packages/curl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
curl/backport-tftp-mark-protocol-as-not-possible-to-do-over-CONNEC.patch
sherlock2010 b8013d9c5e fix double-free when using https with tunneling proxy 
(cherry picked from commit 1c3bb7fcab1c32af49a31d1bba5dfd417a7208d3)
2023-07-05 10:52:40 +08:00

64 lines
2.3 KiB
Diff
Raw Blame History

From 4d97fe547322c4ad0868e2282476b1a7d2027f86 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 15 Nov 2021 16:51:32 +0100
Subject: [PATCH 1/1] tftp: mark protocol as not possible to do over CONNECT
... and make connect_init() refusing trying to tunnel protocols marked
as not working. Avoids a double-free.
Reported-by: Even Rouault
Fixes #8018
Closes #8020
Conflict:remove a chunk because the change exists
Reference:https://github.com/curl/curl/commit/4d97fe547322c4ad0868e2282476b1a7d2027f86
---
lib/http_proxy.c | 4 ++++
lib/tftp.c | 2 +-
lib/urldata.h | 1 +
3 files changed, 6 insertions(+), 1 deletions(-)
diff --git a/lib/http_proxy.c b/lib/http_proxy.c
index 2555b401a..e788babed 100644
--- a/lib/http_proxy.c
+++ b/lib/http_proxy.c
@@ -158,6 +158,10 @@ static CURLcode connect_init(struct Curl_easy *data, bool reinit)
{
struct http_connect_state *s;
struct connectdata *conn = data->conn;
+ if(conn->handler->flags & PROTOPT_NOTCPPROXY) {
+ failf(data, "%s cannot be done over CONNECT", conn->handler->scheme);
+ return CURLE_UNSUPPORTED_PROTOCOL;
+ }
if(!reinit) {
CURLcode result;
DEBUGASSERT(!conn->connect_state);
diff --git a/lib/tftp.c b/lib/tftp.c
index 7e5246f01..f8c68441c 100644
--- a/lib/tftp.c
+++ b/lib/tftp.c
@@ -186,7 +186,7 @@ const struct Curl_handler Curl_handler_tftp = {
PORT_TFTP, /* defport */
CURLPROTO_TFTP, /* protocol */
CURLPROTO_TFTP, /* family */
- PROTOPT_NONE | PROTOPT_NOURLQUERY /* flags */
+ PROTOPT_NOTCPPROXY | PROTOPT_NOURLQUERY /* flags */
};
/**********************************************************
diff --git a/lib/urldata.h b/lib/urldata.h
index f12e99b8d..22c66cd44 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -835,6 +835,7 @@ struct Curl_handler {
#define PROTOPT_WILDCARD (1<<12) /* protocol supports wildcard matching */
#define PROTOPT_USERPWDCTRL (1<<13) /* Allow "control bytes" (< 32 ascii) in
user name and password */
+#define PROTOPT_NOTCPPROXY (1<<14) /* this protocol can't proxy over TCP */
#define CONNCHECK_NONE 0 /* No checks */
#define CONNCHECK_ISDEAD (1<<0) /* Check if the connection is dead. */
--
2.33.0
Reference in New Issue View Git Blame Copy Permalink