diff options
Diffstat (limited to 'www/curl/patches/patch-ad')
| -rw-r--r-- | www/curl/patches/patch-ad | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/www/curl/patches/patch-ad b/www/curl/patches/patch-ad new file mode 100644 index 00000000000..408c930e5e9 --- /dev/null +++ b/www/curl/patches/patch-ad @@ -0,0 +1,64 @@ +$NetBSD: patch-ad,v 1.1.2.1 2009/03/15 15:07:23 tron Exp $ + +Taken from http://curl.haxx.se/CVE-2009-0037/curl-7.18.1-CVE-2009-0037.patch + +--- lib/url.c.orig ++++ lib/url.c +@@ -734,6 +734,13 @@ CURLcode Curl_open(struct SessionHandle + data->set.new_file_perms = 0644; /* Default permissions */ + data->set.new_directory_perms = 0755; /* Default permissions */ + ++ /* for the *protocols fields we don't use the CURLPROTO_ALL convenience ++ define since we internally only use the lower 16 bits for the passed ++ in bitmask to not conflict with the private bits */ ++ data->set.allowed_protocols = PROT_EXTMASK; ++ data->set.redir_protocols = ++ PROT_EXTMASK & ~(CURLPROTO_FILE|CURLPROTO_SCP); /* not FILE or SCP */ ++ + /* most recent connection is not yet defined */ + data->state.lastconnect = -1; + +@@ -2075,6 +2082,22 @@ CURLcode Curl_setopt(struct SessionHandl + } + break; + ++ case CURLOPT_PROTOCOLS: ++ /* set the bitmask for the protocols that are allowed to be used for the ++ transfer, which thus helps the app which takes URLs from users or other ++ external inputs and want to restrict what protocol(s) to deal ++ with. Defaults to CURLPROTO_ALL. */ ++ data->set.allowed_protocols = va_arg(param, long) & PROT_EXTMASK; ++ break; ++ ++ case CURLOPT_REDIR_PROTOCOLS: ++ /* set the bitmask for the protocols that libcurl is allowed to follow to, ++ as a subset of the CURLOPT_PROTOCOLS ones. That means the protocol needs ++ to be set in both bitmasks to be allowed to get redirected to. Defaults ++ to CURLPROTO_ALL & ~CURLPROTO_FILE. */ ++ data->set.redir_protocols = va_arg(param, long) & PROT_EXTMASK; ++ break; ++ + default: + /* unknown tag and its companion, just ignore: */ + result = CURLE_FAILED_INIT; /* correct this */ +@@ -3128,7 +3151,19 @@ static CURLcode setup_connection_interna + + for (pp = protocols; (p = *pp) != NULL; pp++) + if(strequal(p->scheme, conn->protostr)) { +- /* Protocol found in table. Perform setup complement if some. */ ++ /* Protocol found in table. Check if allowed */ ++ if(!(data->set.allowed_protocols & p->protocol)) ++ /* nope, get out */ ++ break; ++ ++ /* it is allowed for "normal" request, now do an extra check if this is ++ the result of a redirect */ ++ if(data->state.this_is_a_follow && ++ !(data->set.redir_protocols & p->protocol)) ++ /* nope, get out */ ++ break; ++ ++ /* Perform setup complement if some. */ + conn->handler = p; + + if(p->setup_connection) { |