|
 |
b97401 |
From c8210a16e8b61704da7bbf4bb0992ecbb1c7746d Mon Sep 17 00:00:00 2001
|
|
|
b97401 |
From: Daniel Stenberg <daniel@haxx.se>
|
|
|
b97401 |
Date: Mon, 17 May 2021 08:54:00 +0200
|
|
|
b97401 |
Subject: [PATCH 1/3] conn: add 'attach' to protocol handler, make libssh2 use
|
|
|
b97401 |
it
|
|
|
b97401 |
|
|
|
b97401 |
The libssh2 backend has SSH session associated with the connection but
|
|
|
b97401 |
the callback context is the easy handle, so when a connection gets
|
|
|
b97401 |
attached to a transfer, the protocol handler now allows for a custom
|
|
|
b97401 |
function to get used to set things up correctly.
|
|
|
b97401 |
|
|
|
b97401 |
Reported-by: Michael O'Farrell
|
|
|
b97401 |
Fixes #6898
|
|
|
b97401 |
Closes #7078
|
|
|
b97401 |
|
|
|
b97401 |
Upstream-commit: 0c55fbab45bedb761766109d41c3da49c4bc66c6
|
|
|
b97401 |
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
|
|
b97401 |
---
|
|
|
b97401 |
lib/curl_rtmp.c | 6 ++++++
|
|
|
b97401 |
lib/dict.c | 1 +
|
|
|
b97401 |
lib/file.c | 1 +
|
|
|
b97401 |
lib/ftp.c | 2 ++
|
|
|
b97401 |
lib/gopher.c | 2 ++
|
|
|
b97401 |
lib/http.c | 2 ++
|
|
|
b97401 |
lib/http2.c | 2 ++
|
|
|
b97401 |
lib/imap.c | 2 ++
|
|
|
b97401 |
lib/ldap.c | 2 ++
|
|
|
b97401 |
lib/mqtt.c | 1 +
|
|
|
b97401 |
lib/multi.c | 2 ++
|
|
|
b97401 |
lib/openldap.c | 2 ++
|
|
|
b97401 |
lib/pop3.c | 2 ++
|
|
|
b97401 |
lib/rtsp.c | 1 +
|
|
|
b97401 |
lib/smb.c | 2 ++
|
|
|
b97401 |
lib/smtp.c | 2 ++
|
|
|
b97401 |
lib/telnet.c | 1 +
|
|
|
b97401 |
lib/tftp.c | 1 +
|
|
|
b97401 |
lib/url.c | 1 +
|
|
|
b97401 |
lib/urldata.h | 4 ++++
|
|
|
b97401 |
lib/vssh/libssh.c | 2 ++
|
|
|
b97401 |
lib/vssh/libssh2.c | 20 ++++++++++++++++++++
|
|
|
b97401 |
lib/vssh/ssh.h | 3 +++
|
|
|
b97401 |
lib/vssh/wolfssh.c | 2 ++
|
|
|
b97401 |
24 files changed, 66 insertions(+)
|
|
|
b97401 |
|
|
|
b97401 |
diff --git a/lib/curl_rtmp.c b/lib/curl_rtmp.c
|
|
|
b97401 |
index 1360f33..2fa0267 100644
|
|
|
b97401 |
--- a/lib/curl_rtmp.c
|
|
|
b97401 |
+++ b/lib/curl_rtmp.c
|
|
|
b97401 |
@@ -79,6 +79,7 @@ const struct Curl_handler Curl_handler_rtmp = {
|
|
|
b97401 |
rtmp_disconnect, /* disconnect */
|
|
|
b97401 |
ZERO_NULL, /* readwrite */
|
|
|
b97401 |
ZERO_NULL, /* connection_check */
|
|
|
b97401 |
+ ZERO_NULL, /* attach connection */
|
|
|
b97401 |
PORT_RTMP, /* defport */
|
|
|
b97401 |
CURLPROTO_RTMP, /* protocol */
|
|
|
b97401 |
CURLPROTO_RTMP, /* family */
|
|
|
b97401 |
@@ -101,6 +102,7 @@ const struct Curl_handler Curl_handler_rtmpt = {
|
|
|
b97401 |
rtmp_disconnect, /* disconnect */
|
|
|
b97401 |
ZERO_NULL, /* readwrite */
|
|
|
b97401 |
ZERO_NULL, /* connection_check */
|
|
|
b97401 |
+ ZERO_NULL, /* attach connection */
|
|
|
b97401 |
PORT_RTMPT, /* defport */
|
|
|
b97401 |
CURLPROTO_RTMPT, /* protocol */
|
|
|
b97401 |
CURLPROTO_RTMPT, /* family */
|
|
|
b97401 |
@@ -123,6 +125,7 @@ const struct Curl_handler Curl_handler_rtmpe = {
|
|
|
b97401 |
rtmp_disconnect, /* disconnect */
|
|
|
b97401 |
ZERO_NULL, /* readwrite */
|
|
|
b97401 |
ZERO_NULL, /* connection_check */
|
|
|
b97401 |
+ ZERO_NULL, /* attach connection */
|
|
|
b97401 |
PORT_RTMP, /* defport */
|
|
|
b97401 |
CURLPROTO_RTMPE, /* protocol */
|
|
|
b97401 |
CURLPROTO_RTMPE, /* family */
|
|
|
b97401 |
@@ -145,6 +148,7 @@ const struct Curl_handler Curl_handler_rtmpte = {
|
|
|
b97401 |
rtmp_disconnect, /* disconnect */
|
|
|
b97401 |
ZERO_NULL, /* readwrite */
|
|
|
b97401 |
ZERO_NULL, /* connection_check */
|
|
|
b97401 |
+ ZERO_NULL, /* attach connection */
|
|
|
b97401 |
PORT_RTMPT, /* defport */
|
|
|
b97401 |
CURLPROTO_RTMPTE, /* protocol */
|
|
|
b97401 |
CURLPROTO_RTMPTE, /* family */
|
|
|
b97401 |
@@ -167,6 +171,7 @@ const struct Curl_handler Curl_handler_rtmps = {
|
|
|
b97401 |
rtmp_disconnect, /* disconnect */
|
|
|
b97401 |
ZERO_NULL, /* readwrite */
|
|
|
b97401 |
ZERO_NULL, /* connection_check */
|
|
|
b97401 |
+ ZERO_NULL, /* attach connection */
|
|
|
b97401 |
PORT_RTMPS, /* defport */
|
|
|
b97401 |
CURLPROTO_RTMPS, /* protocol */
|
|
|
b97401 |
CURLPROTO_RTMP, /* family */
|
|
|
b97401 |
@@ -189,6 +194,7 @@ const struct Curl_handler Curl_handler_rtmpts = {
|
|
|
b97401 |
rtmp_disconnect, /* disconnect */
|
|
|
b97401 |
ZERO_NULL, /* readwrite */
|
|
|
b97401 |
ZERO_NULL, /* connection_check */
|
|
|
b97401 |
+ ZERO_NULL, /* attach connection */
|
|
|
b97401 |
PORT_RTMPS, /* defport */
|
|
|
b97401 |
CURLPROTO_RTMPTS, /* protocol */
|
|
|
b97401 |
CURLPROTO_RTMPT, /* family */
|
|
|
b97401 |
diff --git a/lib/dict.c b/lib/dict.c
|
|
|
b97401 |
index 4319dad..7b27f79 100644
|
|
|
b97401 |
--- a/lib/dict.c
|
|
|
b97401 |
+++ b/lib/dict.c
|
|
|
b97401 |
@@ -89,6 +89,7 @@ const struct Curl_handler Curl_handler_dict = {
|
|
|
b97401 |
ZERO_NULL, /* disconnect */
|
|
|
b97401 |
ZERO_NULL, /* readwrite */
|
|
|
b97401 |
ZERO_NULL, /* connection_check */
|
|
|
b97401 |
+ ZERO_NULL, /* attach connection */
|
|
|
b97401 |
PORT_DICT, /* defport */
|
|
|
b97401 |
CURLPROTO_DICT, /* protocol */
|
|
|
b97401 |
CURLPROTO_DICT, /* family */
|
|
|
b97401 |
diff --git a/lib/file.c b/lib/file.c
|
|
|
b97401 |
index 1d174e5..10d8f05 100644
|
|
|
b97401 |
--- a/lib/file.c
|
|
|
b97401 |
+++ b/lib/file.c
|
|
|
b97401 |
@@ -111,6 +111,7 @@ const struct Curl_handler Curl_handler_file = {
|
|
|
b97401 |
file_disconnect, /* disconnect */
|
|
|
b97401 |
ZERO_NULL, /* readwrite */
|
|
|
b97401 |
ZERO_NULL, /* connection_check */
|
|
|
b97401 |
+ ZERO_NULL, /* attach connection */
|
|
|
b97401 |
0, /* defport */
|
|
|
b97401 |
CURLPROTO_FILE, /* protocol */
|
|
|
b97401 |
CURLPROTO_FILE, /* family */
|
|
|
b97401 |
diff --git a/lib/ftp.c b/lib/ftp.c
|
|
|
