aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKamil Dudka <kdudka@redhat.com>2015-05-28 20:04:35 +0200
committerDaniel Stenberg <daniel@haxx.se>2015-06-17 07:43:13 +0200
commit24a8359b256f8a3d7892f21f156a4bf0a42710d5 (patch)
tree7490da5df95227837ff2adbc272a4e2efffd696a
parent24f0b6ebf7c4411ac9d82a6269d4c136856a1166 (diff)
http: do not leak basic auth credentials on re-used connections
CVE-2015-3236 This partially reverts commit curl-7_39_0-237-g87c4abb Reported-by: Tomas Tomecek, Kamil Dudka Bug: http://curl.haxx.se/docs/adv_20150617A.html
-rw-r--r--lib/http.c16
1 files changed, 4 insertions, 12 deletions
diff --git a/lib/http.c b/lib/http.c
index 7a5137e86..e06c798e9 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -2312,20 +2312,12 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
te
);
- /*
- * Free userpwd for Negotiate/NTLM. Cannot reuse as it is associated with
- * the connection and shouldn't be repeated over it either.
- */
- switch (data->state.authhost.picked) {
- case CURLAUTH_NEGOTIATE:
- case CURLAUTH_NTLM:
- case CURLAUTH_NTLM_WB:
- Curl_safefree(conn->allocptr.userpwd);
- break;
- }
+ /* clear userpwd to avoid re-using credentials from re-used connections */
+ Curl_safefree(conn->allocptr.userpwd);
/*
- * Same for proxyuserpwd
+ * Free proxyuserpwd for Negotiate/NTLM. Cannot reuse as it is associated
+ * with the connection and shouldn't be repeated over it either.
*/
switch (data->state.authproxy.picked) {
case CURLAUTH_NEGOTIATE: