From 9fce2c55d4b0273ac99b59bd8cb982a6d96b88cf Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 17 Dec 2024 23:56:42 +0100
Subject: [PATCH] netrc: fix password-only entries

When a specific hostname matched, and only a password is set before
another machine is specified in the netrc file, the parser would not be
happy and stop there and return the password-only state. It instead
continued and did not return a match.

Add test 2005 to verify this case

Regression from e9b9bba, shipped in 8.11.1.

Reported-by: Ben Zanin
Fixes #15767
Closes #15768

CVE: CVE-2024-11053
Upstream-Status: Backport [https://github.com/curl/curl/commit/9fce2c55d4b0273ac99b59bd8cb982a6d96b88cf]

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
---
 lib/netrc.c             |  7 +++++-
 tests/data/Makefile.inc |  2 +-
 tests/data/test2005     | 55 +++++++++++++++++++++++++++++++++++++++++
 3 files changed, 62 insertions(+), 2 deletions(-)
 create mode 100644 tests/data/test2005

diff --git a/lib/netrc.c b/lib/netrc.c
index 64efdc0..695e89a 100644
--- a/lib/netrc.c
+++ b/lib/netrc.c
@@ -228,7 +228,8 @@ static int parsenetrc(const char *host,
               retcode = NETRC_FAILED; /* allocation failed */
               goto out;
             }
-          found |= FOUND_PASSWORD;
+          if(!specific_login || our_login)
+             found |= FOUND_PASSWORD;
           keyword = NONE;
           }
           else if(strcasecompare("login", tok))
@@ -237,6 +238,10 @@ static int parsenetrc(const char *host,
             keyword = PASSWORD;
           else if(strcasecompare("machine", tok)) {
             /* a new machine here */
+            if(found & FOUND_PASSWORD) {
+             done = TRUE;
+             break;
+            }
             state = HOSTFOUND;
             keyword = NONE;
             found = 0;
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index e3508cb..dc2af79 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -230,7 +230,7 @@ test1941 test1942 test1943 test1944 test1945 test1946 test1947 test1948 \
 test1955 test1956 test1957 test1958 test1959 test1960 test1964 \
 test1970 test1971 test1972 test1973 test1974 test1975 \
 \
-test2000 test2001 test2002 test2003 test2004 \
+test2000 test2001 test2002 test2003 test2004 test2005 \
 \
                                                                test2023 \
 test2024 test2025 test2026 test2027 test2028 test2029 test2030 test2031 \
diff --git a/tests/data/test2005 b/tests/data/test2005
new file mode 100644
index 0000000..66afe84
--- /dev/null
+++ b/tests/data/test2005
@@ -0,0 +1,55 @@
+<testcase>
+ <info>
+ <keywords>
+ HTTP
+ netrc
+ </keywords>
+ </info>
+ #
+ # Server-side
+ <reply>
+ <data>
+ HTTP/1.1 200 OK
+ Date: Fri, 05 Aug 2022 10:09:00 GMT
+ Server: test-server/fake
+ Content-Type: text/plain
+ Content-Length: 6
+ Connection: close
+
+ -foo-
+ </data>
+ </reply>
+
+ #
+ # Client-side
+ <client>
+ <server>
+ http
+ </server>
+ <name>
+ netrc match with password only in file, no username. machine follows
+ </name>
+ <command>
+ --netrc-optional --netrc-file log/netrc%TESTNUMBER http://%HOSTIP:%HTTPPORT/
+ </command>
+ <file name="log/netrc%TESTNUMBER" >
+ machine %HOSTIP
+ password 5up3r53cr37
+
+ machine example.com
+ </file>
+ </client>
+
+ #
+ # Verify data after the test has been "shot"
+ <verify>
+ <protocol>
+ GET / HTTP/1.1
+ Host: %HOSTIP:%HTTPPORT
+ Authorization: Basic %b64[:5up3r53cr37]b64%
+ User-Agent: curl/%VERSION
+ Accept: */*
+
+ </protocol>
+ </verify>
+ </testcase>
--
2.40.0