b97401 |
index 5bf44f1..5ef1e2e 100644
|
|
|
b97401 |
--- a/lib/ftp.c
|
|
|
b97401 |
+++ b/lib/ftp.c
|
|
|
b97401 |
@@ -175,6 +175,7 @@ const struct Curl_handler Curl_handler_ftp = {
|
|
|
b97401 |
ftp_disconnect, /* disconnect */
|
|
|
b97401 |
ZERO_NULL, /* readwrite */
|
|
|
b97401 |
ZERO_NULL, /* connection_check */
|
|
|
b97401 |
+ ZERO_NULL, /* attach connection */
|
|
|
b97401 |
PORT_FTP, /* defport */
|
|
|
b97401 |
CURLPROTO_FTP, /* protocol */
|
|
|
b97401 |
CURLPROTO_FTP, /* family */
|
|
|
b97401 |
@@ -205,6 +206,7 @@ const struct Curl_handler Curl_handler_ftps = {
|
|
|
b97401 |
ftp_disconnect, /* disconnect */
|
|
|
b97401 |
ZERO_NULL, /* readwrite */
|
|
|
b97401 |
ZERO_NULL, /* connection_check */
|
|
|
b97401 |
+ ZERO_NULL, /* attach connection */
|
|
|
b97401 |
PORT_FTPS, /* defport */
|
|
|
b97401 |
CURLPROTO_FTPS, /* protocol */
|
|
|
b97401 |
CURLPROTO_FTP, /* family */
|
|
|
b97401 |
diff --git a/lib/gopher.c b/lib/gopher.c
|
|
|
b97401 |
index a39cc7e..f61232f 100644
|
|
|
b97401 |
--- a/lib/gopher.c
|
|
|
b97401 |
+++ b/lib/gopher.c
|
|
|
b97401 |
@@ -74,6 +74,7 @@ const struct Curl_handler Curl_handler_gopher = {
|
|
|
b97401 |
ZERO_NULL, /* disconnect */
|
|
|
b97401 |
ZERO_NULL, /* readwrite */
|
|
|
b97401 |
ZERO_NULL, /* connection_check */
|
|
|
b97401 |
+ ZERO_NULL, /* attach connection */
|
|
|
b97401 |
PORT_GOPHER, /* defport */
|
|
|
b97401 |
CURLPROTO_GOPHER, /* protocol */
|
|
|
b97401 |
CURLPROTO_GOPHER, /* family */
|
|
|
b97401 |
@@ -97,6 +98,7 @@ const struct Curl_handler Curl_handler_gophers = {
|
|
|
b97401 |
ZERO_NULL, /* disconnect */
|
|
|
b97401 |
ZERO_NULL, /* readwrite */
|
|
|
b97401 |
ZERO_NULL, /* connection_check */
|
|
|
b97401 |
+ ZERO_NULL, /* attach connection */
|
|
|
b97401 |
PORT_GOPHER, /* defport */
|
|
|
b97401 |
CURLPROTO_GOPHERS, /* protocol */
|
|
|
b97401 |
CURLPROTO_GOPHER, /* family */
|
|
|
b97401 |
diff --git a/lib/http.c b/lib/http.c
|
|
|
b97401 |
index 02c81c4..91da200 100644
|
|
|
b97401 |
--- a/lib/http.c
|
|
|
b97401 |
+++ b/lib/http.c
|
|
|
b97401 |
@@ -133,6 +133,7 @@ const struct Curl_handler Curl_handler_http = {
|
|
|
b97401 |
ZERO_NULL, /* disconnect */
|
|
|
b97401 |
ZERO_NULL, /* readwrite */
|
|
|
b97401 |
ZERO_NULL, /* connection_check */
|
|
|
b97401 |
+ ZERO_NULL, /* attach connection */
|
|
|
b97401 |
PORT_HTTP, /* defport */
|
|
|
b97401 |
CURLPROTO_HTTP, /* protocol */
|
|
|
b97401 |
CURLPROTO_HTTP, /* family */
|
|
|
b97401 |
@@ -160,6 +161,7 @@ const struct Curl_handler Curl_handler_https = {
|
|
|
b97401 |
ZERO_NULL, /* disconnect */
|
|
|
b97401 |
ZERO_NULL, /* readwrite */
|
|
|
b97401 |
ZERO_NULL, /* connection_check */
|
|
|
b97401 |
+ ZERO_NULL, /* attach connection */
|
|
|
b97401 |
PORT_HTTPS, /* defport */
|
|
|
b97401 |
CURLPROTO_HTTPS, /* protocol */
|
|
|
b97401 |
CURLPROTO_HTTP, /* family */
|
|
|
b97401 |
diff --git a/lib/http2.c b/lib/http2.c
|
|
|
b97401 |
index d0f69ea..1eb4e89 100644
|
|
|
b97401 |
--- a/lib/http2.c
|
|
|
b97401 |
+++ b/lib/http2.c
|
|
|
b97401 |
@@ -319,6 +319,7 @@ static const struct Curl_handler Curl_handler_http2 = {
|
|
|
b97401 |
http2_disconnect, /* disconnect */
|
|
|
b97401 |
ZERO_NULL, /* readwrite */
|
|
|
b97401 |
http2_conncheck, /* connection_check */
|
|
|
b97401 |
+ ZERO_NULL, /* attach connection */
|
|
|
b97401 |
PORT_HTTP, /* defport */
|
|
|
b97401 |
CURLPROTO_HTTP, /* protocol */
|
|
|
b97401 |
CURLPROTO_HTTP, /* family */
|
|
|
b97401 |
@@ -341,6 +342,7 @@ static const struct Curl_handler Curl_handler_http2_ssl = {
|
|
|
b97401 |
http2_disconnect, /* disconnect */
|
|
|
b97401 |
ZERO_NULL, /* readwrite */
|
|
|
b97401 |
http2_conncheck, /* connection_check */
|
|
|
b97401 |
+ ZERO_NULL, /* attach connection */
|
|
|
b97401 |
PORT_HTTP, /* defport */
|
|
|
b97401 |
CURLPROTO_HTTPS, /* protocol */
|
|
|
b97401 |
CURLPROTO_HTTP, /* family */
|
|
|
b97401 |
diff --git a/lib/imap.c b/lib/imap.c
|
|
|
b97401 |
index e887357..e50d7fd 100644
|
|
|
b97401 |
--- a/lib/imap.c
|
|
|
b97401 |
+++ b/lib/imap.c
|
|
|
b97401 |
@@ -136,6 +136,7 @@ const struct Curl_handler Curl_handler_imap = {
|
|
|
b97401 |
imap_disconnect, /* disconnect */
|
|
|
b97401 |
ZERO_NULL, /* readwrite */
|
|
|
b97401 |
ZERO_NULL, /* connection_check */
|
|
|
b97401 |
+ ZERO_NULL, /* attach connection */
|
|
|
b97401 |
PORT_IMAP, /* defport */
|
|
|
b97401 |
CURLPROTO_IMAP, /* protocol */
|
|
|
b97401 |
CURLPROTO_IMAP, /* family */
|
|
|
b97401 |
@@ -164,6 +165,7 @@ const struct Curl_handler Curl_handler_imaps = {
|
|
|
b97401 |
imap_disconnect, /* disconnect */
|
|
|
b97401 |
ZERO_NULL, /* readwrite */
|
|
|
b97401 |
ZERO_NULL, /* connection_check */
|
|
|
b97401 |
+ ZERO_NULL, /* attach connection */
|
|
|
b97401 |
PORT_IMAPS, /* defport */
|
|
|
b97401 |
CURLPROTO_IMAPS, /* protocol */
|
|
|
b97401 |
CURLPROTO_IMAP, /* family */
|
|
|
b97401 |
diff --git a/lib/ldap.c b/lib/ldap.c
|
|
|
b97401 |
index 860a4a8..d632a7e 100644
|
|
|
b97401 |
--- a/lib/ldap.c
|
|
|
b97401 |
+++ b/lib/ldap.c
|
|
|
b97401 |
@@ -149,6 +149,7 @@ const struct Curl_handler Curl_handler_ldap = {
|
|
|
b97401 |
ZERO_NULL, /* disconnect */
|
|
|
b97401 |
ZERO_NULL, /* readwrite */
|
|
|
b97401 |
ZERO_NULL, /* connection_check */
|
|
|
b97401 |
+ ZERO_NULL, /* attach connection */
|
|
|
b97401 |
PORT_LDAP, /* defport */
|
|
|
b97401 |
CURLPROTO_LDAP, /* protocol */
|
|
|
b97401 |
CURLPROTO_LDAP, /* family */
|
|
|
b97401 |
@@ -176,6 +177,7 @@ const struct Curl_handler Curl_handler_ldaps = {
|
|
|
b97401 |
ZERO_NULL, /* disconnect */
|
|
|
b97401 |
ZERO_NULL, /* readwrite */
|
|
|
b97401 |
ZERO_NULL, /* connection_check */
|
|
|
b97401 |
+ ZERO_NULL, /* attach connection */
