[PATCH] url: only reuse connections with same GSS delegation

Reported-by: Harry Sintonen
Closes #10731

Gbp-Pq: Name CVE-2023-27536.patch

diff --git a/lib/url.c b/lib/url.c
index 6edb129e06e1aaab3d28b4d3cbf18d2ed4646970..6900f11c760b5c20a04f097555e80896c993bb5a 100644 (file)
--- a/lib/url.c
+++ b/lib/url.c
@@ -1291,6 +1291,11 @@ ConnectionExists(struct Curl_easy *data,
         }
       }
 
+      /* GSS delegation differences do not actually affect every connection
+         and auth method, but this check takes precaution before efficiency */
+      if(needle->gssapi_delegation != check->gssapi_delegation)
+        continue;
+
       /* If multiplexing isn't enabled on the h2 connection and h1 is
          explicitly requested, handle it: */
       if((needle->handler->protocol & PROTO_FAMILY_HTTP) &&
@@ -1602,6 +1607,7 @@ static struct connectdata *allocate_conn(struct Curl_easy *data)
   conn->fclosesocket = data->set.fclosesocket;
   conn->closesocket_client = data->set.closesocket_client;
   conn->lastused = Curl_now(); /* used now */
+  conn->gssapi_delegation = data->set.gssapi_delegation;
 
   return conn;
   error:

diff --git a/lib/urldata.h b/lib/urldata.h
index 8bd6da7ab5cf3ee06400f6a1b2046fbdff4bf43f..6a639473c0b6ddff6384257db21ed9d3ba402162 100644 (file)
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -1057,6 +1057,7 @@ struct connectdata {
   unsigned char ip_version; /* copied from the Curl_easy at creation time */
   unsigned char httpversion; /* the HTTP version*10 reported by the server */
   unsigned char connect_only;
+  unsigned char gssapi_delegation; /* inherited from set.gssapi_delegation */
 };
 
 /* The end of connectdata. */