packages/curl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!210 [sync] PR-208: hide sensitive info in cmdline when ps

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @kircher 
Signed-off-by: @kircher
This commit is contained in:
openeuler-ci-bot 2023-06-19 13:09:06 +00:00 committed by Gitee
commit 1f43734c6b
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
6 changed files with 659 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

95
backport-curl-tool-erase-some-more-sensitive-command-line-arg.patch Normal file
View File

@ -0,0 +1,95 @@
From b6acbdeb6375c9552fd4b04d5ab38422ed25fbaf Mon Sep 17 00:00:00 2001
From: Patrick Monnerat <patrick@monnerat.net>
Date: Mon, 10 Jan 2022 11:51:16 +0100
Subject: [PATCH] curl tool: erase some more sensitive command line arguments
As the ps command may reveal sensitive command line info, obfuscate
options --tlsuser, --tlspasswd, --proxy-tlsuser, --proxy-tlspassword and
--oauth2-bearer arguments.
Reported-by: Stephen Boost <s.booth@epcc.ed.ac.uk>
Closes #7964
---
src/tool_getparam.c | 35 ++++++++++++++++++++++-------------
1 file changed, 22 insertions(+), 13 deletions(-)
diff --git a/src/tool_getparam.c b/src/tool_getparam.c
index 7abbcc639..223214b0a 100644
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -669,6 +669,7 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
break;
case 'B': /* OAuth 2.0 bearer token */
GetStr(&config->oauth_bearer, nextarg);
+ cleanarg(nextarg);
config->authtype |= CURLAUTH_BEARER;
break;
case 'c': /* connect-timeout */
@@ -1617,16 +1618,20 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
GetStr(&config->crlfile, nextarg);
break;
case 'k': /* TLS username */
- if(curlinfo->features & CURL_VERSION_TLSAUTH_SRP)
- GetStr(&config->tls_username, nextarg);
- else
+ if(!(curlinfo->features & CURL_VERSION_TLSAUTH_SRP)) {
+ cleanarg(nextarg);
return PARAM_LIBCURL_DOESNT_SUPPORT;
+ }
+ GetStr(&config->tls_username, nextarg);
+ cleanarg(nextarg);
break;
case 'l': /* TLS password */
- if(curlinfo->features & CURL_VERSION_TLSAUTH_SRP)
- GetStr(&config->tls_password, nextarg);
- else
+ if(!(curlinfo->features & CURL_VERSION_TLSAUTH_SRP)) {
+ cleanarg(nextarg);
return PARAM_LIBCURL_DOESNT_SUPPORT;
+ }
+ GetStr(&config->tls_password, nextarg);
+ cleanarg(nextarg);
break;
case 'm': /* TLS authentication type */
if(curlinfo->features & CURL_VERSION_TLSAUTH_SRP) {
@@ -1687,17 +1692,21 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
break;
case 'u': /* TLS username for proxy */
- if(curlinfo->features & CURL_VERSION_TLSAUTH_SRP)
- GetStr(&config->proxy_tls_username, nextarg);
- else
+ if(!(curlinfo->features & CURL_VERSION_TLSAUTH_SRP)) {
+ cleanarg(nextarg);
return PARAM_LIBCURL_DOESNT_SUPPORT;
+ }
+ GetStr(&config->proxy_tls_username, nextarg);
+ cleanarg(nextarg);
break;
case 'v': /* TLS password for proxy */
- if(curlinfo->features & CURL_VERSION_TLSAUTH_SRP)
- GetStr(&config->proxy_tls_password, nextarg);
- else
+ if(!(curlinfo->features & CURL_VERSION_TLSAUTH_SRP)) {
+ cleanarg(nextarg);
return PARAM_LIBCURL_DOESNT_SUPPORT;
+ }
+ GetStr(&config->proxy_tls_password, nextarg);
+ cleanarg(nextarg);
break;
case 'w': /* TLS authentication type for proxy */
--
2.33.0