|
|
|
b97401 |
PORT_LDAPS, /* defport */
|
|
|
b97401 |
CURLPROTO_LDAPS, /* protocol */
|
|
|
b97401 |
CURLPROTO_LDAP, /* family */
|
|
|
b97401 |
diff --git a/lib/mqtt.c b/lib/mqtt.c
|
|
|
b97401 |
index 2134409..d88fa73 100644
|
|
|
b97401 |
--- a/lib/mqtt.c
|
|
|
b97401 |
+++ b/lib/mqtt.c
|
|
|
b97401 |
@@ -86,6 +86,7 @@ const struct Curl_handler Curl_handler_mqtt = {
|
|
|
b97401 |
ZERO_NULL, /* disconnect */
|
|
|
b97401 |
ZERO_NULL, /* readwrite */
|
|
|
b97401 |
ZERO_NULL, /* connection_check */
|
|
|
b97401 |
+ ZERO_NULL, /* attach connection */
|
|
|
b97401 |
PORT_MQTT, /* defport */
|
|
|
b97401 |
CURLPROTO_MQTT, /* protocol */
|
|
|
b97401 |
CURLPROTO_MQTT, /* family */
|
|
|
b97401 |
diff --git a/lib/multi.c b/lib/multi.c
|
|
|
b97401 |
index be3e41f..e624bc3 100644
|
|
|
b97401 |
--- a/lib/multi.c
|
|
|
b97401 |
+++ b/lib/multi.c
|
|
|
b97401 |
@@ -890,6 +890,8 @@ void Curl_attach_connnection(struct Curl_easy *data,
|
|
|
b97401 |
data->conn = conn;
|
|
|
b97401 |
Curl_llist_insert_next(&conn->easyq, conn->easyq.tail, data,
|
|
|
b97401 |
&data->conn_queue);
|
|
|
b97401 |
+ if(conn->handler->attach)
|
|
|
b97401 |
+ conn->handler->attach(data, conn);
|
|
|
b97401 |
}
|
|
|
b97401 |
|
|
|
b97401 |
static int waitconnect_getsock(struct connectdata *conn,
|
|
|
b97401 |
diff --git a/lib/openldap.c b/lib/openldap.c
|
|
|
b97401 |
index b6980c5..b515554 100644
|
|
|
b97401 |
--- a/lib/openldap.c
|
|
|
b97401 |
+++ b/lib/openldap.c
|
|
|
b97401 |
@@ -107,6 +107,7 @@ const struct Curl_handler Curl_handler_ldap = {
|
|
|
b97401 |
ldap_disconnect, /* disconnect */
|
|
|
b97401 |
ZERO_NULL, /* readwrite */
|
|
|
b97401 |
ZERO_NULL, /* connection_check */
|
|
|
b97401 |
+ ZERO_NULL, /* attach connection */
|
|
|
b97401 |
PORT_LDAP, /* defport */
|
|
|
b97401 |
CURLPROTO_LDAP, /* protocol */
|
|
|
b97401 |
CURLPROTO_LDAP, /* family */
|
|
|
b97401 |
@@ -134,6 +135,7 @@ const struct Curl_handler Curl_handler_ldaps = {
|
|
|
b97401 |
ldap_disconnect, /* disconnect */
|
|
|
b97401 |
ZERO_NULL, /* readwrite */
|
|
|
b97401 |
ZERO_NULL, /* connection_check */
|
|
|
b97401 |
+ ZERO_NULL, /* attach connection */
|
|
|
b97401 |
PORT_LDAPS, /* defport */
|
|
|
b97401 |
CURLPROTO_LDAPS, /* protocol */
|
|
|
b97401 |
CURLPROTO_LDAP, /* family */
|
|
|
b97401 |
diff --git a/lib/pop3.c b/lib/pop3.c
|
|
|
b97401 |
index ccfebd0..6168b12 100644
|
|
|
b97401 |
--- a/lib/pop3.c
|
|
|
b97401 |
+++ b/lib/pop3.c
|
|
|
b97401 |
@@ -131,6 +131,7 @@ const struct Curl_handler Curl_handler_pop3 = {
|
|
|
b97401 |
pop3_disconnect, /* disconnect */
|
|
|
b97401 |
ZERO_NULL, /* readwrite */
|
|
|
b97401 |
ZERO_NULL, /* connection_check */
|
|
|
b97401 |
+ ZERO_NULL, /* attach connection */
|
|
|
b97401 |
PORT_POP3, /* defport */
|
|
|
b97401 |
CURLPROTO_POP3, /* protocol */
|
|
|
b97401 |
CURLPROTO_POP3, /* family */
|
|
|
b97401 |
@@ -159,6 +160,7 @@ const struct Curl_handler Curl_handler_pop3s = {
|
|
|
b97401 |
pop3_disconnect, /* disconnect */
|
|
|
b97401 |
ZERO_NULL, /* readwrite */
|
|
|
b97401 |
ZERO_NULL, /* connection_check */
|
|
|
b97401 |
+ ZERO_NULL, /* attach connection */
|
|
|
b97401 |
PORT_POP3S, /* defport */
|
|
|
b97401 |
CURLPROTO_POP3S, /* protocol */
|
|
|
b97401 |
CURLPROTO_POP3, /* family */
|
|
|
b97401 |
diff --git a/lib/rtsp.c b/lib/rtsp.c
|
|
|
b97401 |
index 3029ff5..cdd49dc 100644
|
|
|
b97401 |
--- a/lib/rtsp.c
|
|
|
b97401 |
+++ b/lib/rtsp.c
|
|
|
b97401 |
@@ -109,6 +109,7 @@ const struct Curl_handler Curl_handler_rtsp = {
|
|
|
b97401 |
rtsp_disconnect, /* disconnect */
|
|
|
b97401 |
rtsp_rtp_readwrite, /* readwrite */
|
|
|
b97401 |
rtsp_conncheck, /* connection_check */
|
|
|
b97401 |
+ ZERO_NULL, /* attach connection */
|
|
|
b97401 |
PORT_RTSP, /* defport */
|
|
|
b97401 |
CURLPROTO_RTSP, /* protocol */
|
|
|
b97401 |
CURLPROTO_RTSP, /* family */
|
|
|
b97401 |
diff --git a/lib/smb.c b/lib/smb.c
|
|
|
b97401 |
index 183bc12..9f65cfd 100644
|
|
|
b97401 |
--- a/lib/smb.c
|
|
|
b97401 |
+++ b/lib/smb.c
|
|
|
b97401 |
@@ -88,6 +88,7 @@ const struct Curl_handler Curl_handler_smb = {
|
|
|
b97401 |
smb_disconnect, /* disconnect */
|
|
|
b97401 |
ZERO_NULL, /* readwrite */
|
|
|
b97401 |
ZERO_NULL, /* connection_check */
|
|
|
b97401 |
+ ZERO_NULL, /* attach connection */
|
|
|
b97401 |
PORT_SMB, /* defport */
|
|
|
b97401 |
CURLPROTO_SMB, /* protocol */
|
|
|
b97401 |
CURLPROTO_SMB, /* family */
|
|
|
b97401 |
@@ -114,6 +115,7 @@ const struct Curl_handler Curl_handler_smbs = {
|
|
|
b97401 |
smb_disconnect, /* disconnect */
|
|
|
b97401 |
ZERO_NULL, /* readwrite */
|
|
|
b97401 |
ZERO_NULL, /* connection_check */
|
|
|
b97401 |
+ ZERO_NULL, /* attach connection */
|
|
|
b97401 |
PORT_SMBS, /* defport */
|
|
|
b97401 |
CURLPROTO_SMBS, /* protocol */
|
|
|
b97401 |
CURLPROTO_SMB, /* family */
|
|
|
b97401 |
diff --git a/lib/smtp.c b/lib/smtp.c
|
|
|
b97401 |
index be4cd67..1defb25 100644
|
|
|
b97401 |
--- a/lib/smtp.c
|
|
|
b97401 |
+++ b/lib/smtp.c
|
|
|
b97401 |
@@ -136,6 +136,7 @@ const struct Curl_handler Curl_handler_smtp = {
|
|
|
b97401 |
smtp_disconnect, /* disconnect */
|
|
|
b97401 |
ZERO_NULL, /* readwrite */
|
|
|
b97401 |
ZERO_NULL, /* connection_check */
|
|
|
b97401 |
+ ZERO_NULL, /* attach connection */
|
|
|
b97401 |
PORT_SMTP, /* defport */
|
|
|
b97401 |
CURLPROTO_SMTP, /* protocol */
|
|
|
b97401 |
CURLPROTO_SMTP, /* family */
|
|
|
b97401 |
@@ -164,6 +165,7 @@ const struct Curl_handler Curl_handler_smtps = {
|
|
|
b97401 |
smtp_disconnect, /* disconnect */
|
|
|
b97401 |
ZERO_NULL, /* readwrite */
|
|
|
b97401 |
ZERO_NULL, /* connection_check */
|
|
|
b97401 |
+ ZERO_NULL, /* attach connection */
|
|
|
