From 7d5583e6671e55dd5a881ca8a74457c2a2c6d833 Mon Sep 17 00:00:00 2001
From: Daniel Gustafsson <daniel@yesql.se>
Date: Tue, 27 Feb 2024 15:43:56 +0100
Subject: [PATCH] [PATCH] setopt: Fix disabling all protocols

When disabling all protocols without enabling any, the resulting
set of allowed protocols remained the default set.  Clearing the
allowed set before inspecting the passed value from --proto make
the set empty even in the errorpath of no protocols enabled.

Co-authored-by: Dan Fandrich <dan@telarity.com>
Reported-by: Dan Fandrich <dan@telarity.com>
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Closes: #13004

Backported by: Guilherme Puida Moreira <guilherme@puida.xyz>
 * Small change in the Makefile to add a new test.


Gbp-Pq: Name CVE-2024-2004.patch
---
 lib/setopt.c            | 16 ++++++++--------
 tests/data/Makefile.inc |  1 +
 tests/data/test1474     | 42 +++++++++++++++++++++++++++++++++++++++++
 3 files changed, 51 insertions(+), 8 deletions(-)
 create mode 100644 tests/data/test1474

diff --git a/lib/setopt.c b/lib/setopt.c
index d7572209..8862e0ce 100644
--- a/lib/setopt.c
+++ b/lib/setopt.c
@@ -150,6 +150,12 @@ static CURLcode setstropt_userpwd(char *option, char **userp, char **passwdp)
 
 static CURLcode protocol2num(const char *str, curl_prot_t *val)
 {
+  /*
+   * We are asked to cherry-pick protocols, so play it safe and disallow all
+   * protocols to start with, and re-add the wanted ones back in.
+   */
+  *val = 0;
+
   if(!str)
     return CURLE_BAD_FUNCTION_ARGUMENT;
 
@@ -158,8 +164,6 @@ static CURLcode protocol2num(const char *str, curl_prot_t *val)
     return CURLE_OK;
   }
 
-  *val = 0;
-
   do {
     const char *token = str;
     size_t tlen;
@@ -2666,22 +2670,18 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
     break;
 
   case CURLOPT_PROTOCOLS_STR: {
-    curl_prot_t prot;
     argptr = va_arg(param, char *);
-    result = protocol2num(argptr, &prot);
+    result = protocol2num(argptr, &data->set.allowed_protocols);
     if(result)
       return result;
-    data->set.allowed_protocols = prot;
     break;
   }
 
   case CURLOPT_REDIR_PROTOCOLS_STR: {
-    curl_prot_t prot;
     argptr = va_arg(param, char *);
-    result = protocol2num(argptr, &prot);
+    result = protocol2num(argptr, &data->set.redir_protocols);
     if(result)
       return result;
-    data->set.redir_protocols = prot;
     break;
   }
 
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index f89ed3bc..0a5f97d1 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -186,6 +186,7 @@ test1440 test1441 test1442 test1443 test1444 test1445 test1446 test1447 \
 test1448 test1449 test1450 test1451 test1452 test1453 test1454 test1455 \
 test1456 test1457 test1458 test1459 test1460 test1461 test1462 test1463 \
 test1464 test1465 test1466 test1467 test1468 test1469 \
+test1474 \
 \
 test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 \
 test1508 test1509 test1510 test1511 test1512 test1513 test1514 test1515 \
diff --git a/tests/data/test1474 b/tests/data/test1474
new file mode 100644
index 00000000..c66fa281
--- /dev/null
+++ b/tests/data/test1474
@@ -0,0 +1,42 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+--proto
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<data>
+</data>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+none
+</server>
+<features>
+http
+</features>
+<name>
+--proto -all disables all protocols
+</name>
+<command>
+--proto -all http://%HOSTIP:%NOLISTENPORT/%TESTNUMBER
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+# 1 - Protocol "http" disabled
+<errorcode>
+1
+</errorcode>
+</verify>
+</testcase>
-- 
2.30.2