* [dunfell][PATCH] curl: Patch CVE-2021-22876 & CVE-2021-22890
@ 2021-04-06 12:53 Mike Crowe
0 siblings, 0 replies; only message in thread
From: Mike Crowe @ 2021-04-06 12:53 UTC (permalink / raw)
To: openembedded-core; +Cc: Mike Crowe
Take patches from Ubuntu 20.04 7.68.0-1ubuntu2.5, which is close enough
that they apply without conflicts.
Signed-off-by: Mike Crowe <mac@mcrowe.com>
---
.../curl/curl/CVE-2021-22876.patch | 59 +++
.../curl/curl/CVE-2021-22890.patch | 464 ++++++++++++++++++
meta/recipes-support/curl/curl_7.69.1.bb | 2 +
3 files changed, 525 insertions(+)
create mode 100644 meta/recipes-support/curl/curl/CVE-2021-22876.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2021-22890.patch
diff --git a/meta/recipes-support/curl/curl/CVE-2021-22876.patch b/meta/recipes-support/curl/curl/CVE-2021-22876.patch
new file mode 100644
index 0000000000..fc396aabef
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2021-22876.patch
@@ -0,0 +1,59 @@
+transfer: strip credentials from the auto-referer header field
+
+CVE-2021-22876
+
+Patch taken from Ubuntu curl 7.68.0-1ubuntu2.5.
+
+Bug: https://curl.se/docs/CVE-2021-22876.html
+Upstream-Status: backport
+---
+ lib/transfer.c | 25 +++++++++++++++++++++++--
+ 1 file changed, 23 insertions(+), 2 deletions(-)
+
+diff --git a/lib/transfer.c b/lib/transfer.c
+index e76834eb3..744e1c00b 100644
+--- a/lib/transfer.c
++++ b/lib/transfer.c
+@@ -1570,6 +1570,9 @@ CURLcode Curl_follow(struct Curl_easy *data,
+ data->set.followlocation++; /* count location-followers */
+
+ if(data->set.http_auto_referer) {
++ CURLU *u;
++ char *referer;
++
+ /* We are asked to automatically set the previous URL as the referer
+ when we get the next URL. We pick the ->url field, which may or may
+ not be 100% correct */
+@@ -1579,9 +1582,27 @@ CURLcode Curl_follow(struct Curl_easy *data,
+ data->change.referer_alloc = FALSE;
+ }
+
+- data->change.referer = strdup(data->change.url);
+- if(!data->change.referer)
++ /* Make a copy of the URL without crenditals and fragment */
++ u = curl_url();
++ if(!u)
++ return CURLE_OUT_OF_MEMORY;
++
++ uc = curl_url_set(u, CURLUPART_URL, data->change.url, 0);
++ if(!uc)
++ uc = curl_url_set(u, CURLUPART_FRAGMENT, NULL, 0);
++ if(!uc)
++ uc = curl_url_set(u, CURLUPART_USER, NULL, 0);
++ if(!uc)
++ uc = curl_url_set(u, CURLUPART_PASSWORD, NULL, 0);
++ if(!uc)
++ uc = curl_url_get(u, CURLUPART_URL, &referer, 0);
++
++ curl_url_cleanup(u);
++
++ if(uc || referer == NULL)
+ return CURLE_OUT_OF_MEMORY;
++
++ data->change.referer = referer;
+ data->change.referer_alloc = TRUE; /* yes, free this later */
+ }
+ }
+--
+2.20.1
+
diff --git a/meta/recipes-support/curl/curl/CVE-2021-22890.patch b/meta/recipes-support/curl/curl/CVE-2021-22890.patch
new file mode 100644
index 0000000000..8c0ecbfe7f
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2021-22890.patch
@@ -0,0 +1,464 @@
+vtls: add 'isproxy' argument to Curl_ssl_get/addsessionid()
+
+To make sure we set and extract the correct session.
+
+Patch taken from Ubuntu curl 7.68.0-1ubuntu2.5.