b97401 |
PORT_SMTPS, /* defport */
|
|
|
b97401 |
CURLPROTO_SMTPS, /* protocol */
|
|
|
b97401 |
CURLPROTO_SMTP, /* family */
|
|
|
b97401 |
diff --git a/lib/telnet.c b/lib/telnet.c
|
|
|
b97401 |
index 4551435..fdd137f 100644
|
|
|
b97401 |
--- a/lib/telnet.c
|
|
|
b97401 |
+++ b/lib/telnet.c
|
|
|
b97401 |
@@ -185,6 +185,7 @@ const struct Curl_handler Curl_handler_telnet = {
|
|
|
b97401 |
ZERO_NULL, /* disconnect */
|
|
|
b97401 |
ZERO_NULL, /* readwrite */
|
|
|
b97401 |
ZERO_NULL, /* connection_check */
|
|
|
b97401 |
+ ZERO_NULL, /* attach connection */
|
|
|
b97401 |
PORT_TELNET, /* defport */
|
|
|
b97401 |
CURLPROTO_TELNET, /* protocol */
|
|
|
b97401 |
CURLPROTO_TELNET, /* family */
|
|
|
b97401 |
diff --git a/lib/tftp.c b/lib/tftp.c
|
|
|
b97401 |
index 76d3ff4..bf499f3 100644
|
|
|
b97401 |
--- a/lib/tftp.c
|
|
|
b97401 |
+++ b/lib/tftp.c
|
|
|
b97401 |
@@ -182,6 +182,7 @@ const struct Curl_handler Curl_handler_tftp = {
|
|
|
b97401 |
tftp_disconnect, /* disconnect */
|
|
|
b97401 |
ZERO_NULL, /* readwrite */
|
|
|
b97401 |
ZERO_NULL, /* connection_check */
|
|
|
b97401 |
+ ZERO_NULL, /* attach connection */
|
|
|
b97401 |
PORT_TFTP, /* defport */
|
|
|
b97401 |
CURLPROTO_TFTP, /* protocol */
|
|
|
b97401 |
CURLPROTO_TFTP, /* family */
|
|
|
b97401 |
diff --git a/lib/url.c b/lib/url.c
|
|
|
b97401 |
index 19fcfb8..9f2c9f2 100644
|
|
|
b97401 |
--- a/lib/url.c
|
|
|
b97401 |
+++ b/lib/url.c
|
|
|
b97401 |
@@ -292,6 +292,7 @@ static const struct Curl_handler Curl_handler_dummy = {
|
|
|
b97401 |
ZERO_NULL, /* disconnect */
|
|
|
b97401 |
ZERO_NULL, /* readwrite */
|
|
|
b97401 |
ZERO_NULL, /* connection_check */
|
|
|
b97401 |
+ ZERO_NULL, /* attach connection */
|
|
|
b97401 |
0, /* defport */
|
|
|
b97401 |
0, /* protocol */
|
|
|
b97401 |
0, /* family */
|
|
|
b97401 |
diff --git a/lib/urldata.h b/lib/urldata.h
|
|
|
b97401 |
index fec8756..2bb7d81 100644
|
|
|
b97401 |
--- a/lib/urldata.h
|
|
|
b97401 |
+++ b/lib/urldata.h
|
|
|
b97401 |
@@ -791,12 +791,16 @@ struct Curl_handler {
|
|
|
b97401 |
struct connectdata *conn,
|
|
|
b97401 |
unsigned int checks_to_perform);
|
|
|
b97401 |
|
|
|
b97401 |
+ /* attach() attaches this transfer to this connection */
|
|
|
b97401 |
+ void (*attach)(struct Curl_easy *data, struct connectdata *conn);
|
|
|
b97401 |
+
|
|
|
b97401 |
int defport; /* Default port. */
|
|
|
b97401 |
unsigned int protocol; /* See CURLPROTO_* - this needs to be the single
|
|
|
b97401 |
specific protocol bit */
|
|
|
b97401 |
unsigned int family; /* single bit for protocol family; basically the
|
|
|
b97401 |
non-TLS name of the protocol this is */
|
|
|
b97401 |
unsigned int flags; /* Extra particular characteristics, see PROTOPT_* */
|
|
|
b97401 |
+
|
|
|
b97401 |
};
|
|
|
b97401 |
|
|
|
b97401 |
#define PROTOPT_NONE 0 /* nothing extra */
|
|
|
b97401 |
diff --git a/lib/vssh/libssh.c b/lib/vssh/libssh.c
|
|
|
b97401 |
index 4644f4c..450ab28 100644
|
|
|
b97401 |
--- a/lib/vssh/libssh.c
|
|
|
b97401 |
+++ b/lib/vssh/libssh.c
|
|
|
b97401 |
@@ -159,6 +159,7 @@ const struct Curl_handler Curl_handler_scp = {
|
|
|
b97401 |
scp_disconnect, /* disconnect */
|
|
|
b97401 |
ZERO_NULL, /* readwrite */
|
|
|
b97401 |
ZERO_NULL, /* connection_check */
|
|
|
b97401 |
+ ZERO_NULL, /* attach connection */
|
|
|
b97401 |
PORT_SSH, /* defport */
|
|
|
b97401 |
CURLPROTO_SCP, /* protocol */
|
|
|
b97401 |
CURLPROTO_SCP, /* family */
|
|
|
b97401 |
@@ -185,6 +186,7 @@ const struct Curl_handler Curl_handler_sftp = {
|
|
|
b97401 |
sftp_disconnect, /* disconnect */
|
|
|
b97401 |
ZERO_NULL, /* readwrite */
|
|
|
b97401 |
ZERO_NULL, /* connection_check */
|
|
|
b97401 |
+ ZERO_NULL, /* attach connection */
|
|
|
b97401 |
PORT_SSH, /* defport */
|
|
|
b97401 |
CURLPROTO_SFTP, /* protocol */
|
|
|
b97401 |
CURLPROTO_SFTP, /* family */
|
|
|
b97401 |
diff --git a/lib/vssh/libssh2.c b/lib/vssh/libssh2.c
|
|
|
b97401 |
index 9d188d0..0a468dd 100644
|
|
|
b97401 |
--- a/lib/vssh/libssh2.c
|
|
|
b97401 |
+++ b/lib/vssh/libssh2.c
|
|
|
b97401 |
@@ -121,6 +121,7 @@ static int ssh_getsock(struct Curl_easy *data, struct connectdata *conn,
|
|
|
b97401 |
curl_socket_t *sock);
|
|
|
b97401 |
static CURLcode ssh_setup_connection(struct Curl_easy *data,
|
|
|
b97401 |
struct connectdata *conn);
|
|
|
b97401 |
+static void ssh_attach(struct Curl_easy *data, struct connectdata *conn);
|
|
|
b97401 |
|
|
|
b97401 |
/*
|
|
|
b97401 |
* SCP protocol handler.
|
|
|
b97401 |
@@ -142,6 +143,7 @@ const struct Curl_handler Curl_handler_scp = {
|
|
|
b97401 |
scp_disconnect, /* disconnect */
|
|
|
b97401 |
ZERO_NULL, /* readwrite */
|
|
|
b97401 |
ZERO_NULL, /* connection_check */
|
|
|
b97401 |
+ ssh_attach,
|
|
|
b97401 |
PORT_SSH, /* defport */
|
|
|
b97401 |
CURLPROTO_SCP, /* protocol */
|
|
|
b97401 |
CURLPROTO_SCP, /* family */
|
|
|
b97401 |
@@ -170,6 +172,7 @@ const struct Curl_handler Curl_handler_sftp = {
|
|
|
b97401 |
sftp_disconnect, /* disconnect */
|
|
|
b97401 |
ZERO_NULL, /* readwrite */
|
|
|
b97401 |
ZERO_NULL, /* connection_check */
|
|
|
b97401 |
+ ssh_attach,
|
|
|
b97401 |
PORT_SSH, /* defport */
|
|
|
b97401 |
CURLPROTO_SFTP, /* protocol */
|
|
|
b97401 |
CURLPROTO_SFTP, /* family */
|
|
|
b97401 |
@@ -3607,4 +3610,21 @@ size_t Curl_ssh_version(char *buffer, size_t buflen)
|
|
|
b97401 |
return msnprintf(buffer, buflen, "libssh2/%s", LIBSSH2_VERSION);
|
|
|
b97401 |
}
|
|
|
b97401 |
|
|
|
b97401 |
+/* The SSH session is associated with the *CONNECTION* but the callback user
|
|
|
b97401 |
+ * pointer is an easy handle pointer. This function allows us to reassign the
|
|
|
b97401 |
+ * user pointer to the *CURRENT* (new) easy handle.
