|
Last change
on this file since 1922 was
1922,
checked in by geofft, 12 years ago
|
|
Patch curl for CVE-2011-2192: do not delegate tickets over HTTP
|
|
File size:
1.0 KB
|
| Rev | Line | |
|---|
| [1922] | 1 | From a4be0864ba953b3317ece66bf8c2332ea74a4715 Mon Sep 17 00:00:00 2001 |
|---|
| 2 | From: Daniel Stenberg <daniel@haxx.se> |
|---|
| 3 | Date: Wed, 8 Jun 2011 00:10:26 +0200 |
|---|
| 4 | Subject: [PATCH] Curl_input_negotiate: do not delegate credentials |
|---|
| 5 | |
|---|
| 6 | This is a security flaw. See curl advisory 201106xx for details. |
|---|
| 7 | |
|---|
| 8 | Reported by: Richard Silverman |
|---|
| 9 | --- |
|---|
| 10 | lib/http_negotiate.c | 2 +- |
|---|
| 11 | 1 files changed, 1 insertions(+), 1 deletions(-) |
|---|
| 12 | |
|---|
| 13 | diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c |
|---|
| 14 | index 202d69e..5127e64 100644 |
|---|
| 15 | --- a/lib/http_negotiate.c |
|---|
| 16 | +++ b/lib/http_negotiate.c |
|---|
| 17 | @@ -243,7 +243,7 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy, |
|---|
| 18 | &neg_ctx->context, |
|---|
| 19 | neg_ctx->server_name, |
|---|
| 20 | GSS_C_NO_OID, |
|---|
| 21 | - GSS_C_DELEG_FLAG, |
|---|
| 22 | + 0, |
|---|
| 23 | 0, |
|---|
| 24 | GSS_C_NO_CHANNEL_BINDINGS, |
|---|
| 25 | &input_token, |
|---|
| 26 | -- |
|---|
| 27 | 1.7.5.3 |
|---|
| 28 | |
|---|
Note: See
TracBrowser
for help on using the repository browser.