+
+CVE-2021-22890
+
+Reported-by: Mingtao Yang
+Bug: https://curl.se/docs/CVE-2021-22890.html
+Upstream-Status: backport
+---
+ lib/vtls/bearssl.c | 9 +++++---
+ lib/vtls/gtls.c | 9 +++++---
+ lib/vtls/mbedtls.c | 8 ++++---
+ lib/vtls/mesalink.c | 9 +++++---
+ lib/vtls/openssl.c | 52 ++++++++++++++++++++++++++++++++++----------
+ lib/vtls/schannel.c | 10 +++++----
+ lib/vtls/sectransp.c | 9 ++++----
+ lib/vtls/vtls.c | 9 ++++++--
+ lib/vtls/vtls.h | 2 ++
+ lib/vtls/wolfssl.c | 8 ++++---
+ 10 files changed, 88 insertions(+), 37 deletions(-)
+
+diff --git a/lib/vtls/bearssl.c b/lib/vtls/bearssl.c
+index 67f945831..32cb0a4c2 100644
+--- a/lib/vtls/bearssl.c
++++ b/lib/vtls/bearssl.c
+@@ -372,7 +372,8 @@ static CURLcode bearssl_connect_step1(struct connectdata *conn, int sockindex)
+ void *session;
+
+ Curl_ssl_sessionid_lock(conn);
+- if(!Curl_ssl_getsessionid(conn, &session, NULL, sockindex)) {
++ if(!Curl_ssl_getsessionid(conn, SSL_IS_PROXY() ? TRUE : FALSE,
++ &session, NULL, sockindex)) {
+ br_ssl_engine_set_session_parameters(&BACKEND->ctx.eng, session);
+ infof(data, "BearSSL: re-using session ID\n");
+ }
+@@ -560,10 +561,12 @@ static CURLcode bearssl_connect_step3(struct connectdata *conn, int sockindex)
+ return CURLE_OUT_OF_MEMORY;
+ br_ssl_engine_get_session_parameters(&BACKEND->ctx.eng, session);
+ Curl_ssl_sessionid_lock(conn);
+- incache = !(Curl_ssl_getsessionid(conn, &oldsession, NULL, sockindex));
++ incache = !(Curl_ssl_getsessionid(conn, SSL_IS_PROXY() ? TRUE : FALSE,
++ &oldsession, NULL, sockindex));
+ if(incache)
+ Curl_ssl_delsessionid(conn, oldsession);
+- ret = Curl_ssl_addsessionid(conn, session, 0, sockindex);
++ ret = Curl_ssl_addsessionid(conn, SSL_IS_PROXY() ? TRUE : FALSE,
++ session, 0, sockindex);
+ Curl_ssl_sessionid_unlock(conn);
+ if(ret) {
+ free(session);
+diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
+index 5f740eeba..46e149c7d 100644
+--- a/lib/vtls/gtls.c
++++ b/lib/vtls/gtls.c
+@@ -937,7 +937,8 @@ gtls_connect_step1(struct connectdata *conn,
+ size_t ssl_idsize;
+
+ Curl_ssl_sessionid_lock(conn);
+- if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, &ssl_idsize, sockindex)) {
++ if(!Curl_ssl_getsessionid(conn, SSL_IS_PROXY() ? TRUE : FALSE,
++ &ssl_sessionid, &ssl_idsize, sockindex)) {
+ /* we got a session id, use it! */
+ gnutls_session_set_data(session, ssl_sessionid, ssl_idsize);
+
+@@ -1485,7 +1486,8 @@ gtls_connect_step3(struct connectdata *conn,
+ gnutls_session_get_data(session, connect_sessionid, &connect_idsize);
+
+ Curl_ssl_sessionid_lock(conn);
+- incache = !(Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL,
++ incache = !(Curl_ssl_getsessionid(conn, SSL_IS_PROXY() ? TRUE : FALSE,
++ &ssl_sessionid, NULL,
+ sockindex));
+ if(incache) {
+ /* there was one before in the cache, so instead of risking that the
+@@ -1494,7 +1496,8 @@ gtls_connect_step3(struct connectdata *conn,
+ }
+
+ /* store this session id */
+- result = Curl_ssl_addsessionid(conn, connect_sessionid, connect_idsize,
++ result = Curl_ssl_addsessionid(conn, SSL_IS_PROXY() ? TRUE : FALSE,
++ connect_sessionid, connect_idsize,
+ sockindex);
+ Curl_ssl_sessionid_unlock(conn);
+ if(result) {
+diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c
+index f057315f3..19df8478e 100644
+--- a/lib/vtls/mbedtls.c
++++ b/lib/vtls/mbedtls.c
+@@ -453,7 +453,8 @@ mbed_connect_step1(struct connectdata *conn,
+ void *old_session = NULL;
+
+ Curl_ssl_sessionid_lock(conn);
