Attachment #166301 for bug #206756

Lines 3-9 Link Here

(-)ftp/curl/Makefile (-1 / +1 lines)
3		3
4	PORTNAME= curl	4	PORTNAME= curl
5	PORTVERSION= 7.46.0	5	PORTVERSION= 7.46.0
6	PORTREVISION= 2	6	PORTREVISION= 3
7	CATEGORIES= ftp www	7	CATEGORIES= ftp www
8	MASTER_SITES= http://curl.haxx.se/download/ \	8	MASTER_SITES= http://curl.haxx.se/download/ \
9	LOCAL/sunpoet	9	LOCAL/sunpoet




diff --git a/lib/url.c b/lib/url.c
index 02a7ace..42bf1eb 100644
--- lib/url.c
+++ lib/url.c
@@ -3128,12 +3128,17 @@ ConnectionExists(struct SessionHandle *data,
   struct connectdata *chosen = 0;
   bool foundPendingCandidate = FALSE;
   bool canPipeline = IsPipeliningPossible(data, needle);
+  struct connectbundle *bundle;
+
 #ifdef USE_NTLM
-  bool wantNTLMhttp = ((data->state.authhost.want & CURLAUTH_NTLM) ||
-                       (data->state.authhost.want & CURLAUTH_NTLM_WB)) &&
-    (needle->handler->protocol & PROTO_FAMILY_HTTP) ? TRUE : FALSE;
+  bool wantNTLMhttp = ((data->state.authhost.want &
+                      (CURLAUTH_NTLM | CURLAUTH_NTLM_WB)) &&
+                      (needle->handler->protocol & PROTO_FAMILY_HTTP));
+  bool wantProxyNTLMhttp = (needle->bits.proxy_user_passwd &&
+                           ((data->state.authproxy.want &
+                           (CURLAUTH_NTLM | CURLAUTH_NTLM_WB)) &&
+                           (needle->handler->protocol & PROTO_FAMILY_HTTP)));
 #endif
-  struct connectbundle *bundle;
 
   *force_reuse = FALSE;
   *waitpipe = FALSE;
@@ -3188,9 +3193,6 @@ ConnectionExists(struct SessionHandle *data,
     curr = bundle->conn_list->head;
     while(curr) {
       bool match = FALSE;
-#if defined(USE_NTLM)
-      bool credentialsMatch = FALSE;
-#endif
       size_t pipeLen;
 
       /*
@@ -3300,21 +3302,14 @@ ConnectionExists(struct SessionHandle *data,
           continue;
       }
 
-      if((!(needle->handler->flags & PROTOPT_CREDSPERREQUEST))
-#ifdef USE_NTLM
-         || (wantNTLMhttp || check->ntlm.state != NTLMSTATE_NONE)
-#endif
-        ) {
-        /* This protocol requires credentials per connection or is HTTP+NTLM,
+      if(!(needle->handler->flags & PROTOPT_CREDSPERREQUEST)) {
+        /* This protocol requires credentials per connection,
            so verify that we're using the same name and password as well */
         if(!strequal(needle->user, check->user) ||
            !strequal(needle->passwd, check->passwd)) {
           /* one of them was different */
           continue;
         }
-#if defined(USE_NTLM)
-        credentialsMatch = TRUE;
-#endif
       }
 
       if(!needle->bits.httpproxy || needle->handler->flags&PROTOPT_SSL ||
@@ -3374,20 +3369,43 @@ ConnectionExists(struct SessionHandle *data,
            possible. (Especially we must not reuse the same connection if
            partway through a handshake!) */
         if(wantNTLMhttp) {
-          if(credentialsMatch && check->ntlm.state != NTLMSTATE_NONE) {
-            chosen = check;
+          if(!strequal(needle->user, check->user) ||
+             !strequal(needle->passwd, check->passwd))
+            continue;
+        }
+        else if(check->ntlm.state != NTLMSTATE_NONE) {
+          /* Connection is using NTLM auth but we don't want NTLM */
+          continue;
+        }
+
+        /* Same for Proxy NTLM authentication */
+        if(wantProxyNTLMhttp) {
+          if(!strequal(needle->proxyuser, check->proxyuser) ||
+             !strequal(needle->proxypasswd, check->proxypasswd))
+            continue;
+        }
+        else if(check->proxyntlm.state != NTLMSTATE_NONE) {
+          /* Proxy connection is using NTLM auth but we don't want NTLM */
+          continue;
+        }
+
+        if(wantNTLMhttp || wantProxyNTLMhttp) {
+          /* Credentials are already checked, we can use this connection */
+          chosen = check;
 
+          if((wantNTLMhttp &&
+             (check->ntlm.state != NTLMSTATE_NONE)) ||
+              (wantProxyNTLMhttp &&
+               (check->proxyntlm.state != NTLMSTATE_NONE))) {
             /* We must use this connection, no other */
             *force_reuse = TRUE;
             break;
           }
-          else if(credentialsMatch)
-            /* this is a backup choice */
-            chosen = check;
+
+          /* Continue look up for a better connection */
           continue;
         }
 #endif
-
         if(canPipeline) {
           /* We can pipeline if we want to. Let's continue looking for
              the optimal connection to use, i.e the shortest pipe that is not

