mirror of
https://git.yoctoproject.org/poky
synced 2026-05-07 16:59:22 +00:00
curl: patch CVE-2026-3783
pick patches from ubuntu per [1] [1] http://archive.ubuntu.com/ubuntu/pool/main/c/curl/curl_8.5.0-2ubuntu10.8.debian.tar.xz [2] https://ubuntu.com/security/CVE-2026-3783 [3] https://curl.se/docs/CVE-2026-3783.html (From OE-Core rev: f09125ca033126260c3d66daaa04fffb0d1480f3) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev>
This commit is contained in:
Vijay Anusuri
committed by
Paul Barker
Paul Barker
parent
5f9abb1613
commit
28794dd766
@@ -0,0 +1,153 @@
|
||||
From e3d7401a32a46516c9e5ee877e613e62ed35bddc Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Fri, 6 Mar 2026 23:13:07 +0100
|
||||
Subject: [PATCH] http: only send bearer if auth is allowed
|
||||
|
||||
Verify with test 2006
|
||||
|
||||
Closes #20843
|
||||
|
||||
Upstream-Status: Backport [https://github.com/curl/curl/commit/e3d7401a32a46516c9e5ee877]
|
||||
Backported by Ubuntu team http://archive.ubuntu.com/ubuntu/pool/main/c/curl/curl_8.5.0-2ubuntu10.8.debian.tar.xz
|
||||
|
||||
CVE: CVE-2026-3783
|
||||
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
|
||||
---
|
||||
lib/http.c | 1 +
|
||||
tests/data/Makefile.inc | 2 +-
|
||||
tests/data/test2006 | 98 +++++++++++++++++++++++++++++++++++++++++
|
||||
3 files changed, 100 insertions(+), 1 deletion(-)
|
||||
create mode 100644 tests/data/test2006
|
||||
|
||||
diff --git a/lib/http.c b/lib/http.c
|
||||
index a764d3c..b80bebf 100644
|
||||
--- a/lib/http.c
|
||||
+++ b/lib/http.c
|
||||
@@ -673,6 +673,7 @@ output_auth_headers(struct Curl_easy *data,
|
||||
if(authstatus->picked == CURLAUTH_BEARER) {
|
||||
/* Bearer */
|
||||
if((!proxy && data->set.str[STRING_BEARER] &&
|
||||
+ Curl_auth_allowed_to_host(data) &&
|
||||
!Curl_checkheaders(data, STRCONST("Authorization")))) {
|
||||
auth = "Bearer";
|
||||
result = http_output_bearer(data);
|
||||
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
|
||||
index 4c2cd52..9fb9274 100644
|
||||
--- a/tests/data/Makefile.inc
|
||||
+++ b/tests/data/Makefile.inc
|
||||
@@ -230,7 +230,7 @@ test1941 test1942 test1943 test1944 test1945 test1946 test1947 test1948 \
|
||||
test1955 test1956 test1957 test1958 test1959 test1960 test1964 \
|
||||
test1970 test1971 test1972 test1973 test1974 test1975 \
|
||||
\
|
||||
-test2000 test2001 test2002 test2003 test2004 test2005 \
|
||||
+test2000 test2001 test2002 test2003 test2004 test2005 test2006 \
|
||||
\
|
||||
test2023 \
|
||||
test2024 test2025 test2026 test2027 test2028 test2029 test2030 test2031 \
|
||||
diff --git a/tests/data/test2006 b/tests/data/test2006
|
||||
new file mode 100644
|
||||
index 0000000..4b8b269
|
||||
--- /dev/null
|
||||
+++ b/tests/data/test2006
|
||||
@@ -0,0 +1,98 @@
|
||||
+<?xml version="1.0" encoding="US-ASCII"?>
|
||||
+<testcase>
|
||||
+<info>
|
||||
+<keywords>
|
||||
+netrc
|
||||
+HTTP
|
||||
