From 24a8359b256f8a3d7892f21f156a4bf0a42710d5 Mon Sep 17 00:00:00 2001 From: Kamil Dudka Date: Thu, 28 May 2015 20:04:35 +0200 Subject: http: do not leak basic auth credentials on re-used connections CVE-2015-3236 This partially reverts commit curl-7_39_0-237-g87c4abb Reported-by: Tomas Tomecek, Kamil Dudka Bug: http://curl.haxx.se/docs/adv_20150617A.html --- lib/http.c | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/lib/http.c b/lib/http.c index 7a5137e86..e06c798e9 100644 --- a/lib/http.c +++ b/lib/http.c @@ -2312,20 +2312,12 @@ CURLcode Curl_http(struct connectdata *conn, bool *done) te ); - /* - * Free userpwd for Negotiate/NTLM. Cannot reuse as it is associated with - * the connection and shouldn't be repeated over it either. - */ - switch (data->state.authhost.picked) { - case CURLAUTH_NEGOTIATE: - case CURLAUTH_NTLM: - case CURLAUTH_NTLM_WB: - Curl_safefree(conn->allocptr.userpwd); - break; - } + /* clear userpwd to avoid re-using credentials from re-used connections */ + Curl_safefree(conn->allocptr.userpwd); /* - * Same for proxyuserpwd + * Free proxyuserpwd for Negotiate/NTLM. Cannot reuse as it is associated + * with the connection and shouldn't be repeated over it either. */ switch (data->state.authproxy.picked) { case CURLAUTH_NEGOTIATE: -- cgit v1.2.3