107
backport-getparam-correctly-clean-args.patch Normal file
View File

@ -0,0 +1,107 @@
From 5b059ba8954c6dcf305ff4def77fe394c7b57401 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 30 Aug 2022 23:40:19 +0200
Subject: [PATCH] getparam: correctly clean args
Follow-up to bf7e887b2442783ab52
The previous fix for #9128 was incomplete and caused #9397.
Fixes #9397
Closes #9399
---
src/tool_getparam.c | 15 ++++++++-------
src/tool_getparam.h | 1 -
src/tool_parsecfg.c | 2 +-
3 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/src/tool_getparam.c b/src/tool_getparam.c
index f2ad91c19..e6c6a273d 100644
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@@ -558,7 +558,6 @@ static void cleanarg(argv_item_t str)
ParameterError getparameter(const char *flag, /* f or -long-flag */
char *nextarg, /* NULL if unset */
- argv_item_t clearthis,
bool *usedarg, /* set to TRUE if the arg
has been used */
struct GlobalConfig *global,
@@ -576,7 +575,9 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
ParameterError err;
bool toggle = TRUE; /* how to switch boolean options, on or off. Controlled
by using --OPTION or --no-OPTION */
- (void)clearthis; /* for !HAVE_WRITABLE_ARGV builds */
+#ifdef HAVE_WRITABLE_ARGV
+ argv_item_t clearthis = NULL;
+#endif
*usedarg = FALSE; /* default is that we don't use the arg */
if(('-' != flag[0]) || ('-' == flag[1])) {
@@ -652,6 +653,9 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
/* this option requires an extra parameter */
if(!longopt && parse[1]) {
nextarg = (char *)&parse[1]; /* this is the actual extra parameter */
+#ifdef HAVE_WRITABLE_ARGV
+ clearthis = nextarg;
+#endif
singleopt = TRUE; /* don't loop anymore after this */
}
else if(!nextarg)
@@ -2443,17 +2447,15 @@ ParameterError parse_args(struct GlobalConfig *global, int argc,
stillflags = FALSE;
else {
char *nextarg = NULL;
- argv_item_t clear = NULL;
if(i < (argc - 1)) {
nextarg = curlx_convert_tchar_to_UTF8(argv[i + 1]);
if(!nextarg) {
curlx_unicodefree(orig_opt);
return PARAM_NO_MEM;
}
- clear = argv[i + 1];
}
- result = getparameter(orig_opt, nextarg, clear, &passarg,
+ result = getparameter(orig_opt, nextarg, &passarg,
global, config);
curlx_unicodefree(nextarg);
config = global->last;
@@ -2492,8 +2494,7 @@ ParameterError parse_args(struct GlobalConfig *global, int argc,
bool used;
/* Just add the URL please */
- result = getparameter("--url", orig_opt, NULL, &used, global,
- config);
+ result = getparameter("--url", orig_opt, &used, global, config);
}
if(!result)
diff --git a/src/tool_getparam.h b/src/tool_getparam.h
index 0564518a6..3eb177391 100644
--- a/src/tool_getparam.h
+++ b/src/tool_getparam.h
@@ -55,7 +55,6 @@ struct GlobalConfig;
struct OperationConfig;
ParameterError getparameter(const char *flag, char *nextarg,
- argv_item_t clearthis,
bool *usedarg,
struct GlobalConfig *global,
struct OperationConfig *operation);
diff --git a/src/tool_parsecfg.c b/src/tool_parsecfg.c
index 34eb5daa9..a166757f8 100644
--- a/src/tool_parsecfg.c
+++ b/src/tool_parsecfg.c
@@ -223,7 +223,7 @@ int parseconfig(const char *filename, struct GlobalConfig *global)
#ifdef DEBUG_CONFIG
fprintf(stderr, "PARAM: \"%s\"\n",(param ? param : "(null)"));
#endif
- res = getparameter(option, param, NULL, &usedarg, global, operation);
+ res = getparameter(option, param, &usedarg, global, operation);
operation = global->last;
if(!res && param && *param && !usedarg)
--
2.33.0

87
backport-tool_getparam-fix-cleanarg-for-unicode-builds.patch Normal file
View File

