| Last change
                  on this file since 2007 was
                  1922,
                  checked in by geofft, 14 years ago | 
        
          | Patch curl for CVE-2011-2192: do not delegate tickets over HTTP | 
        | File size:
            1.0 KB | 
      
      
        
  | Rev | Line |  | 
|---|
| [1922] | 1 | From a4be0864ba953b3317ece66bf8c2332ea74a4715 Mon Sep 17 00:00:00 2001 | 
|---|
|  | 2 | From: Daniel Stenberg <daniel@haxx.se> | 
|---|
|  | 3 | Date: Wed, 8 Jun 2011 00:10:26 +0200 | 
|---|
|  | 4 | Subject: [PATCH] Curl_input_negotiate: do not delegate credentials | 
|---|
|  | 5 |  | 
|---|
|  | 6 | This is a security flaw. See curl advisory 201106xx for details. | 
|---|
|  | 7 |  | 
|---|
|  | 8 | Reported by: Richard Silverman | 
|---|
|  | 9 | --- | 
|---|
|  | 10 | lib/http_negotiate.c |    2 +- | 
|---|
|  | 11 | 1 files changed, 1 insertions(+), 1 deletions(-) | 
|---|
|  | 12 |  | 
|---|
|  | 13 | diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c | 
|---|
|  | 14 | index 202d69e..5127e64 100644 | 
|---|
|  | 15 | --- a/lib/http_negotiate.c | 
|---|
|  | 16 | +++ b/lib/http_negotiate.c | 
|---|
|  | 17 | @@ -243,7 +243,7 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy, | 
|---|
|  | 18 | &neg_ctx->context, | 
|---|
|  | 19 | neg_ctx->server_name, | 
|---|
|  | 20 | GSS_C_NO_OID, | 
|---|
|  | 21 | -                                      GSS_C_DELEG_FLAG, | 
|---|
|  | 22 | +                                      0, | 
|---|
|  | 23 | 0, | 
|---|
|  | 24 | GSS_C_NO_CHANNEL_BINDINGS, | 
|---|
|  | 25 | &input_token, | 
|---|
|  | 26 | -- | 
|---|
|  | 27 | 1.7.5.3 | 
|---|
|  | 28 |  | 
|---|
       
      
      Note: See 
TracBrowser
        for help on using the repository browser.