|
|
|
b97401 |
+ */
|
|
|
b97401 |
+static void ssh_attach(struct Curl_easy *data, struct connectdata *conn)
|
|
|
b97401 |
+{
|
|
|
b97401 |
+ DEBUGASSERT(data);
|
|
|
b97401 |
+ DEBUGASSERT(conn);
|
|
|
b97401 |
+ if(conn->handler->protocol & PROTO_FAMILY_SSH) {
|
|
|
b97401 |
+ struct ssh_conn *sshc = &conn->proto.sshc;
|
|
|
b97401 |
+ if(sshc->ssh_session) {
|
|
|
b97401 |
+ /* only re-attach if the session already exists */
|
|
|
b97401 |
+ void **abstract = libssh2_session_abstract(sshc->ssh_session);
|
|
|
b97401 |
+ *abstract = data;
|
|
|
b97401 |
+ }
|
|
|
b97401 |
+ }
|
|
|
b97401 |
+}
|
|
|
b97401 |
#endif /* USE_LIBSSH2 */
|
|
|
b97401 |
diff --git a/lib/vssh/ssh.h b/lib/vssh/ssh.h
|
|
|
b97401 |
index 52e1ee6..505b078 100644
|
|
|
b97401 |
--- a/lib/vssh/ssh.h
|
|
|
b97401 |
+++ b/lib/vssh/ssh.h
|
|
|
b97401 |
@@ -263,9 +263,12 @@ extern const struct Curl_handler Curl_handler_sftp;
|
|
|
b97401 |
CURLcode Curl_ssh_init(void);
|
|
|
b97401 |
void Curl_ssh_cleanup(void);
|
|
|
b97401 |
size_t Curl_ssh_version(char *buffer, size_t buflen);
|
|
|
b97401 |
+void Curl_ssh_attach(struct Curl_easy *data,
|
|
|
b97401 |
+ struct connectdata *conn);
|
|
|
b97401 |
#else
|
|
|
b97401 |
/* for non-SSH builds */
|
|
|
b97401 |
#define Curl_ssh_cleanup()
|
|
|
b97401 |
+#define Curl_ssh_attach(x,y)
|
|
|
b97401 |
#endif
|
|
|
b97401 |
|
|
|
b97401 |
#endif /* HEADER_CURL_SSH_H */
|
|
|
b97401 |
diff --git a/lib/vssh/wolfssh.c b/lib/vssh/wolfssh.c
|
|
|
b97401 |
index de0b1c7..8aa8067 100644
|
|
|
b97401 |
--- a/lib/vssh/wolfssh.c
|
|
|
b97401 |
+++ b/lib/vssh/wolfssh.c
|
|
|
b97401 |
@@ -91,6 +91,7 @@ const struct Curl_handler Curl_handler_scp = {
|
|
|
b97401 |
wscp_disconnect, /* disconnect */
|
|
|
b97401 |
ZERO_NULL, /* readwrite */
|
|
|
b97401 |
ZERO_NULL, /* connection_check */
|
|
|
b97401 |
+ ZERO_NULL, /* attach connection */
|
|
|
b97401 |
PORT_SSH, /* defport */
|
|
|
b97401 |
CURLPROTO_SCP, /* protocol */
|
|
|
b97401 |
PROTOPT_DIRLOCK | PROTOPT_CLOSEACTION
|
|
|
b97401 |
@@ -119,6 +120,7 @@ const struct Curl_handler Curl_handler_sftp = {
|
|
|
b97401 |
wsftp_disconnect, /* disconnect */
|
|
|
b97401 |
ZERO_NULL, /* readwrite */
|
|
|
b97401 |
ZERO_NULL, /* connection_check */
|
|
|
b97401 |
+ ZERO_NULL, /* attach connection */
|
|
|
b97401 |
PORT_SSH, /* defport */
|
|
|
b97401 |
CURLPROTO_SFTP, /* protocol */
|
|
|
b97401 |
CURLPROTO_SFTP, /* family */
|
|
|
b97401 |
--
|
|
|
b97401 |
2.31.1
|
|
|
b97401 |
|
|
|
b97401 |
|
|
|
b97401 |
From b5971f4854aab00fcd7810aa9a425c0a6790e050 Mon Sep 17 00:00:00 2001
|
|
|
b97401 |
From: Harry Sintonen <sintonen@iki.fi>
|
|
|
b97401 |
Date: Wed, 5 May 2021 13:42:26 +0200
|
|
|
b97401 |
Subject: [PATCH 2/3] openssl: associate/detach the transfer from connection
|
|
|
b97401 |
|
|
|
b97401 |
CVE-2021-22901
|
|
|
b97401 |
|
|
|
b97401 |
Bug: https://curl.se/docs/CVE-2021-22901.html
|
|
|
b97401 |
|
|
|
b97401 |
Upstream-commit: 7f4a9a9b2a49547eae24d2e19bc5c346e9026479
|
|
|
b97401 |
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
|
|
b97401 |
---
|
|
|
b97401 |
lib/multi.c | 5 +-
|
|
|
b97401 |
lib/vtls/gskit.c | 4 +-
|
|
|
b97401 |
lib/vtls/gtls.c | 4 +-
|
|
|
b97401 |
lib/vtls/mbedtls.c | 4 +-
|
|
|
b97401 |
lib/vtls/mesalink.c | 4 +-
|
|
|
b97401 |
lib/vtls/nss.c | 4 +-
|
|
|
b97401 |
lib/vtls/openssl.c | 146 +++++++++++++++++++++++++++++++------------
|
|
|
b97401 |
lib/vtls/rustls.c | 4 +-
|
|
|
b97401 |
lib/vtls/schannel.c | 4 +-
|
|
|
b97401 |
lib/vtls/sectransp.c | 2 +
|
|
|
b97401 |
lib/vtls/vtls.c | 23 ++++++-
|
|
|
b97401 |
lib/vtls/vtls.h | 12 ++++
|
|
|
b97401 |
lib/vtls/wolfssl.c | 4 +-
|
|
|
b97401 |
13 files changed, 171 insertions(+), 49 deletions(-)
|
|
|
b97401 |
|
|
|
b97401 |
diff --git a/lib/multi.c b/lib/multi.c
|
|
|
b97401 |
index e624bc3..2228264 100644
|
|
|
b97401 |
--- a/lib/multi.c
|
|
|
b97401 |
+++ b/lib/multi.c
|
|
|
b97401 |
@@ -872,8 +872,10 @@ bool Curl_multiplex_wanted(const struct Curl_multi *multi)
|
|
|
b97401 |
void Curl_detach_connnection(struct Curl_easy *data)
|
|
|
b97401 |
{
|
|
|
b97401 |
struct connectdata *conn = data->conn;
|
|
|
b97401 |
- if(conn)
|
|
|
b97401 |
+ if(conn) {
|
|
|
b97401 |
Curl_llist_remove(&conn->easyq, &data->conn_queue, NULL);
|
|
|
b97401 |
+ Curl_ssl_detach_conn(data, conn);
|
|
|
b97401 |
+ }
|
|
|
b97401 |
data->conn = NULL;
|
|
|
b97401 |
}
|
|
|
b97401 |
|
|
|
b97401 |
@@ -892,6 +894,7 @@ void Curl_attach_connnection(struct Curl_easy *data,
|
|
|
b97401 |
&data->conn_queue);
|
|
|
b97401 |
if(conn->handler->attach)
|
|
|
b97401 |
conn->handler->attach(data, conn);
|
|
|
b97401 |
+ Curl_ssl_associate_conn(data, conn);
|
|
|
b97401 |
}
|
|
|
b97401 |
|
|
|
b97401 |
static int waitconnect_getsock(struct connectdata *conn,
|
|
|
b97401 |
diff --git a/lib/vtls/gskit.c b/lib/vtls/gskit.c
|
|
|
b97401 |
index b0c7343..3fe54c1 100644
|
|
|
b97401 |
--- a/lib/vtls/gskit.c
|
|
|
b97401 |
+++ b/lib/vtls/gskit.c
|
|
|
b97401 |
@@ -1281,7 +1281,9 @@ const struct Curl_ssl Curl_ssl_gskit = {
|
|
|
b97401 |
Curl_none_set_engine_default, /* set_engine_default */
|
|
|
b97401 |
Curl_none_engines_list, /* engines_list */
|
|
|
b97401 |
Curl_none_false_start, /* false_start */
|
|
|
b97401 |
- NULL /* sha256sum */
|
|
|
b97401 |
+ NULL, /* sha256sum */
|
|
|
b97401 |
+ NULL, /* associate_connection */
|
|
|
b97401 |
+ NULL /* disassociate_connection */
|
|
|
b97401 |
};
|
|
|
b97401 |
|
|
|
b97401 |
#endif /* USE_GSKIT */
|
|
|
b97401 |
diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
|
|
|
b97401 |
index e3fad7f..ea54fe3 100644
|
|
|
b97401 |
--- a/lib/vtls/gtls.c
|
|
|
b97401 |
+++ b/lib/vtls/gtls.c
|
|
|
b97401 |
@@ -1645,7 +1645,9 @@ const struct Curl_ssl Curl_ssl_gnutls = {
|
|
|
b97401 |
Curl_none_set_engine_default, /* set_engine_default */
|
|
|
b97401 |
Curl_none_engines_list, /* engines_list */
|
|
|
b97401 |
Curl_none_false_start, /* false_start */
|
|
|
b97401 |
- gtls_sha256sum /* sha256sum */
|
|
|
b97401 |
+ gtls_sha256sum, /* sha256sum */
|
|
|
b97401 |
+ NULL, /* associate_connection */
|
|
|
b97401 |
+ NULL /* disassociate_connection */
|
|
|
b97401 |
};
|
|
|
b97401 |
|
|
|
b97401 |
#endif /* USE_GNUTLS */
|
|
|
b97401 |
diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c
|
|
|
b97401 |
index 4b36f2d..0a9f7b4 100644
|
|
|
b97401 |
--- a/lib/vtls/mbedtls.c
|
|
|
b97401 |
+++ b/lib/vtls/mbedtls.c
|
|
|
b97401 |
@@ -1113,7 +1113,9 @@ const struct Curl_ssl Curl_ssl_mbedtls = {
|
|
|
b97401 |
Curl_none_set_engine_default, /* set_engine_default */
|
|
|
b97401 |
Curl_none_engines_list, /* engines_list */
|
|
|
b97401 |
Curl_none_false_start, /* false_start */
|
|
|
b97401 |
- mbedtls_sha256sum /* sha256sum */
|
|
|
b97401 |
+ mbedtls_sha256sum, /* sha256sum */
|
|
|
b97401 |
+ NULL, /* associate_connection */
|
|
|
b97401 |
+ NULL /* disassociate_connection */
|
|
|
b97401 |
};
