Mercurial Mercurial > upstream > oracle > userland-gate / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/curl/patches/013-CVE-2014-0015.patch
branchs11-update
changeset 2939 e9aeb41ecd7a
equal deleted inserted replaced
2938:9f9845a938fd 2939:e9aeb41ecd7a 
       
     1 CVE-2014-0015: libcurl can in some circumstances re-use the wrong
 
       
     2 connection when asked to do an NTLM-authenticated HTTP or HTTPS request.
 
       
     3 
       
     4 More information at:
 
       
     5 http://curl.haxx.se/docs/adv_20140129.html
 
       
     6 
       
     7 Closest relevant upstream patch at:
 
       
     8 http://curl.haxx.se/CVE-2014-0015-7-27.patch
 
       
     9 
       
    10 --- lib/url.c.orig	2014-02-04 12:41:29.827372361 -0800
 
       
    11 +++ lib/url.c	2014-02-04 12:56:44.394433387 -0800
 
       
    12 @@ -2998,7 +2998,7 @@
 
       
    13          }
 
       
    14          if((needle->protocol & PROT_FTP) ||
 
       
    15             ((needle->protocol & PROT_HTTP) &&
 
       
    16 -            (data->state.authhost.want==CURLAUTH_NTLM))) {
 
       
    17 +            (data->state.authhost.want & CURLAUTH_NTLM))) {
 
       
    18            /* This is FTP or HTTP+NTLM, verify that we're using the same name
 
       
    19               and password as well */
 
       
    20            if(!strequal(needle->user, check->user) ||
upstream/oracle/userland-gate