@ -0,0 +1,87 @@
From 206550a9c25e2084012f616dcce90142a30a8f80 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Sat, 23 Jul 2022 13:33:57 +0200
Subject: [PATCH] tool_getparam: fix cleanarg() for unicode builds
Use the correct type, and make cleanarg an empty macro if the cleaning
ability is absent.
Fixes #9195
Closes #9196
Reviewed-by: Jay Satiro
Reviewed-by: Marcel Raad
---
src/tool_getparam.c | 14 +++++++-------
src/tool_getparam.h | 3 ++-
2 files changed, 9 insertions(+), 8 deletions(-)
diff --git a/src/tool_getparam.c b/src/tool_getparam.c
index 6423c8fe1..9bbd51d34 100644
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@@ -541,9 +541,9 @@ static ParameterError GetSizeParameter(struct GlobalConfig *global,
return PARAM_OK;
}
-static void cleanarg(char *str)
-{
#ifdef HAVE_WRITABLE_ARGV
+static void cleanarg(argv_item_t str)
+{
/* now that GetStr has copied the contents of nextarg, wipe the next
* argument out so that the username:password isn't displayed in the
* system process list */
@@ -551,14 +551,14 @@ static void cleanarg(char *str)
size_t len = strlen(str);
memset(str, ' ', len);
}
+}
#else
- (void)str;
+#define cleanarg(x)
#endif
-}
ParameterError getparameter(const char *flag, /* f or -long-flag */
char *nextarg, /* NULL if unset */
- char *clearthis,
+ argv_item_t clearthis,
bool *usedarg, /* set to TRUE if the arg
has been used */
struct GlobalConfig *global,
@@ -576,7 +576,7 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
ParameterError err;
bool toggle = TRUE; /* how to switch boolean options, on or off. Controlled
by using --OPTION or --no-OPTION */
-
+ (void)clearthis; /* for !HAVE_WRITABLE_ARGV builds */
*usedarg = FALSE; /* default is that we don't use the arg */
if(('-' != flag[0]) || ('-' == flag[1])) {
@@ -2440,7 +2440,7 @@ ParameterError parse_args(struct GlobalConfig *global, int argc,
stillflags = FALSE;
else {
char *nextarg = NULL;
- char *clear = NULL;
+ argv_item_t clear = NULL;
if(i < (argc - 1)) {
nextarg = curlx_convert_tchar_to_UTF8(argv[i + 1]);
if(!nextarg) {
diff --git a/src/tool_getparam.h b/src/tool_getparam.h
index e35136123..0564518a6 100644
--- a/src/tool_getparam.h
+++ b/src/tool_getparam.h
@@ -54,7 +54,8 @@ typedef enum {
struct GlobalConfig;
struct OperationConfig;
-ParameterError getparameter(const char *flag, char *nextarg, char *clearthis,
+ParameterError getparameter(const char *flag, char *nextarg,
+ argv_item_t clearthis,
bool *usedarg,
struct GlobalConfig *global,
struct OperationConfig *operation);
--
2.33.0

91
backport-tool_getparam-fix-hiding-of-command-line-secrets.patch Normal file
View File

