xref: /OK3568_Linux_fs/yocto/poky/meta/recipes-support/curl/curl/CVE-2022-42915.patch (revision 4882a59341e53eb6f0b4789bf948001014eff981) 
1*4882a593SmuzhiyunFrom 55e1875729f9d9fc7315cec611bffbd2c817ad89 Mon Sep 17 00:00:00 2001
2*4882a593SmuzhiyunFrom: Daniel Stenberg <daniel@haxx.se>
3*4882a593SmuzhiyunDate: Thu, 6 Oct 2022 14:13:36 +0200
4*4882a593SmuzhiyunSubject: [PATCH] http_proxy: restore the protocol pointer on error
5*4882a593Smuzhiyun
6*4882a593SmuzhiyunReported-by: Trail of Bits
7*4882a593Smuzhiyun
8*4882a593SmuzhiyunCloses #9790
9*4882a593Smuzhiyun
10*4882a593SmuzhiyunCVE: CVE-2022-42915
11*4882a593SmuzhiyunUpstream-Status: Backport [https://github.com/curl/curl/commit/55e1875729f9d9fc7315cec611bffbd2c817ad89]
12*4882a593SmuzhiyunSigned-off-by: Bhabu Bindu <bhabu.bindu@kpit.com>
13*4882a593Smuzhiyun---
14*4882a593Smuzhiyun lib/http_proxy.c | 6 ++----
15*4882a593Smuzhiyun lib/url.c        | 9 ---------
16*4882a593Smuzhiyun 2 files changed, 2 insertions(+), 13 deletions(-)
17*4882a593Smuzhiyun
18*4882a593Smuzhiyundiff --git a/lib/http_proxy.c b/lib/http_proxy.c
19*4882a593Smuzhiyunindex 1f87f6c62aa40..cc20b3a801941 100644
20*4882a593Smuzhiyun--- a/lib/http_proxy.c
21*4882a593Smuzhiyun+++ b/lib/http_proxy.c
22*4882a593Smuzhiyun@@ -212,10 +212,8 @@ void Curl_connect_done(struct Curl_easy *data)
23*4882a593Smuzhiyun     Curl_dyn_free(&s->rcvbuf);
24*4882a593Smuzhiyun     Curl_dyn_free(&s->req);
25*4882a593Smuzhiyun
26*4882a593Smuzhiyun-    /* restore the protocol pointer, if not already done */
27*4882a593Smuzhiyun-    if(s->prot_save)
28*4882a593Smuzhiyun-      data->req.p.http = s->prot_save;
29*4882a593Smuzhiyun-    s->prot_save = NULL;
30*4882a593Smuzhiyun+    /* restore the protocol pointer */
31*4882a593Smuzhiyun+    data->req.p.http = s->prot_save;
32*4882a593Smuzhiyun     data->info.httpcode = 0; /* clear it as it might've been used for the
33*4882a593Smuzhiyun                                 proxy */
34*4882a593Smuzhiyun     data->req.ignorebody = FALSE;
35*4882a593Smuzhiyundiff --git a/lib/url.c b/lib/url.c
36*4882a593Smuzhiyunindex 690c53c81a3c1..be5ffca2d8b20 100644
37*4882a593Smuzhiyun--- a/lib/url.c
38*4882a593Smuzhiyun+++ b/lib/url.c
39*4882a593Smuzhiyun@@ -751,15 +751,6 @@ static void conn_shutdown(struct Curl_easy *data, struct connectdata *conn)
40*4882a593Smuzhiyun   DEBUGASSERT(data);
41*4882a593Smuzhiyun   infof(data, "Closing connection %ld", conn->connection_id);
42*4882a593Smuzhiyun
43*4882a593Smuzhiyun-#ifndef USE_HYPER
44*4882a593Smuzhiyun-  if(conn->connect_state && conn->connect_state->prot_save) {
45*4882a593Smuzhiyun-    /* If this was closed with a CONNECT in progress, cleanup this temporary
46*4882a593Smuzhiyun-       struct arrangement */
47*4882a593Smuzhiyun-    data->req.p.http = NULL;
48*4882a593Smuzhiyun-    Curl_safefree(conn->connect_state->prot_save);
49*4882a593Smuzhiyun-  }
50*4882a593Smuzhiyun-#endif
51*4882a593Smuzhiyun-
52*4882a593Smuzhiyun   /* possible left-overs from the async name resolvers */
53*4882a593Smuzhiyun   Curl_resolver_cancel(data);
54