+- if(!Curl_ssl_getsessionid(conn, &old_session, NULL, sockindex)) {
++ if(!Curl_ssl_getsessionid(conn, SSL_IS_PROXY() ? TRUE : FALSE,
++ &old_session, NULL, sockindex)) {
+ ret = mbedtls_ssl_set_session(&BACKEND->ssl, old_session);
+ if(ret) {
+ Curl_ssl_sessionid_unlock(conn);
+@@ -709,6 +710,7 @@ mbed_connect_step3(struct connectdata *conn,
+ int ret;
+ mbedtls_ssl_session *our_ssl_sessionid;
+ void *old_ssl_sessionid = NULL;
++ bool isproxy = SSL_IS_PROXY() ? TRUE : FALSE;
+
+ our_ssl_sessionid = malloc(sizeof(mbedtls_ssl_session));
+ if(!our_ssl_sessionid)
+@@ -727,10 +729,10 @@ mbed_connect_step3(struct connectdata *conn,
+
+ /* If there's already a matching session in the cache, delete it */
+ Curl_ssl_sessionid_lock(conn);
+- if(!Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL, sockindex))
++ if(!Curl_ssl_getsessionid(conn, isproxy, &old_ssl_sessionid, NULL, sockindex))
+ Curl_ssl_delsessionid(conn, old_ssl_sessionid);
+
+- retcode = Curl_ssl_addsessionid(conn, our_ssl_sessionid, 0, sockindex);
++ retcode = Curl_ssl_addsessionid(conn, isproxy, our_ssl_sessionid, 0, sockindex);
+ Curl_ssl_sessionid_unlock(conn);
+ if(retcode) {
+ mbedtls_ssl_session_free(our_ssl_sessionid);
+diff --git a/lib/vtls/mesalink.c b/lib/vtls/mesalink.c
+index cab1e390b..79d1e3dfa 100644
+--- a/lib/vtls/mesalink.c
++++ b/lib/vtls/mesalink.c
+@@ -263,7 +263,8 @@ mesalink_connect_step1(struct connectdata *conn, int sockindex)
+ void *ssl_sessionid = NULL;
+
+ Curl_ssl_sessionid_lock(conn);
+- if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL, sockindex)) {
++ if(!Curl_ssl_getsessionid(conn, SSL_IS_PROXY() ? TRUE : FALSE,
++ &ssl_sessionid, NULL, sockindex)) {
+ /* we got a session id, use it! */
+ if(!SSL_set_session(BACKEND->handle, ssl_sessionid)) {
+ Curl_ssl_sessionid_unlock(conn);
+@@ -347,12 +348,14 @@ mesalink_connect_step3(struct connectdata *conn, int sockindex)
+ bool incache;
+ SSL_SESSION *our_ssl_sessionid;
+ void *old_ssl_sessionid = NULL;
++ bool inproxy = SSL_IS_PROXY() ? TRUE : FALSE;
+
+ our_ssl_sessionid = SSL_get_session(BACKEND->handle);
+
+ Curl_ssl_sessionid_lock(conn);
+ incache =
+- !(Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL, sockindex));
++ !(Curl_ssl_getsessionid(conn, isproxy, &old_ssl_sessionid,
++ NULL, sockindex));
+ if(incache) {
+ if(old_ssl_sessionid != our_ssl_sessionid) {
+ infof(data, "old SSL session ID is stale, removing\n");
+@@ -363,7 +366,7 @@ mesalink_connect_step3(struct connectdata *conn, int sockindex)
+
+ if(!incache) {
+ result = Curl_ssl_addsessionid(
+- conn, our_ssl_sessionid, 0 /* unknown size */, sockindex);
++ conn, isproxy, our_ssl_sessionid, 0 /* unknown size */, sockindex);
+ if(result) {
+ Curl_ssl_sessionid_unlock(conn);
+ failf(data, "failed to store ssl session");
+diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
+index 1d09cadca..64f43605a 100644
+--- a/lib/vtls/openssl.c
++++ b/lib/vtls/openssl.c
+@@ -422,12 +422,23 @@ static int ossl_get_ssl_conn_index(void)
+ */
+ static int ossl_get_ssl_sockindex_index(void)
+ {
+- static int ssl_ex_data_sockindex_index = -1;
+- if(ssl_ex_data_sockindex_index < 0) {
+- ssl_ex_data_sockindex_index = SSL_get_ex_new_index(0, NULL, NULL, NULL,
+- NULL);
++ static int sockindex_index = -1;
++ if(sockindex_index < 0) {
++ sockindex_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
+ }
+- return ssl_ex_data_sockindex_index;
++ return sockindex_index;
++}
++
++/* Return an extra data index for proxy boolean.
