77 lines
2.7 KiB
Diff
77 lines
2.7 KiB
Diff
commit 247f6291b0ec7f43ba5a4c7521161372835d634d
|
|
Author: Daniel Stenberg <daniel@haxx.se>
|
|
Date: Mon May 9 23:13:53 2022 +0200
|
|
|
|
[Backport] url: check SSH config match on connection reuse
|
|
|
|
Offering: RTOS
|
|
CVE: CVE-2022-27782
|
|
Reference: upstream_commit_id=1645e9b44505abd5cbaf65da5282c3f33b5924a5
|
|
|
|
DTS/AR: DTS2022051305556
|
|
type: LTS
|
|
reason: fix CVE-2022-27782 for curl.
|
|
weblink:https://github.com/curl/curl/commit/1645e9b44505abd5cbaf65da5282c3f33b5924a5
|
|
|
|
CVE-2022-27782
|
|
|
|
Reported-by: Harry Sintonen
|
|
Bug: https://curl.se/docs/CVE-2022-27782.html
|
|
Closes #8825
|
|
|
|
Signed-off-by: jiahuasheng <jiahuasheng@h-partners.com>
|
|
|
|
diff --git a/lib/url.c b/lib/url.c
|
|
index fcebb62bb..0d74884c9 100644
|
|
--- a/lib/url.c
|
|
+++ b/lib/url.c
|
|
@@ -1089,6 +1089,12 @@ static void prune_dead_connections(struct Curl_easy *data)
|
|
}
|
|
}
|
|
|
|
+static bool ssh_config_matches(struct connectdata *one,
|
|
+ struct connectdata *two)
|
|
+{
|
|
+ return (Curl_safecmp(one->proto.sshc.rsa, two->proto.sshc.rsa) &&
|
|
+ Curl_safecmp(one->proto.sshc.rsa_pub, two->proto.sshc.rsa_pub));
|
|
+}
|
|
/*
|
|
* Given one filled in connection struct (named needle), this function should
|
|
* detect if there already is one that has all the significant details
|
|
@@ -1348,6 +1354,11 @@ ConnectionExists(struct Curl_easy *data,
|
|
(data->state.httpwant < CURL_HTTP_VERSION_2_0))
|
|
continue;
|
|
|
|
+ if(get_protocol_family(needle->handler) == PROTO_FAMILY_SSH) {
|
|
+ if(!ssh_config_matches(needle, check))
|
|
+ continue;
|
|
+ }
|
|
+
|
|
if((needle->handler->flags&PROTOPT_SSL)
|
|
#ifndef CURL_DISABLE_PROXY
|
|
|| !needle->bits.httpproxy || needle->bits.tunnel_proxy
|
|
diff --git a/lib/vssh/ssh.h b/lib/vssh/ssh.h
|
|
index 7972081ec..30d82e576 100644
|
|
--- a/lib/vssh/ssh.h
|
|
+++ b/lib/vssh/ssh.h
|
|
@@ -7,7 +7,7 @@
|
|
* | (__| |_| | _ <| |___
|
|
* \___|\___/|_| \_\_____|
|
|
*
|
|
- * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
|
|
+ * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
|
|
*
|
|
* This software is licensed as described in the file COPYING, which
|
|
* you should have received as part of this distribution. The terms
|
|
@@ -131,8 +131,8 @@ struct ssh_conn {
|
|
|
|
/* common */
|
|
const char *passphrase; /* pass-phrase to use */
|
|
- char *rsa_pub; /* path name */
|
|
- char *rsa; /* path name */
|
|
+ char *rsa_pub; /* strdup'ed public key file */
|
|
+ char *rsa; /* strdup'ed private key file */
|
|
bool authed; /* the connection has been authenticated fine */
|
|
bool acceptfail; /* used by the SFTP_QUOTE (continue if
|
|
quote command fails) */
|