+</keywords>
|
||||
+</info>
|
||||
+# Server-side
|
||||
+<reply>
|
||||
+<data crlf="yes">
|
||||
+HTTP/1.1 301 Follow this you fool
|
||||
+Date: Tue, 09 Nov 2010 14:49:00 GMT
|
||||
+Server: test-server/fake
|
||||
+Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
|
||||
+ETag: "21025-dc7-39462498"
|
||||
+Accept-Ranges: bytes
|
||||
+Content-Length: 6
|
||||
+Connection: close
|
||||
+Location: http://b.com/%TESTNUMBER0002
|
||||
+
|
||||
+-foo-
|
||||
+</data>
|
||||
+
|
||||
+<data2 crlf="yes">
|
||||
+HTTP/1.1 200 OK
|
||||
+Date: Tue, 09 Nov 2010 14:49:00 GMT
|
||||
+Server: test-server/fake
|
||||
+Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
|
||||
+ETag: "21025-dc7-39462498"
|
||||
+Accept-Ranges: bytes
|
||||
+Content-Length: 7
|
||||
+Connection: close
|
||||
+
|
||||
+target
|
||||
+</data2>
|
||||
+
|
||||
+<datacheck crlf="yes">
|
||||
+HTTP/1.1 301 Follow this you fool
|
||||
+Date: Tue, 09 Nov 2010 14:49:00 GMT
|
||||
+Server: test-server/fake
|
||||
+Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
|
||||
+ETag: "21025-dc7-39462498"
|
||||
+Accept-Ranges: bytes
|
||||
+Content-Length: 6
|
||||
+Connection: close
|
||||
+Location: http://b.com/%TESTNUMBER0002
|
||||
+
|
||||
+HTTP/1.1 200 OK
|
||||
+Date: Tue, 09 Nov 2010 14:49:00 GMT
|
||||
+Server: test-server/fake
|
||||
+Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
|
||||
+ETag: "21025-dc7-39462498"
|
||||
+Accept-Ranges: bytes
|
||||
+Content-Length: 7
|
||||
+Connection: close
|
||||
+
|
||||
+target
|
||||
+</datacheck>
|
||||
+</reply>
|
||||
+
|
||||
+# Client-side
|
||||
+<client>
|
||||
+<server>
|
||||
+http
|
||||
+</server>
|
||||
+<features>
|
||||
+proxy
|
||||
+</features>
|
||||
+<name>
|
||||
+.netrc default with redirect plus oauth2-bearer
|
||||
+</name>
|
||||
+<command>
|
||||
+--netrc --netrc-file %LOGDIR/netrc%TESTNUMBER --oauth2-bearer SECRET_TOKEN -L -x http://%HOSTIP:%HTTPPORT/ http://a.com/
|
||||
+</command>
|
||||
+<file name="%LOGDIR/netrc%TESTNUMBER" >
|
||||
+default login testuser password testpass
|
||||
+</file>
|
||||
+</client>
|
||||
+
|
||||
+<verify>
|
||||
+<protocol crlf="yes">
|
||||
+GET http://a.com/ HTTP/1.1
|
||||
+Host: a.com
|
||||
+Authorization: Bearer SECRET_TOKEN
|
||||
+User-Agent: curl/%VERSION
|
||||
+Accept: */*
|
||||
+Proxy-Connection: Keep-Alive
|
||||
+
|
||||
+GET http://b.com/%TESTNUMBER0002 HTTP/1.1
|
||||
+Host: b.com
|
||||
+User-Agent: curl/%VERSION
|
||||
+Accept: */*
|
||||
+Proxy-Connection: Keep-Alive
|
||||
+
|
||||
+</protocol>
|
||||
+</verify>
|
||||
+</testcase>
|
||||
--
|
||||
2.43.0
|
||||
|
||||
@@ -34,6 +34,7 @@ SRC_URI = " \
|
||||
file://CVE-2025-15224.patch \
|
||||
file://CVE-2026-1965-1.patch \
|
||||
file://CVE-2026-1965-2.patch \
|
||||
file://CVE-2026-3783.patch \
|
||||
"
|
||||
|
||||
SRC_URI:append:class-nativesdk = " \
|
||||
|
||||
Reference in New Issue
Block a user