@ -0,0 +1,91 @@
From 2ed0e1f70ee176edf3d2292ab01201eb6baf86b3 Mon Sep 17 00:00:00 2001
From: Harry Sintonen <sintonen@iki.fi>
Date: Wed, 11 Jan 2023 11:39:33 +0100
Subject: [PATCH] tool_getparam: fix hiding of command line secrets
Closes #10276
---
src/tool_getparam.c | 14 ++++++++------
src/tool_getparam.h | 1 +
src/tool_parsecfg.c | 2 +-
3 files changed, 10 insertions(+), 7 deletions(-)
diff --git a/src/tool_getparam.c b/src/tool_getparam.c
index 68bc83223..bb4303a8c 100644
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@@ -660,6 +660,7 @@ static ParameterError data_urlencode(struct GlobalConfig *global,
ParameterError getparameter(const char *flag, /* f or -long-flag */
char *nextarg, /* NULL if unset */
+ argv_item_t cleararg,
bool *usedarg, /* set to TRUE if the arg
has been used */
struct GlobalConfig *global,
@@ -764,15 +765,16 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
/* this option requires an extra parameter */
if(!longopt && parse[1]) {
nextarg = (char *)&parse[1]; /* this is the actual extra parameter */
-#ifdef HAVE_WRITABLE_ARGV
- clearthis = nextarg;
-#endif
singleopt = TRUE; /* don't loop anymore after this */
}
else if(!nextarg)
return PARAM_REQUIRES_PARAMETER;
- else
+ else {
+#ifdef HAVE_WRITABLE_ARGV
+ clearthis = cleararg;
+#endif
*usedarg = TRUE; /* mark it as used */
+ }
if((aliases[hit].desc == ARG_FILENAME) &&
(nextarg[0] == '-') && nextarg[1]) {
@@ -2494,7 +2496,7 @@ ParameterError parse_args(struct GlobalConfig *global, int argc,
}
}
- result = getparameter(orig_opt, nextarg, &passarg,
+ result = getparameter(orig_opt, nextarg, argv[i + 1], &passarg,
global, config);
curlx_unicodefree(nextarg);
config = global->last;
@@ -2533,7 +2535,7 @@ ParameterError parse_args(struct GlobalConfig *global, int argc,
bool used;
/* Just add the URL please */
- result = getparameter("--url", orig_opt, &used, global, config);
+ result = getparameter("--url", orig_opt, argv[i], &used, global, config);
}
if(!result)
diff --git a/src/tool_getparam.h b/src/tool_getparam.h
index 677ce8e5f..827a04e81 100644
--- a/src/tool_getparam.h
+++ b/src/tool_getparam.h
@@ -55,6 +55,7 @@ struct GlobalConfig;
struct OperationConfig;
ParameterError getparameter(const char *flag, char *nextarg,
+ argv_item_t cleararg,
bool *usedarg,
struct GlobalConfig *global,
struct OperationConfig *operation);
diff --git a/src/tool_parsecfg.c b/src/tool_parsecfg.c
index ffc19fdf0..50d03f666 100644
--- a/src/tool_parsecfg.c
+++ b/src/tool_parsecfg.c
@@ -223,7 +223,7 @@ int parseconfig(const char *filename, struct GlobalConfig *global)
#ifdef DEBUG_CONFIG
fprintf(stderr, "PARAM: \"%s\"\n",(param ? param : "(null)"));
#endif
- res = getparameter(option, param, &usedarg, global, operation);
+ res = getparameter(option, param, NULL, &usedarg, global, operation);
operation = global->last;
if(!res && param && *param && !usedarg)
--
2.33.0