|
|
|
b97401 |
|
|
|
b97401 |
#endif /* USE_MBEDTLS */
|
|
|
b97401 |
diff --git a/lib/vtls/mesalink.c b/lib/vtls/mesalink.c
|
|
|
b97401 |
index 5d6a149..0a41dd3 100644
|
|
|
b97401 |
--- a/lib/vtls/mesalink.c
|
|
|
b97401 |
+++ b/lib/vtls/mesalink.c
|
|
|
b97401 |
@@ -667,7 +667,9 @@ const struct Curl_ssl Curl_ssl_mesalink = {
|
|
|
b97401 |
Curl_none_set_engine_default, /* set_engine_default */
|
|
|
b97401 |
Curl_none_engines_list, /* engines_list */
|
|
|
b97401 |
Curl_none_false_start, /* false_start */
|
|
|
b97401 |
- NULL /* sha256sum */
|
|
|
b97401 |
+ NULL, /* sha256sum */
|
|
|
b97401 |
+ NULL, /* associate_connection */
|
|
|
b97401 |
+ NULL /* disassociate_connection */
|
|
|
b97401 |
};
|
|
|
b97401 |
|
|
|
b97401 |
#endif
|
|
|
b97401 |
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
|
|
|
b97401 |
index a9f6959..ae3945c 100644
|
|
|
b97401 |
--- a/lib/vtls/nss.c
|
|
|
b97401 |
+++ b/lib/vtls/nss.c
|
|
|
b97401 |
@@ -2442,7 +2442,9 @@ const struct Curl_ssl Curl_ssl_nss = {
|
|
|
b97401 |
Curl_none_set_engine_default, /* set_engine_default */
|
|
|
b97401 |
Curl_none_engines_list, /* engines_list */
|
|
|
b97401 |
nss_false_start, /* false_start */
|
|
|
b97401 |
- nss_sha256sum /* sha256sum */
|
|
|
b97401 |
+ nss_sha256sum, /* sha256sum */
|
|
|
b97401 |
+ NULL, /* associate_connection */
|
|
|
b97401 |
+ NULL /* disassociate_connection */
|
|
|
b97401 |
};
|
|
|
b97401 |
|
|
|
b97401 |
#endif /* USE_NSS */
|
|
|
b97401 |
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
|
|
|
b97401 |
index 6583300..2404393 100644
|
|
|
b97401 |
--- a/lib/vtls/openssl.c
|
|
|
b97401 |
+++ b/lib/vtls/openssl.c
|
|
|
b97401 |
@@ -246,6 +246,10 @@ struct ssl_backend_data {
|
|
|
b97401 |
#endif
|
|
|
b97401 |
};
|
|
|
b97401 |
|
|
|
b97401 |
+static void ossl_associate_connection(struct Curl_easy *data,
|
|
|
b97401 |
+ struct connectdata *conn,
|
|
|
b97401 |
+ int sockindex);
|
|
|
b97401 |
+
|
|
|
b97401 |
/*
|
|
|
b97401 |
* Number of bytes to read from the random number seed file. This must be
|
|
|
b97401 |
* a finite value (because some entropy "files" like /dev/urandom have
|
|
|
b97401 |
@@ -2528,6 +2532,7 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data,
|
|
|
b97401 |
curl_socket_t sockfd = conn->sock[sockindex];
|
|
|
b97401 |
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
|
|
b97401 |
ctx_option_t ctx_options = 0;
|
|
|
b97401 |
+ void *ssl_sessionid = NULL;
|
|
|
b97401 |
|
|
|
b97401 |
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
|
|
|
b97401 |
bool sni;
|
|
|
b97401 |
@@ -3209,46 +3214,23 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data,
|
|
|
b97401 |
}
|
|
|
b97401 |
#endif
|
|
|
b97401 |
|
|
|
b97401 |
- /* Check if there's a cached ID we can/should use here! */
|
|
|
b97401 |
- if(SSL_SET_OPTION(primary.sessionid)) {
|
|
|
b97401 |
- void *ssl_sessionid = NULL;
|
|
|
b97401 |
- int data_idx = ossl_get_ssl_data_index();
|
|
|
b97401 |
- int connectdata_idx = ossl_get_ssl_conn_index();
|
|
|
b97401 |
- int sockindex_idx = ossl_get_ssl_sockindex_index();
|
|
|
b97401 |
- int proxy_idx = ossl_get_proxy_index();
|
|
|
b97401 |
-
|
|
|
b97401 |
- if(data_idx >= 0 && connectdata_idx >= 0 && sockindex_idx >= 0 &&
|
|
|
b97401 |
- proxy_idx >= 0) {
|
|
|
b97401 |
- /* Store the data needed for the "new session" callback.
|
|
|
b97401 |
- * The sockindex is stored as a pointer to an array element. */
|
|
|
b97401 |
- SSL_set_ex_data(backend->handle, data_idx, data);
|
|
|
b97401 |
- SSL_set_ex_data(backend->handle, connectdata_idx, conn);
|
|
|
b97401 |
- SSL_set_ex_data(backend->handle, sockindex_idx, conn->sock + sockindex);
|
|
|
b97401 |
-#ifndef CURL_DISABLE_PROXY
|
|
|
b97401 |
- SSL_set_ex_data(backend->handle, proxy_idx, SSL_IS_PROXY() ? (void *) 1:
|
|
|
b97401 |
- NULL);
|
|
|
b97401 |
-#else
|
|
|
b97401 |
- SSL_set_ex_data(backend->handle, proxy_idx, NULL);
|
|
|
b97401 |
-#endif
|
|
|
b97401 |
-
|
|
|
b97401 |
- }
|
|
|
b97401 |
+ ossl_associate_connection(data, conn, sockindex);
|
|
|
b97401 |
|
|
|
b97401 |
- Curl_ssl_sessionid_lock(data);
|
|
|
b97401 |
- if(!Curl_ssl_getsessionid(data, conn, SSL_IS_PROXY() ? TRUE : FALSE,
|
|
|
b97401 |
- &ssl_sessionid, NULL, sockindex)) {
|
|
|
b97401 |
- /* we got a session id, use it! */
|
|
|
b97401 |
- if(!SSL_set_session(backend->handle, ssl_sessionid)) {
|
|
|
b97401 |
- Curl_ssl_sessionid_unlock(data);
|
|
|
b97401 |
- failf(data, "SSL: SSL_set_session failed: %s",
|
|
|
b97401 |
- ossl_strerror(ERR_get_error(), error_buffer,
|
|
|
b97401 |
- sizeof(error_buffer)));
|
|
|
b97401 |
- return CURLE_SSL_CONNECT_ERROR;
|
|
|
b97401 |
- }
|
|
|
b97401 |
- /* Informational message */
|
|
|
b97401 |
- infof(data, "SSL re-using session ID\n");
|
|
|
b97401 |
+ Curl_ssl_sessionid_lock(data);
|
|
|
b97401 |
+ if(!Curl_ssl_getsessionid(data, conn, SSL_IS_PROXY() ? TRUE : FALSE,
|
|
|
b97401 |
+ &ssl_sessionid, NULL, sockindex)) {
|
|
|
b97401 |
+ /* we got a session id, use it! */
|
|
|
b97401 |
+ if(!SSL_set_session(backend->handle, ssl_sessionid)) {
|
|
|
b97401 |
+ Curl_ssl_sessionid_unlock(data);
|
|
|
b97401 |
+ failf(data, "SSL: SSL_set_session failed: %s",
|
|
|
b97401 |
+ ossl_strerror(ERR_get_error(), error_buffer,
|
|
|
b97401 |
+ sizeof(error_buffer)));
|
|
|
b97401 |
+ return CURLE_SSL_CONNECT_ERROR;
|
|
|
b97401 |
}
|
|
|
b97401 |
- Curl_ssl_sessionid_unlock(data);
|
|
|
b97401 |
+ /* Informational message */
|
|
|
b97401 |
+ infof(data, "SSL re-using session ID\n");
|
|
|
b97401 |
}
|
|
|
b97401 |
+ Curl_ssl_sessionid_unlock(data);
|
|
|
b97401 |
|
|
|
b97401 |
#ifndef CURL_DISABLE_PROXY
|
|
|
b97401 |
if(conn->proxy_ssl[sockindex].use) {
|
|
|
b97401 |
@@ -4474,6 +4456,90 @@ static void *ossl_get_internals(struct ssl_connect_data *connssl,
|
|
|
b97401 |
(void *)backend->ctx : (void *)backend->handle;
|
|
|
b97401 |
}
|
|
|
b97401 |
|
|
|
b97401 |
+static void ossl_associate_connection(struct Curl_easy *data,
|
|
|
b97401 |
+ struct connectdata *conn,
|
|
|
b97401 |
+ int sockindex)
|
|
|
b97401 |
+{
|
|
|
b97401 |
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
|
|
b97401 |
+ struct ssl_backend_data *backend = connssl->backend;
|
|
|
b97401 |
+
|
|
|
b97401 |
+ /* If we don't have SSL context, do nothing. */
|
|
|
b97401 |
+ if(!backend->handle)
|
|
|
b97401 |
+ return;
|
|
|
b97401 |
+
|
|
|
b97401 |
+ if(SSL_SET_OPTION(primary.sessionid)) {
|
|
|
b97401 |
+ int data_idx = ossl_get_ssl_data_index();
|
|
|
b97401 |
+ int connectdata_idx = ossl_get_ssl_conn_index();
|
|
|
b97401 |
+ int sockindex_idx = ossl_get_ssl_sockindex_index();
|
|
|
b97401 |
+ int proxy_idx = ossl_get_proxy_index();
|
|
|
b97401 |
+
|
|
|
b97401 |
+ if(data_idx >= 0 && connectdata_idx >= 0 && sockindex_idx >= 0 &&
|
|
|
b97401 |
+ proxy_idx >= 0) {
|
|
|
b97401 |
+ /* Store the data needed for the "new session" callback.
