1From ca02a77f05bd5cef20618c8f741aa48b7be0a648 Mon Sep 17 00:00:00 2001 2From: Daniel Stenberg <daniel@haxx.se> 3Date: Tue, 27 Dec 2022 11:50:23 +0100 4Subject: [PATCH] hsts: handle adding the same host name again 5 6It will then use the largest expire time of the two entries. 7 8CVE: CVE-2023-23914 CVE-2023-23915 9Upstream-Status: Backport [https://github.com/curl/curl/pull/10138/commits/e077b30a42272d964d76e5b815a0af7dc65d8360] 10Signed-off-by: Pawan Badganchi <Pawan.Badganchi@kpit.com> 11Signed-off-by: Mingli Yu <mingli.yu@windriver.com> 12--- 13 lib/hsts.c | 13 +++++++++++-- 14 1 file changed, 11 insertions(+), 2 deletions(-) 15 16diff --git a/lib/hsts.c b/lib/hsts.c 17index 339237be1c621..8d6723ee587d2 100644 18--- a/lib/hsts.c 19+++ b/lib/hsts.c 20@@ -426,14 +426,23 @@ static CURLcode hsts_add(struct hsts *h, char *line) 21 if(2 == rc) { 22 time_t expires = strcmp(date, UNLIMITED) ? Curl_getdate_capped(date) : 23 TIME_T_MAX; 24- CURLcode result; 25+ CURLcode result = CURLE_OK; 26 char *p = host; 27 bool subdomain = FALSE; 28+ struct stsentry *e; 29 if(p[0] == '.') { 30 p++; 31 subdomain = TRUE; 32 } 33- result = hsts_create(h, p, subdomain, expires); 34+ /* only add it if not already present */ 35+ e = Curl_hsts(h, p, subdomain); 36+ if(!e) 37+ result = hsts_create(h, p, subdomain, expires); 38+ else { 39+ /* the same host name, use the largest expire time */ 40+ if(expires > e->expires) 41+ e->expires = expires; 42+ } 43 if(result) 44 return result; 45 } 46