schannel: don't use static to store selected ciphers

CVE-2021-22897

Bug: https://curl.se/docs/CVE-2021-22897.html
This commit is contained in:
Daniel Stenberg 2021-04-23 10:54:10 +02:00
parent b03b82a85f
commit bbb71507b7
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
2 changed files with 8 additions and 4 deletions

View File

@ -328,12 +328,12 @@ get_alg_id_by_name(char *name)
} }
static CURLcode static CURLcode
set_ssl_ciphers(SCHANNEL_CRED *schannel_cred, char *ciphers) set_ssl_ciphers(SCHANNEL_CRED *schannel_cred, char *ciphers,
int *algIds)
{ {
char *startCur = ciphers; char *startCur = ciphers;
int algCount = 0; int algCount = 0;
static ALG_ID algIds[45]; /*There are 45 listed in the MS headers*/ while(startCur && (0 != *startCur) && (algCount < NUMOF_CIPHERS)) {
while(startCur && (0 != *startCur) && (algCount < 45)) {
long alg = strtol(startCur, 0, 0); long alg = strtol(startCur, 0, 0);
if(!alg) if(!alg)
alg = get_alg_id_by_name(startCur); alg = get_alg_id_by_name(startCur);
@ -593,7 +593,8 @@ schannel_connect_step1(struct Curl_easy *data, struct connectdata *conn,
} }
if(SSL_CONN_CONFIG(cipher_list)) { if(SSL_CONN_CONFIG(cipher_list)) {
result = set_ssl_ciphers(&schannel_cred, SSL_CONN_CONFIG(cipher_list)); result = set_ssl_ciphers(&schannel_cred, SSL_CONN_CONFIG(cipher_list),
BACKEND->algIds);
if(CURLE_OK != result) { if(CURLE_OK != result) {
failf(data, "Unable to set ciphers to passed via SSL_CONN_CONFIG"); failf(data, "Unable to set ciphers to passed via SSL_CONN_CONFIG");
return result; return result;

View File

@ -71,6 +71,8 @@ CURLcode Curl_verify_certificate(struct Curl_easy *data,
#endif #endif
#endif #endif
#define NUMOF_CIPHERS 45 /* There are 45 listed in the MS headers */
struct Curl_schannel_cred { struct Curl_schannel_cred {
CredHandle cred_handle; CredHandle cred_handle;
TimeStamp time_stamp; TimeStamp time_stamp;
@ -102,6 +104,7 @@ struct ssl_backend_data {
#ifdef HAS_MANUAL_VERIFY_API #ifdef HAS_MANUAL_VERIFY_API
bool use_manual_cred_validation; /* true if manual cred validation is used */ bool use_manual_cred_validation; /* true if manual cred validation is used */
#endif #endif
ALG_ID algIds[NUMOF_CIPHERS];
}; };
#endif /* EXPOSE_SCHANNEL_INTERNAL_STRUCTS */ #endif /* EXPOSE_SCHANNEL_INTERNAL_STRUCTS */