Mercurial Mercurial > upstream > oracle > userland-gate / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/curl/patches/013-CVE-2014-0015.patch
branchs11-update
changeset 4103 0a3f0d2f2c86
parent 4102 02730b605ff4
child 4111 72fcefade79a 
--- a/components/curl/patches/013-CVE-2014-0015.patch	Fri Apr 10 18:00:20 2015 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,20 +0,0 @@
-CVE-2014-0015: libcurl can in some circumstances re-use the wrong
-connection when asked to do an NTLM-authenticated HTTP or HTTPS request.
-
-More information at:
-http://curl.haxx.se/docs/adv_20140129.html
-
-Closest relevant upstream patch at:
-http://curl.haxx.se/CVE-2014-0015-7-27.patch
-
---- lib/url.c.orig	2014-02-04 12:41:29.827372361 -0800
-+++ lib/url.c	2014-02-04 12:56:44.394433387 -0800
-@@ -2998,7 +2998,7 @@
-         }
-         if((needle->protocol & PROT_FTP) ||
-            ((needle->protocol & PROT_HTTP) &&
--            (data->state.authhost.want==CURLAUTH_NTLM))) {
-+            (data->state.authhost.want & CURLAUTH_NTLM))) {
-           /* This is FTP or HTTP+NTLM, verify that we're using the same name
-              and password as well */
-           if(!strequal(needle->user, check->user) ||
upstream/oracle/userland-gate