267
backport-tool_getparam-repair-cleanarg.patch Normal file
View File

@ -0,0 +1,267 @@
From bf7e887b2442783ab52ddf9d1348c52344fc96f1 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Sun, 10 Jul 2022 15:22:13 +0200
Subject: [PATCH] tool_getparam: repair cleanarg
Regression since 9e5669f.
Make sure the "cleaning" of command line arguments is done on the
original argv[] pointers. As a bonus, it also exits better on out of
memory error.
Reported-by: Litter White
Fixes #9128
Closes #9130
---
src/tool_getparam.c | 61 +++++++++++++++++++++++++++++++--------------
src/tool_getparam.h | 3 ++-
src/tool_paramhlp.c | 15 -----------
src/tool_paramhlp.h | 2 --
src/tool_parsecfg.c | 2 +-
5 files changed, 45 insertions(+), 38 deletions(-)
diff --git a/src/tool_getparam.c b/src/tool_getparam.c
index 9d425c846..6423c8fe1 100644
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@@ -487,7 +487,6 @@ GetFileAndPassword(char *nextarg, char **file, char **password)
Curl_safefree(*password);
*password = passphrase;
}
- cleanarg(nextarg);
}
/* Get a size parameter for '--limit-rate' or '--max-filesize'.
@@ -542,8 +541,24 @@ static ParameterError GetSizeParameter(struct GlobalConfig *global,
return PARAM_OK;
}
+static void cleanarg(char *str)
+{
+#ifdef HAVE_WRITABLE_ARGV
+ /* now that GetStr has copied the contents of nextarg, wipe the next
+ * argument out so that the username:password isn't displayed in the
+ * system process list */
+ if(str) {
+ size_t len = strlen(str);
+ memset(str, ' ', len);
+ }
+#else
+ (void)str;
+#endif
+}
+
ParameterError getparameter(const char *flag, /* f or -long-flag */
char *nextarg, /* NULL if unset */
+ char *clearthis,
bool *usedarg, /* set to TRUE if the arg
has been used */
struct GlobalConfig *global,
@@ -675,7 +690,7 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
break;
case 'B': /* OAuth 2.0 bearer token */
GetStr(&config->oauth_bearer, nextarg);
- cleanarg(nextarg);
+ cleanarg(clearthis);
config->authtype |= CURLAUTH_BEARER;
break;
case 'c': /* connect-timeout */
@@ -1637,6 +1652,7 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
case 'E':
switch(subletter) {
case '\0': /* certificate file */
+ cleanarg(clearthis);
GetFileAndPassword(nextarg, &config->cert, &config->key_passwd);
break;
case 'a': /* CA info PEM file */
@@ -1653,7 +1669,7 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
break;
case 'e': /* private key passphrase */
GetStr(&config->key_passwd, nextarg);
- cleanarg(nextarg);
+ cleanarg(clearthis);
break;
case 'f': /* crypto engine */
GetStr(&config->engine, nextarg);
@@ -1679,19 +1695,19 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
break;
case 'k': /* TLS username */
if(!(curlinfo->features & CURL_VERSION_TLSAUTH_SRP)) {
- cleanarg(nextarg);
+ cleanarg(clearthis);
return PARAM_LIBCURL_DOESNT_SUPPORT;
}
GetStr(&config->tls_username, nextarg);
- cleanarg(nextarg);
+ cleanarg(clearthis);
break;
case 'l': /* TLS password */
if(!(curlinfo->features & CURL_VERSION_TLSAUTH_SRP)) {
- cleanarg(nextarg);
+ cleanarg(clearthis);
return PARAM_LIBCURL_DOESNT_SUPPORT;
}
GetStr(&config->tls_password, nextarg);
- cleanarg(nextarg);
+ cleanarg(clearthis);
break;
case 'm': /* TLS authentication type */
if(curlinfo->features & CURL_VERSION_TLSAUTH_SRP) {
@@ -1752,21 +1768,19 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
break;
case 'u': /* TLS username for proxy */
+ cleanarg(clearthis);
if(!(curlinfo->features & CURL_VERSION_TLSAUTH_SRP)) {
- cleanarg(nextarg);
return PARAM_LIBCURL_DOESNT_SUPPORT;
}
GetStr(&config->proxy_tls_username, nextarg);
- cleanarg(nextarg);
break;
case 'v': /* TLS password for proxy */
+ cleanarg(clearthis);
if(!(curlinfo->features & CURL_VERSION_TLSAUTH_SRP)) {
- cleanarg(nextarg);
return PARAM_LIBCURL_DOESNT_SUPPORT;
}
GetStr(&config->proxy_tls_password, nextarg);
- cleanarg(nextarg);
break;
case 'w': /* TLS authentication type for proxy */
@@ -1780,6 +1794,7 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
break;
case 'x': /* certificate file for proxy */
+ cleanarg(clearthis);
GetFileAndPassword(nextarg, &config->proxy_cert,
&config->proxy_key_passwd);
break;
@@ -1798,7 +1813,7 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
case '1': /* private key passphrase for proxy */
GetStr(&config->proxy_key_passwd, nextarg);
- cleanarg(nextarg);
+ cleanarg(clearthis);
break;
case '2': /* ciphers for proxy */
@@ -2246,12 +2261,12 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
case 'u':
/* user:password */
GetStr(&config->userpwd, nextarg);
- cleanarg(nextarg);
+ cleanarg(clearthis);
break;
case 'U':
/* Proxy user:password */
GetStr(&config->proxyuserpwd, nextarg);
- cleanarg(nextarg);
+ cleanarg(clearthis);
break;
case 'v':
if(toggle) {
@@ -2424,11 +2439,19 @@ ParameterError parse_args(struct GlobalConfig *global, int argc,
following (URL) argument to start with -. */
stillflags = FALSE;
else {
- char *nextarg = (i < (argc - 1))
- ? curlx_convert_tchar_to_UTF8(argv[i + 1])
- : NULL;
+ char *nextarg = NULL;
+ char *clear = NULL;
+ if(i < (argc - 1)) {
+ nextarg = curlx_convert_tchar_to_UTF8(argv[i + 1]);
+ if(!nextarg) {
+ curlx_unicodefree(orig_opt);
+ return PARAM_NO_MEM;
+ }
+ clear = argv[i + 1];
+ }
- result = getparameter(orig_opt, nextarg, &passarg, global, config);
+ result = getparameter(orig_opt, nextarg, clear, &passarg,
+ global, config);
curlx_unicodefree(nextarg);
config = global->last;
if(result == PARAM_NEXT_OPERATION) {
@@ -2466,7 +2489,7 @@ ParameterError parse_args(struct GlobalConfig *global, int argc,
bool used;
/* Just add the URL please */
- result = getparameter("--url", orig_opt, &used, global,
+ result = getparameter("--url", orig_opt, NULL, &used, global,
config);
}
diff --git a/src/tool_getparam.h b/src/tool_getparam.h
index ef9833575..e35136123 100644
--- a/src/tool_getparam.h
+++ b/src/tool_getparam.h
@@ -54,7 +54,8 @@ typedef enum {
struct GlobalConfig;
struct OperationConfig;
-ParameterError getparameter(const char *flag, char *nextarg, bool *usedarg,
+ParameterError getparameter(const char *flag, char *nextarg, char *clearthis,
+ bool *usedarg,
struct GlobalConfig *global,
struct OperationConfig *operation);
diff --git a/src/tool_paramhlp.c b/src/tool_paramhlp.c
index 71c738594..db0d0fb00 100644
--- a/src/tool_paramhlp.c
+++ b/src/tool_paramhlp.c
@@ -116,21 +116,6 @@ ParameterError file2memory(char **bufp, size_t *size, FILE *file)
return PARAM_OK;
}
-void cleanarg(char *str)
-{
-#ifdef HAVE_WRITABLE_ARGV
- /* now that GetStr has copied the contents of nextarg, wipe the next
- * argument out so that the username:password isn't displayed in the
- * system process list */
- if(str) {
- size_t len = strlen(str);
- memset(str, ' ', len);
- }
-#else
- (void)str;
-#endif
-}
-
/*
* Parse the string and write the long in the given address. Return PARAM_OK
* on success, otherwise a parameter specific error enum.
diff --git a/src/tool_paramhlp.h b/src/tool_paramhlp.h
index 297490b57..ec44e2df4 100644
--- a/src/tool_paramhlp.h
+++ b/src/tool_paramhlp.h
@@ -31,8 +31,6 @@ ParameterError file2string(char **bufp, FILE *file);
ParameterError file2memory(char **bufp, size_t *size, FILE *file);
-void cleanarg(char *str);
-
ParameterError str2num(long *val, const char *str);
ParameterError str2unum(long *val, const char *str);
ParameterError oct2nummax(long *val, const char *str, long max);
diff --git a/src/tool_parsecfg.c b/src/tool_parsecfg.c
index a166757f8..34eb5daa9 100644
--- a/src/tool_parsecfg.c
+++ b/src/tool_parsecfg.c
@@ -223,7 +223,7 @@ int parseconfig(const char *filename, struct GlobalConfig *global)
#ifdef DEBUG_CONFIG
fprintf(stderr, "PARAM: \"%s\"\n",(param ? param : "(null)"));
#endif
- res = getparameter(option, param, &usedarg, global, operation);
+ res = getparameter(option, param, NULL, &usedarg, global, operation);
operation = global->last;
if(!res && param && *param && !usedarg)
--
2.33.0