|
|
|
b97401 |
+ * The sockindex is stored as a pointer to an array element. */
|
|
|
b97401 |
+ SSL_set_ex_data(backend->handle, data_idx, data);
|
|
|
b97401 |
+ SSL_set_ex_data(backend->handle, connectdata_idx, conn);
|
|
|
b97401 |
+ SSL_set_ex_data(backend->handle, sockindex_idx, conn->sock + sockindex);
|
|
|
b97401 |
+#ifndef CURL_DISABLE_PROXY
|
|
|
b97401 |
+ SSL_set_ex_data(backend->handle, proxy_idx, SSL_IS_PROXY() ? (void *) 1:
|
|
|
b97401 |
+ NULL);
|
|
|
b97401 |
+#else
|
|
|
b97401 |
+ SSL_set_ex_data(backend->handle, proxy_idx, NULL);
|
|
|
b97401 |
+#endif
|
|
|
b97401 |
+ }
|
|
|
b97401 |
+ }
|
|
|
b97401 |
+}
|
|
|
b97401 |
+
|
|
|
b97401 |
+/*
|
|
|
b97401 |
+ * Starting with TLS 1.3, the ossl_new_session_cb callback gets called after
|
|
|
b97401 |
+ * the handshake. If the transfer that sets up the callback gets killed before
|
|
|
b97401 |
+ * this callback arrives, we must make sure to properly clear the data to
|
|
|
b97401 |
+ * avoid UAF problems. A future optimization could be to instead store another
|
|
|
b97401 |
+ * transfer that might still be using the same connection.
|
|
|
b97401 |
+ */
|
|
|
b97401 |
+
|
|
|
b97401 |
+static void ossl_disassociate_connection(struct Curl_easy *data,
|
|
|
b97401 |
+ int sockindex)
|
|
|
b97401 |
+{
|
|
|
b97401 |
+ struct connectdata *conn = data->conn;
|
|
|
b97401 |
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
|
|
b97401 |
+ struct ssl_backend_data *backend = connssl->backend;
|
|
|
b97401 |
+
|
|
|
b97401 |
+ /* If we don't have SSL context, do nothing. */
|
|
|
b97401 |
+ if(!backend->handle)
|
|
|
b97401 |
+ return;
|
|
|
b97401 |
+
|
|
|
b97401 |
+ if(SSL_SET_OPTION(primary.sessionid)) {
|
|
|
b97401 |
+ bool isproxy = FALSE;
|
|
|
b97401 |
+ bool incache;
|
|
|
b97401 |
+ void *old_ssl_sessionid = NULL;
|
|
|
b97401 |
+ int data_idx = ossl_get_ssl_data_index();
|
|
|
b97401 |
+ int connectdata_idx = ossl_get_ssl_conn_index();
|
|
|
b97401 |
+ int sockindex_idx = ossl_get_ssl_sockindex_index();
|
|
|
b97401 |
+ int proxy_idx = ossl_get_proxy_index();
|
|
|
b97401 |
+
|
|
|
b97401 |
+ if(data_idx >= 0 && connectdata_idx >= 0 && sockindex_idx >= 0 &&
|
|
|
b97401 |
+ proxy_idx >= 0) {
|
|
|
b97401 |
+ /* Invalidate the session cache entry, if any */
|
|
|
b97401 |
+ isproxy = SSL_get_ex_data(backend->handle, proxy_idx) ? TRUE : FALSE;
|
|
|
b97401 |
+
|
|
|
b97401 |
+ /* Disable references to data in "new session" callback to avoid
|
|
|
b97401 |
+ * accessing a stale pointer. */
|
|
|
b97401 |
+ SSL_set_ex_data(backend->handle, data_idx, NULL);
|
|
|
b97401 |
+ SSL_set_ex_data(backend->handle, connectdata_idx, NULL);
|
|
|
b97401 |
+ SSL_set_ex_data(backend->handle, sockindex_idx, NULL);
|
|
|
b97401 |
+ SSL_set_ex_data(backend->handle, proxy_idx, NULL);
|
|
|
b97401 |
+ }
|
|
|
b97401 |
+
|
|
|
b97401 |
+ Curl_ssl_sessionid_lock(data);
|
|
|
b97401 |
+ incache = !(Curl_ssl_getsessionid(data, conn, isproxy,
|
|
|
b97401 |
+ &old_ssl_sessionid, NULL, sockindex));
|
|
|
b97401 |
+ if(incache)
|
|
|
b97401 |
+ Curl_ssl_delsessionid(data, old_ssl_sessionid);
|
|
|
b97401 |
+ Curl_ssl_sessionid_unlock(data);
|
|
|
b97401 |
+ }
|
|
|
b97401 |
+}
|
|
|
b97401 |
+
|
|
|
b97401 |
const struct Curl_ssl Curl_ssl_openssl = {
|
|
|
b97401 |
{ CURLSSLBACKEND_OPENSSL, "openssl" }, /* info */
|
|
|
b97401 |
|
|
|
b97401 |
@@ -4508,10 +4574,12 @@ const struct Curl_ssl Curl_ssl_openssl = {
|
|
|
b97401 |
ossl_engines_list, /* engines_list */
|
|
|
b97401 |
Curl_none_false_start, /* false_start */
|
|
|
b97401 |
#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && !defined(OPENSSL_NO_SHA256)
|
|
|
b97401 |
- ossl_sha256sum /* sha256sum */
|
|
|
b97401 |
+ ossl_sha256sum, /* sha256sum */
|
|
|
b97401 |
#else
|
|
|
b97401 |
- NULL /* sha256sum */
|
|
|
b97401 |
+ NULL, /* sha256sum */
|
|
|
b97401 |
#endif
|
|
|
b97401 |
+ ossl_associate_connection, /* associate_connection */
|
|
|
b97401 |
+ ossl_disassociate_connection /* disassociate_connection */
|
|
|
b97401 |
};
|
|
|
b97401 |
|
|
|
b97401 |
#endif /* USE_OPENSSL */
|
|
|
b97401 |
diff --git a/lib/vtls/rustls.c b/lib/vtls/rustls.c
|
|
|
b97401 |
index e4f589d..fb8d634 100644
|
|
|
b97401 |
--- a/lib/vtls/rustls.c
|
|
|
b97401 |
+++ b/lib/vtls/rustls.c
|
|
|
b97401 |
@@ -554,7 +554,9 @@ const struct Curl_ssl Curl_ssl_rustls = {
|
|
|
b97401 |
Curl_none_set_engine_default, /* set_engine_default */
|
|
|
b97401 |
Curl_none_engines_list, /* engines_list */
|
|
|
b97401 |
Curl_none_false_start, /* false_start */
|
|
|
b97401 |
- NULL /* sha256sum */
|
|
|
b97401 |
+ NULL, /* sha256sum */
|
|
|
b97401 |
+ NULL, /* associate_connection */
|
|
|
b97401 |
+ NULL /* disassociate_connection */
|
|
|
b97401 |
};
|
|
|
b97401 |
|
|
|
b97401 |
#endif /* USE_RUSTLS */
|
|
|
b97401 |
diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c
|
|
|
b97401 |
index 961a71f..a80eb50 100644
|
|
|
b97401 |
--- a/lib/vtls/schannel.c
|
|
|
b97401 |
+++ b/lib/vtls/schannel.c
|
|
|
b97401 |
@@ -2429,7 +2429,9 @@ const struct Curl_ssl Curl_ssl_schannel = {
|
|
|
b97401 |
Curl_none_set_engine_default, /* set_engine_default */
|
|
|
b97401 |
Curl_none_engines_list, /* engines_list */
|
|
|
b97401 |
Curl_none_false_start, /* false_start */
|
|
|
b97401 |
- schannel_sha256sum /* sha256sum */
|
|
|
b97401 |
+ schannel_sha256sum, /* sha256sum */
|
|
|
b97401 |
+ NULL, /* associate_connection */
|
|
|
b97401 |
+ NULL /* disassociate_connection */
|
|
|
b97401 |
};
|
|
|
b97401 |
|
|
|
b97401 |
#endif /* USE_SCHANNEL */
|
|
|
b97401 |
diff --git a/lib/vtls/sectransp.c b/lib/vtls/sectransp.c
|
|
|
b97401 |
index 9d637da..b24b489 100644
|
|
|
b97401 |
--- a/lib/vtls/sectransp.c
|
|
|
b97401 |
+++ b/lib/vtls/sectransp.c
|
|
|
b97401 |
@@ -3314,6 +3314,8 @@ const struct Curl_ssl Curl_ssl_sectransp = {
|
|
|
b97401 |
Curl_none_engines_list, /* engines_list */
|
|
|
b97401 |
sectransp_false_start, /* false_start */
|
|
|
b97401 |
sectransp_sha256sum /* sha256sum */
|
