moparisthebest
/
curl
mirror of https://github.com/moparisthebest/curl
1
0
Fork 0
Code Issues Releases Wiki Activity

schannel: don't use static to store selected ciphers 

CVE-2021-22897

Bug: https://curl.se/docs/CVE-2021-22897.html
This commit is contained in:
Daniel Stenberg 2021-04-23 10:54:10 +02:00
parent b03b82a85f
commit bbb71507b7
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
2 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
lib/vtls/schannel.c
View File

@ -328,12 +328,12 @@ get_alg_id_by_name(char *name)
}
static CURLcode
set_ssl_ciphers(SCHANNEL_CRED *schannel_cred, char *ciphers)
set_ssl_ciphers(SCHANNEL_CRED *schannel_cred, char *ciphers,
int *algIds)
{
char *startCur = ciphers;
int algCount = 0;
static ALG_ID algIds[45]; /*There are 45 listed in the MS headers*/
while(startCur && (0 != *startCur) && (algCount < 45)) {
while(startCur && (0 != *startCur) && (algCount < NUMOF_CIPHERS)) {
long alg = strtol(startCur, 0, 0);
if(!alg)
alg = get_alg_id_by_name(startCur);
@ -593,7 +593,8 @@ schannel_connect_step1(struct Curl_easy *data, struct connectdata *conn,
}
if(SSL_CONN_CONFIG(cipher_list)) {
result = set_ssl_ciphers(&schannel_cred, SSL_CONN_CONFIG(cipher_list));
result = set_ssl_ciphers(&schannel_cred, SSL_CONN_CONFIG(cipher_list),
BACKEND->algIds);
if(CURLE_OK != result) {
failf(data, "Unable to set ciphers to passed via SSL_CONN_CONFIG");
return result;

3
lib/vtls/schannel.h
View File

@ -71,6 +71,8 @@ CURLcode Curl_verify_certificate(struct Curl_easy *data,
#endif
#endif
#define NUMOF_CIPHERS 45 /* There are 45 listed in the MS headers */
struct Curl_schannel_cred {
CredHandle cred_handle;
TimeStamp time_stamp;
@ -102,6 +104,7 @@ struct ssl_backend_data {
#ifdef HAS_MANUAL_VERIFY_API
bool use_manual_cred_validation; /* true if manual cred validation is used */
#endif
ALG_ID algIds[NUMOF_CIPHERS];
};
#endif /* EXPOSE_SCHANNEL_INTERNAL_STRUCTS */