13
curl.spec
View File

@ -6,7 +6,7 @@
Name: curl
Version: 7.79.1
Release: 19
Release: 20
Summary: Curl is used in command lines or scripts to transfer data
License: MIT
URL: https://curl.haxx.se/
@ -53,6 +53,11 @@ Patch38: backport-CVE-2023-28322.patch
Patch39: backport-0001-CVE-2023-28320.patch
Patch40: backport-0002-CVE-2023-28320.patch
Patch41: backport-0003-CVE-2023-28320.patch
Patch42: backport-curl-tool-erase-some-more-sensitive-command-line-arg.patch
Patch43: backport-tool_getparam-repair-cleanarg.patch
Patch44: backport-tool_getparam-fix-cleanarg-for-unicode-builds.patch
Patch45: backport-getparam-correctly-clean-args.patch
Patch46: backport-tool_getparam-fix-hiding-of-command-line-secrets.patch
BuildRequires: automake brotli-devel coreutils gcc groff krb5-devel
BuildRequires: libidn2-devel libnghttp2-devel libpsl-devel
@ -221,6 +226,12 @@ rm -rf ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
%{_mandir}/man3/*
%changelog
* Mon Jun 19 2023 zhouyihang <zhouyihang3@h-partners.com> - 7.79.1-20
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:hide sensitive info in cmdline when ps
* Sat Jun 10 2023 zhouyihang <zhouyihang3@h-partners.com> - 7.79.1-19
- Type:bugfix
- CVE:NA