|
|
b97401 |
+ NULL, /* associate_connection */
|
|
|
b97401 |
+ NULL /* disassociate_connection */
|
|
|
b97401 |
};
|
|
|
b97401 |
|
|
|
b97401 |
#ifdef __clang__
|
|
|
b97401 |
diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c
|
|
|
b97401 |
index 2e07df0..22cfb88 100644
|
|
|
b97401 |
--- a/lib/vtls/vtls.c
|
|
|
b97401 |
+++ b/lib/vtls/vtls.c
|
|
|
b97401 |
@@ -579,6 +579,25 @@ CURLcode Curl_ssl_addsessionid(struct Curl_easy *data,
|
|
|
b97401 |
return CURLE_OK;
|
|
|
b97401 |
}
|
|
|
b97401 |
|
|
|
b97401 |
+void Curl_ssl_associate_conn(struct Curl_easy *data,
|
|
|
b97401 |
+ struct connectdata *conn)
|
|
|
b97401 |
+{
|
|
|
b97401 |
+ if(Curl_ssl->associate_connection) {
|
|
|
b97401 |
+ Curl_ssl->associate_connection(data, conn, FIRSTSOCKET);
|
|
|
b97401 |
+ if(conn->sock[SECONDARYSOCKET] && conn->bits.sock_accepted)
|
|
|
b97401 |
+ Curl_ssl->associate_connection(data, conn, SECONDARYSOCKET);
|
|
|
b97401 |
+ }
|
|
|
b97401 |
+}
|
|
|
b97401 |
+
|
|
|
b97401 |
+void Curl_ssl_detach_conn(struct Curl_easy *data,
|
|
|
b97401 |
+ struct connectdata *conn)
|
|
|
b97401 |
+{
|
|
|
b97401 |
+ if(Curl_ssl->disassociate_connection) {
|
|
|
b97401 |
+ Curl_ssl->disassociate_connection(data, FIRSTSOCKET);
|
|
|
b97401 |
+ if(conn->sock[SECONDARYSOCKET] && conn->bits.sock_accepted)
|
|
|
b97401 |
+ Curl_ssl->disassociate_connection(data, SECONDARYSOCKET);
|
|
|
b97401 |
+ }
|
|
|
b97401 |
+}
|
|
|
b97401 |
|
|
|
b97401 |
void Curl_ssl_close_all(struct Curl_easy *data)
|
|
|
b97401 |
{
|
|
|
b97401 |
@@ -1207,7 +1226,9 @@ static const struct Curl_ssl Curl_ssl_multi = {
|
|
|
b97401 |
Curl_none_set_engine_default, /* set_engine_default */
|
|
|
b97401 |
Curl_none_engines_list, /* engines_list */
|
|
|
b97401 |
Curl_none_false_start, /* false_start */
|
|
|
b97401 |
- NULL /* sha256sum */
|
|
|
b97401 |
+ NULL, /* sha256sum */
|
|
|
b97401 |
+ NULL, /* associate_connection */
|
|
|
b97401 |
+ NULL /* disassociate_connection */
|
|
|
b97401 |
};
|
|
|
b97401 |
|
|
|
b97401 |
const struct Curl_ssl *Curl_ssl =
|
|
|
b97401 |
diff --git a/lib/vtls/vtls.h b/lib/vtls/vtls.h
|
|
|
b97401 |
index 2b43e77..78d1003 100644
|
|
|
b97401 |
--- a/lib/vtls/vtls.h
|
|
|
b97401 |
+++ b/lib/vtls/vtls.h
|
|
|
b97401 |
@@ -83,6 +83,11 @@ struct Curl_ssl {
|
|
|
b97401 |
bool (*false_start)(void);
|
|
|
b97401 |
CURLcode (*sha256sum)(const unsigned char *input, size_t inputlen,
|
|
|
b97401 |
unsigned char *sha256sum, size_t sha256sumlen);
|
|
|
b97401 |
+
|
|
|
b97401 |
+ void (*associate_connection)(struct Curl_easy *data,
|
|
|
b97401 |
+ struct connectdata *conn,
|
|
|
b97401 |
+ int sockindex);
|
|
|
b97401 |
+ void (*disassociate_connection)(struct Curl_easy *data, int sockindex);
|
|
|
b97401 |
};
|
|
|
b97401 |
|
|
|
b97401 |
#ifdef USE_SSL
|
|
|
b97401 |
@@ -277,6 +282,11 @@ bool Curl_ssl_cert_status_request(void);
|
|
|
b97401 |
|
|
|
b97401 |
bool Curl_ssl_false_start(void);
|
|
|
b97401 |
|
|
|
b97401 |
+void Curl_ssl_associate_conn(struct Curl_easy *data,
|
|
|
b97401 |
+ struct connectdata *conn);
|
|
|
b97401 |
+void Curl_ssl_detach_conn(struct Curl_easy *data,
|
|
|
b97401 |
+ struct connectdata *conn);
|
|
|
b97401 |
+
|
|
|
b97401 |
#define SSL_SHUTDOWN_TIMEOUT 10000 /* ms */
|
|
|
b97401 |
|
|
|
b97401 |
#else /* if not USE_SSL */
|
|
|
b97401 |
@@ -303,6 +313,8 @@ bool Curl_ssl_false_start(void);
|
|
|
b97401 |
#define Curl_ssl_cert_status_request() FALSE
|
|
|
b97401 |
#define Curl_ssl_false_start() FALSE
|
|
|
b97401 |
#define Curl_ssl_tls13_ciphersuites() FALSE
|
|
|
b97401 |
+#define Curl_ssl_associate_conn(a,b) Curl_nop_stmt
|
|
|
b97401 |
+#define Curl_ssl_detach_conn(a,b) Curl_nop_stmt
|
|
|
b97401 |
#endif
|
|
|
b97401 |
|
|
|
b97401 |
#endif /* HEADER_CURL_VTLS_H */
|
|
|
b97401 |
diff --git a/lib/vtls/wolfssl.c b/lib/vtls/wolfssl.c
|
|
|
b97401 |
index c6f4280..9c1598b 100644
|
|
|
b97401 |
--- a/lib/vtls/wolfssl.c
|
|
|
b97401 |
+++ b/lib/vtls/wolfssl.c
|
|
|
b97401 |
@@ -1164,7 +1164,9 @@ const struct Curl_ssl Curl_ssl_wolfssl = {
|
|
|
b97401 |
Curl_none_set_engine_default, /* set_engine_default */
|
|
|
b97401 |
Curl_none_engines_list, /* engines_list */
|
|
|
b97401 |
Curl_none_false_start, /* false_start */
|
|
|
b97401 |
- wolfssl_sha256sum /* sha256sum */
|
|
|
b97401 |
+ wolfssl_sha256sum, /* sha256sum */
|
|
|
b97401 |
+ NULL, /* associate_connection */
|
|
|
b97401 |
+ NULL /* disassociate_connection */
|
|
|
b97401 |
};
|
|
|
b97401 |
|
|
|
b97401 |
#endif
|
|
|
b97401 |
--
|
|
|
b97401 |
2.31.1
|
|
|
b97401 |
|
|
|
b97401 |
|
|
|
b97401 |
From dd657bd43c0dc406a0be442a3b6546b3f97bb13f Mon Sep 17 00:00:00 2001
|
|
|
b97401 |
From: Koichi Shiraishi <zchee.io@gmail.com>
|
|
|
b97401 |
Date: Mon, 24 May 2021 20:26:44 +0900
|
|
|
b97401 |
Subject: [PATCH 3/3] sectransp: fix 7f4a9a9b2a49 commit about missing comma
|
|
|
b97401 |
|
|
|
b97401 |
Follow-up to 7f4a9a9b2a495
|
|
|
b97401 |
|
|
|
b97401 |
Closes #7119
|
|
|
b97401 |
|
|
|
b97401 |
Upstream-commit: 98770344b2d6527c5b504fa740d7bbddbee1728e
|
|
|
b97401 |
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
|
|
b97401 |
---
|
|
|
b97401 |
lib/vtls/sectransp.c | 2 +-
|
|
|
b97401 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
b97401 |
|
|
|
b97401 |
diff --git a/lib/vtls/sectransp.c b/lib/vtls/sectransp.c
|
|
|
b97401 |
index b24b489..f2d7835 100644
|
|
|
b97401 |
--- a/lib/vtls/sectransp.c
|
|
|
b97401 |
+++ b/lib/vtls/sectransp.c
|
|
|
b97401 |
@@ -3313,7 +3313,7 @@ const struct Curl_ssl Curl_ssl_sectransp = {
|
|
|
b97401 |
Curl_none_set_engine_default, /* set_engine_default */
|
|
|
b97401 |
Curl_none_engines_list, /* engines_list */
|
|
|
b97401 |
sectransp_false_start, /* false_start */
|
|
|
b97401 |
- sectransp_sha256sum /* sha256sum */
|
|
|
b97401 |
+ sectransp_sha256sum, /* sha256sum */
|
|
|
b97401 |
NULL, /* associate_connection */
|
|
|
b97401 |
NULL /* disassociate_connection */
|
|
|
b97401 |
};
|
|
|
b97401 |
--
|
|
|
b97401 |
2.31.1
|
|
|
b97401 |
|