++ * This index can be used with SSL_get_ex_data() and SSL_set_ex_data().
++ */
++static int ossl_get_proxy_index(void)
++{
++ static int proxy_index = -1;
++ if(proxy_index < 0) {
++ proxy_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
++ }
++ return proxy_index;
+ }
+
+ static int passwd_callback(char *buf, int num, int encrypting,
+@@ -1079,7 +1090,8 @@ static int Curl_ossl_init(void)
+ #endif
+
+ /* Initialize the extra data indexes */
+- if(ossl_get_ssl_conn_index() < 0 || ossl_get_ssl_sockindex_index() < 0)
++ if(ossl_get_ssl_conn_index() < 0 || ossl_get_ssl_sockindex_index() < 0 ||
++ ossl_get_proxy_index() < 0)
+ return 0;
+
+ return 1;
+@@ -2341,8 +2353,10 @@ static int ossl_new_session_cb(SSL *ssl, SSL_SESSION *ssl_sessionid)
+ curl_socket_t *sockindex_ptr;
+ int connectdata_idx = ossl_get_ssl_conn_index();
+ int sockindex_idx = ossl_get_ssl_sockindex_index();
++ int proxy_idx = ossl_get_proxy_index();
++ bool isproxy;
+
+- if(connectdata_idx < 0 || sockindex_idx < 0)
++ if(connectdata_idx < 0 || sockindex_idx < 0 || proxy_idx < 0)
+ return 0;
+
+ conn = (struct connectdata*) SSL_get_ex_data(ssl, connectdata_idx);
+@@ -2355,13 +2369,18 @@ static int ossl_new_session_cb(SSL *ssl, SSL_SESSION *ssl_sessionid)
+ sockindex_ptr = (curl_socket_t*) SSL_get_ex_data(ssl, sockindex_idx);
+ sockindex = (int)(sockindex_ptr - conn->sock);
+
++ isproxy = SSL_get_ex_data(ssl, proxy_idx) ? TRUE : FALSE;
++
+ if(SSL_SET_OPTION(primary.sessionid)) {
+ bool incache;
+ void *old_ssl_sessionid = NULL;
+
+ Curl_ssl_sessionid_lock(conn);
+- incache = !(Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL,
+- sockindex));
++ if(isproxy)
++ incache = FALSE;
++ else
++ incache = !(Curl_ssl_getsessionid(conn, isproxy,
++ &old_ssl_sessionid, NULL, sockindex));
+ if(incache) {
+ if(old_ssl_sessionid != ssl_sessionid) {
+ infof(data, "old SSL session ID is stale, removing\n");
+@@ -2371,7 +2390,7 @@ static int ossl_new_session_cb(SSL *ssl, SSL_SESSION *ssl_sessionid)
+ }
+
+ if(!incache) {
+- if(!Curl_ssl_addsessionid(conn, ssl_sessionid,
++ if(!Curl_ssl_addsessionid(conn, isproxy, ssl_sessionid,
+ 0 /* unknown size */, sockindex)) {
+ /* the session has been put into the session cache */
+ res = 1;
+@@ -2868,16 +2887,25 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
+ void *ssl_sessionid = NULL;
+ int connectdata_idx = ossl_get_ssl_conn_index();
+ int sockindex_idx = ossl_get_ssl_sockindex_index();
++ int proxy_idx = ossl_get_proxy_index();
+
+- if(connectdata_idx >= 0 && sockindex_idx >= 0) {
++ if(connectdata_idx >= 0 && sockindex_idx >= 0 && proxy_idx >= 0) {
+ /* Store the data needed for the "new session" callback.
