156a4bf0a42710d5.tar.bz2 gnurl-24a8359b256f8a3d7892f21f156a4bf0a42710d5.zip | |
http: do not leak basic auth credentials on re-used connections
CVE-2015-3236
This partially reverts commit curl-7_39_0-237-g87c4abb
Reported-by: Tomas Tomecek, Kamil Dudka
Bug: http://curl.haxx.se/docs/adv_20150617A.html
| -rw-r--r-- | lib/http.c | 16 |
1 files changed, 4 insertions, 12 deletions
diff --git a/lib/http.c b/lib/http.c index 7a5137e86..e06c798e9 100644 --- a/lib/http.c +++ b/lib/http.c @@ -2312,20 +2312,12 @@ CURLcode Curl_http(struct connectdata *conn, bool *done) te ); - /* - * Free userpwd for Negotiate/NTLM. Cannot reuse as it is associated with - * the connection and shouldn't be repeated over it either. - */ - switch (data->state.authhost.picked) { - case CURLAUTH_NEGOTIATE: - case CURLAUTH_NTLM: - case CURLAUTH_NTLM_WB: - Curl_safefree(conn->allocptr.userpwd); - break; - } + /* clear userpwd to avoid re-using credentials from re-used connections */ + Curl_safefree(conn->allocptr.userpwd); /* - * Same for proxyuserpwd + * Free proxyuserpwd for Negotiate/NTLM. Cannot reuse as it is associated + * with the connection and shouldn't be repeated over it either. */ switch (data->state.authproxy.picked) { case CURLAUTH_NEGOTIATE: |