Return to bug 206756

Line 0 Link Here

(-)ftp/curl/files/patch-CVE-2016-755 (+110 lines)
		1	diff --git a/lib/url.c b/lib/url.c
		2	index 02a7ace..42bf1eb 100644
		3	--- lib/url.c
		4	+++ lib/url.c
		5	@@ -3128,12 +3128,17 @@ ConnectionExists(struct SessionHandle *data,
		6	struct connectdata *chosen = 0;
		7	bool foundPendingCandidate = FALSE;
		8	bool canPipeline = IsPipeliningPossible(data, needle);
		9	+ struct connectbundle *bundle;
		10	+
		11	#ifdef USE_NTLM
		12	- bool wantNTLMhttp = ((data->state.authhost.want & CURLAUTH_NTLM) \|\|
		13	- (data->state.authhost.want & CURLAUTH_NTLM_WB)) &&
		14	- (needle->handler->protocol & PROTO_FAMILY_HTTP) ? TRUE : FALSE;
		15	+ bool wantNTLMhttp = ((data->state.authhost.want &
		16	+ (CURLAUTH_NTLM \| CURLAUTH_NTLM_WB)) &&
		17	+ (needle->handler->protocol & PROTO_FAMILY_HTTP));
		18	+ bool wantProxyNTLMhttp = (needle->bits.proxy_user_passwd &&
		19	+ ((data->state.authproxy.want &
		20	+ (CURLAUTH_NTLM \| CURLAUTH_NTLM_WB)) &&
		21	+ (needle->handler->protocol & PROTO_FAMILY_HTTP)));
		22	#endif
		23	- struct connectbundle *bundle;
		24
		25	*force_reuse = FALSE;
		26	*waitpipe = FALSE;
		27	@@ -3188,9 +3193,6 @@ ConnectionExists(struct SessionHandle *data,
		28	curr = bundle->conn_list->head;
		29	while(curr) {
		30	bool match = FALSE;
		31	-#if defined(USE_NTLM)
		32	- bool credentialsMatch = FALSE;
		33	-#endif
		34	size_t pipeLen;
		35
		36	/*
		37	@@ -3300,21 +3302,14 @@ ConnectionExists(struct SessionHandle *data,
		38	continue;
		39	}
		40
		41	- if((!(needle->handler->flags & PROTOPT_CREDSPERREQUEST))
		42	-#ifdef USE_NTLM
		43	- \|\| (wantNTLMhttp \|\| check->ntlm.state != NTLMSTATE_NONE)
		44	-#endif
		45	- ) {
		46	- /* This protocol requires credentials per connection or is HTTP+NTLM,
		47	+ if(!(needle->handler->flags & PROTOPT_CREDSPERREQUEST)) {
		48	+ /* This protocol requires credentials per connection,
		49	so verify that we're using the same name and password as well */
		50	if(!strequal(needle->user, check->user) \|\|
		51	!strequal(needle->passwd, check->passwd)) {
		52	/* one of them was different */
		53	continue;
		54	}
		55	-#if defined(USE_NTLM)
		56	- credentialsMatch = TRUE;
		57	-#endif
		58	}
		59
		60	if(!needle->bits.httpproxy \|\| needle->handler->flags&PROTOPT_SSL \|\|
		61	@@ -3374,20 +3369,43 @@ ConnectionExists(struct SessionHandle *data,
		62	possible. (Especially we must not reuse the same connection if
		63	partway through a handshake!) */
		64	if(wantNTLMhttp) {
65	- if(credentialsMatch && check->ntlm.state != NTLMSTATE_NONE) {
66	- chosen = check;
67	+ if(!strequal(needle->user, check->user) \|\|
68	+ !strequal(needle->passwd, check->passwd))
69	+ continue;
70	+ }
71	+ else if(check->ntlm.state != NTLMSTATE_NONE) {
72	+ /* Connection is using NTLM auth but we don't want NTLM */
73	+ continue;
74	+ }
75	+
76	+ /* Same for Proxy NTLM authentication */
77	+ if(wantProxyNTLMhttp) {
78	+ if(!strequal(needle->proxyuser, check->proxyuser) \|\|
79	+ !strequal(needle->proxypasswd, check->proxypasswd))
80	+ continue;
81	+ }
82	+ else if(check->proxyntlm.state != NTLMSTATE_NONE) {
83	+ /* Proxy connection is using NTLM auth but we don't want NTLM */
84	+ continue;
85	+ }
86	+
87	+ if(wantNTLMhttp \|\| wantProxyNTLMhttp) {
88	+ /* Credentials are already checked, we can use this connection */
89	+ chosen = check;
90
91	+ if((wantNTLMhttp &&
92	+ (check->ntlm.state != NTLMSTATE_NONE)) \|\|
93	+ (wantProxyNTLMhttp &&
94	+ (check->proxyntlm.state != NTLMSTATE_NONE))) {
95	/* We must use this connection, no other */
96	*force_reuse = TRUE;
97	break;
98	}
99	- else if(credentialsMatch)
100	- /* this is a backup choice */
101	- chosen = check;
102	+
103	+ /* Continue look up for a better connection */
104	continue;
105	}
106	#endif
107	-
108	if(canPipeline) {
109	/* We can pipeline if we want to. Let's continue looking for
110	the optimal connection to use, i.e the shortest pipe that is not