+ * The sockindex is stored as a pointer to an array element. */
+ SSL_set_ex_data(BACKEND->handle, connectdata_idx, conn);
+ SSL_set_ex_data(BACKEND->handle, sockindex_idx, conn->sock + sockindex);
++#ifndef CURL_DISABLE_PROXY
++ SSL_set_ex_data(BACKEND->handle, proxy_idx, SSL_IS_PROXY() ? (void *) 1:
++ NULL);
++#else
++ SSL_set_ex_data(BACKEND->handle, proxy_idx, NULL);
++#endif
++
+ }
+
+ Curl_ssl_sessionid_lock(conn);
+- if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL, sockindex)) {
++ if(!Curl_ssl_getsessionid(conn, SSL_IS_PROXY() ? TRUE : FALSE,
++ &ssl_sessionid, NULL, sockindex)) {
+ /* we got a session id, use it! */
+ if(!SSL_set_session(BACKEND->handle, ssl_sessionid)) {
+ Curl_ssl_sessionid_unlock(conn);
+diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c
+index f665ee340..a354ce95d 100644
+--- a/lib/vtls/schannel.c
++++ b/lib/vtls/schannel.c
+@@ -487,7 +487,8 @@ schannel_connect_step1(struct connectdata *conn, int sockindex)
+ /* check for an existing re-usable credential handle */
+ if(SSL_SET_OPTION(primary.sessionid)) {
+ Curl_ssl_sessionid_lock(conn);
+- if(!Curl_ssl_getsessionid(conn, (void **)&old_cred, NULL, sockindex)) {
++ if(!Curl_ssl_getsessionid(conn, SSL_IS_PROXY() ? TRUE : FALSE,
++ (void **)&old_cred, NULL, sockindex)) {
+ BACKEND->cred = old_cred;
+ DEBUGF(infof(data, "schannel: re-using existing credential handle\n"));
+
+@@ -1193,8 +1194,9 @@ schannel_connect_step3(struct connectdata *conn, int sockindex)
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ SECURITY_STATUS sspi_status = SEC_E_OK;
+ CERT_CONTEXT *ccert_context = NULL;
++ bool isproxy = SSL_IS_PROXY();
+ #ifdef DEBUGBUILD
+- const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
++ const char * const hostname = isproxy ? conn->http_proxy.host.name :
+ conn->host.name;
+ #endif
+ #ifdef HAS_ALPN
+@@ -1268,7 +1270,7 @@ schannel_connect_step3(struct connectdata *conn, int sockindex)
+ struct curl_schannel_cred *old_cred = NULL;
+
+ Curl_ssl_sessionid_lock(conn);
+- incache = !(Curl_ssl_getsessionid(conn, (void **)&old_cred, NULL,
++ incache = !(Curl_ssl_getsessionid(conn, isproxy, (void **)&old_cred, NULL,
+ sockindex));
+ if(incache) {
+ if(old_cred != BACKEND->cred) {
+@@ -1280,7 +1282,7 @@ schannel_connect_step3(struct connectdata *conn, int sockindex)
+ }
+ }
+ if(!incache) {
+- result = Curl_ssl_addsessionid(conn, (void *)BACKEND->cred,
++ result = Curl_ssl_addsessionid(conn, isproxy, (void *)BACKEND->cred,
+ sizeof(struct curl_schannel_cred),
+ sockindex);
+ if(result) {
+diff --git a/lib/vtls/sectransp.c b/lib/vtls/sectransp.c
+index 7dd028fb7..9c67d465a 100644
+--- a/lib/vtls/sectransp.c
++++ b/lib/vtls/sectransp.c
+@@ -1376,7 +1376,8 @@ static CURLcode sectransp_connect_step1(struct connectdata *conn,
+ const char * const ssl_cafile = SSL_CONN_CONFIG(CAfile);
+ const bool verifypeer = SSL_CONN_CONFIG(verifypeer);
+ char * const ssl_cert = SSL_SET_OPTION(cert);
+- const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
