From cb49e67303dbafbab1cebf4086e3ec15b7d56ee5 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Fri, 10 Mar 2023 09:22:43 +0100 Subject: [PATCH] url: only reuse connections with same GSS delegation Reported-by: Harry Sintonen Closes #10731 Upstream-Status: Backport [https://github.com/curl/curl/commit/cb49e67303dbafbab1cebf4086e3ec15b7d56ee5] CVE: CVE-2023-27536 Signed-off-by: Vijay Anusuri --- lib/url.c | 6 ++++++ lib/urldata.h | 1 + 2 files changed, 7 insertions(+) diff --git a/lib/url.c b/lib/url.c index f84375c..87f4eb0 100644 --- a/lib/url.c +++ b/lib/url.c @@ -1257,6 +1257,11 @@ ConnectionExists(struct Curl_easy *data, } } + /* GSS delegation differences do not actually affect every connection + and auth method, but this check takes precaution before efficiency */ + if(needle->gssapi_delegation != check->gssapi_delegation) + continue; + #ifdef USE_SSH else if(get_protocol_family(needle->handler->protocol) & PROTO_FAMILY_SSH) { if(!ssh_config_matches(needle, check)) @@ -1708,6 +1713,7 @@ static struct connectdata *allocate_conn(struct Curl_easy *data) conn->fclosesocket = data->set.fclosesocket; conn->closesocket_client = data->set.closesocket_client; conn->lastused = Curl_now(); /* used now */ + conn->gssapi_delegation = data->set.gssapi_delegation; return conn; error: diff --git a/lib/urldata.h b/lib/urldata.h index 51b793b..b8a611b 100644 --- a/lib/urldata.h +++ b/lib/urldata.h @@ -1118,6 +1118,7 @@ struct connectdata { handle */ BIT(sock_accepted); /* TRUE if the SECONDARYSOCKET was created with accept() */ + long gssapi_delegation; /* inherited from set.gssapi_delegation */ }; /* The end of connectdata. */ -- 2.25.1