summaryrefslogtreecommitdiffstats
path: root/curl-7.15.5-CVE-2011-2192.patch
diff options
context:
space:
mode:
Diffstat (limited to 'curl-7.15.5-CVE-2011-2192.patch')
-rw-r--r--curl-7.15.5-CVE-2011-2192.patch30
1 files changed, 30 insertions, 0 deletions
diff --git a/curl-7.15.5-CVE-2011-2192.patch b/curl-7.15.5-CVE-2011-2192.patch
new file mode 100644
index 0000000..6d36cdc
--- /dev/null
+++ b/curl-7.15.5-CVE-2011-2192.patch
@@ -0,0 +1,30 @@
+From b9c6df58e821977a0be886f6847311a4ffc7124e Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Wed, 8 Jun 2011 00:10:26 +0200
+Subject: [PATCH] Curl_input_negotiate: do not delegate GSSAPI credentials
+
+This is a security flaw. See curl advisory 20110623 for details.
+
+Reported by: Richard Silverman
+
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/http_negotiate.c | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c
+index 08064d6..4015e2f 100644
+--- a/lib/http_negotiate.c
++++ b/lib/http_negotiate.c
+@@ -216,7 +216,7 @@ int Curl_input_negotiate(struct connectdata *conn, char *header)
+ &neg_ctx->context,
+ neg_ctx->server_name,
+ GSS_C_NO_OID,
+- GSS_C_DELEG_FLAG,
++ 0,
+ 0,
+ GSS_C_NO_CHANNEL_BINDINGS,
+ &input_token,
+--
+1.7.4.4
+
generated by cgit (git 2.34.1) at 2024-05-17 13:24:57 +0000