++ bool isproxy = SSL_IS_PROXY();
++ const char * const hostname = isproxy ? conn->http_proxy.host.name :
+ conn->host.name;
+ const long int port = SSL_IS_PROXY() ? conn->port : conn->remote_port;
+ #ifdef ENABLE_IPV6
+@@ -1584,7 +1585,7 @@ static CURLcode sectransp_connect_step1(struct connectdata *conn,
+
+ #ifdef USE_NGHTTP2
+ if(data->set.httpversion >= CURL_HTTP_VERSION_2 &&
+- (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)) {
++ (!isproxy || !conn->bits.tunnel_proxy)) {
+ CFArrayAppendValue(alpnArr, CFSTR(NGHTTP2_PROTO_VERSION_ID));
+ infof(data, "ALPN, offering %s\n", NGHTTP2_PROTO_VERSION_ID);
+ }
+@@ -1916,7 +1917,7 @@ static CURLcode sectransp_connect_step1(struct connectdata *conn,
+ size_t ssl_sessionid_len;
+
+ Curl_ssl_sessionid_lock(conn);
+- if(!Curl_ssl_getsessionid(conn, (void **)&ssl_sessionid,
++ if(!Curl_ssl_getsessionid(conn, isproxy, (void **)&ssl_sessionid,
+ &ssl_sessionid_len, sockindex)) {
+ /* we got a session id, use it! */
+ err = SSLSetPeerID(BACKEND->ssl_ctx, ssl_sessionid, ssl_sessionid_len);
+@@ -1944,7 +1945,7 @@ static CURLcode sectransp_connect_step1(struct connectdata *conn,
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+- result = Curl_ssl_addsessionid(conn, ssl_sessionid, ssl_sessionid_len,
++ result = Curl_ssl_addsessionid(conn, isproxy, ssl_sessionid, ssl_sessionid_len,
+ sockindex);
+ Curl_ssl_sessionid_unlock(conn);
+ if(result) {
+diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c
+index dfefa1bd5..aaf73ef8f 100644
+--- a/lib/vtls/vtls.c
++++ b/lib/vtls/vtls.c
+@@ -305,6 +305,7 @@ void Curl_ssl_sessionid_unlock(struct connectdata *conn)
+ * there's one suitable, it is provided. Returns TRUE when no entry matched.
+ */
+ bool Curl_ssl_getsessionid(struct connectdata *conn,
++ const bool isProxy,
+ void **ssl_sessionid,
+ size_t *idsize, /* set 0 if unknown */
+ int sockindex)
+@@ -315,7 +316,6 @@ bool Curl_ssl_getsessionid(struct connectdata *conn,
+ long *general_age;
+ bool no_match = TRUE;
+
+- const bool isProxy = CONNECT_PROXY_SSL();
+ struct ssl_primary_config * const ssl_config = isProxy ?
+ &conn->proxy_ssl_config :
+ &conn->ssl_config;
+@@ -324,6 +324,11 @@ bool Curl_ssl_getsessionid(struct connectdata *conn,
+ int port = isProxy ? (int)conn->port : conn->remote_port;
+ *ssl_sessionid = NULL;
+
++#ifdef CURL_DISABLE_PROXY
++ if(isProxy)
++ return TRUE;
++#endif
++
+ DEBUGASSERT(SSL_SET_OPTION(primary.sessionid));
+
+ if(!SSL_SET_OPTION(primary.sessionid))
+@@ -411,6 +416,7 @@ void Curl_ssl_delsessionid(struct connectdata *conn, void *ssl_sessionid)
+ * later on.
+ */
+ CURLcode Curl_ssl_addsessionid(struct connectdata *conn,
++ bool isProxy,
+ void *ssl_sessionid,
+ size_t idsize,
+ int sockindex)
+@@ -423,7 +429,6 @@ CURLcode Curl_ssl_addsessionid(struct connectdata *conn,
+ char *clone_conn_to_host;
+ int conn_to_port;
+ long *general_age;
+- const bool isProxy = CONNECT_PROXY_SSL();
+ struct ssl_primary_config * const ssl_config = isProxy ?
+ &conn->proxy_ssl_config :
+ &conn->ssl_config;
+diff --git a/lib/vtls/vtls.h b/lib/vtls/vtls.h
+index a81b2f22d..a5e348752 100644
+--- a/lib/vtls/vtls.h
++++ b/lib/vtls/vtls.h
+@@ -202,6 +202,7 @@ void Curl_ssl_sessionid_unlock(struct connectdata *conn);
+ * under sessionid mutex).
+ */
+ bool Curl_ssl_getsessionid(struct connectdata *conn,
++ const bool isproxy,
+ void **ssl_sessionid,
+ size_t *idsize, /* set 0 if unknown */
+ int sockindex);
+@@ -211,6 +212,7 @@ bool Curl_ssl_getsessionid(struct connectdata *conn,
+ * object with cache (e.g. incrementing refcount on success)
+ */
+ CURLcode Curl_ssl_addsessionid(struct connectdata *conn,
++ const bool isProxy,
+ void *ssl_sessionid,
+ size_t idsize,
+ int sockindex);
+diff --git a/lib/vtls/wolfssl.c b/lib/vtls/wolfssl.c
+index 8c2d3f4a2..dd9f907ff 100644
+--- a/lib/vtls/wolfssl.c
++++ b/lib/vtls/wolfssl.c
+@@ -392,7 +392,8 @@ wolfssl_connect_step1(struct connectdata *conn,
+ void *ssl_sessionid = NULL;
+
+ Curl_ssl_sessionid_lock(conn);
+- if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL, sockindex)) {
++ if(!Curl_ssl_getsessionid(conn, SSL_IS_PROXY() ? TRUE : FALSE,
++ &ssl_sessionid, NULL, sockindex)) {
+ /* we got a session id, use it! */
+ if(!SSL_set_session(BACKEND->handle, ssl_sessionid)) {
+ char error_buffer[WOLFSSL_MAX_ERROR_SZ];
+@@ -618,9 +619,10 @@ wolfssl_connect_step3(struct connectdata *conn,
+ void *old_ssl_sessionid = NULL;
+
+ our_ssl_sessionid = SSL_get_session(BACKEND->handle);
++ bool isproxy = SSL_IS_PROXY() ? TRUE : FALSE;
+
+ Curl_ssl_sessionid_lock(conn);
+- incache = !(Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL,
++ incache = !(Curl_ssl_getsessionid(conn, isproxy, &old_ssl_sessionid, NULL,
+ sockindex));
+ if(incache) {
+ if(old_ssl_sessionid != our_ssl_sessionid) {
+@@ -631,7 +633,7 @@ wolfssl_connect_step3(struct connectdata *conn,
+ }
+
+ if(!incache) {
+- result = Curl_ssl_addsessionid(conn, our_ssl_sessionid,
++ result = Curl_ssl_addsessionid(conn, isproxy, our_ssl_sessionid,
+ 0 /* unknown size */, sockindex);
+ if(result) {
+ Curl_ssl_sessionid_unlock(conn);
+--
+2.20.1
+
diff --git a/meta/recipes-support/curl/curl_7.69.1.bb b/meta/recipes-support/curl/curl_7.69.1.bb
index 4cc35c2c51..13ab29cf69 100644
--- a/meta/recipes-support/curl/curl_7.69.1.bb
+++ b/meta/recipes-support/curl/curl_7.69.1.bb
@@ -17,6 +17,8 @@ SRC_URI = "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \
file://CVE-2020-8284.patch \
file://CVE-2020-8285.patch \
file://CVE-2020-8286.patch \
+ file://CVE-2021-22876.patch \
+ file://CVE-2021-22890.patch \
"
SRC_URI[md5sum] = "ec5fc263f898a3dfef08e805f1ecca42"
--
2.20.1
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2021-04-06 12:54 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-06 12:53 [dunfell][PATCH] curl: Patch CVE-2021-22876 & CVE-2021-22890 Mike Crowe
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.