packages/curl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
curl/backport-tool_getparam-clear-sensitive-arguments-better.patch

121 lines
4.4 KiB
Diff
Raw Permalink Normal View History

backport patches
2025-03-25 08:07:21 +00:00
From 654f8cb5f353905c6eb5b2a6ef7e5beafa7d0634 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 19 Feb 2025 23:55:31 +0100
Subject: [PATCH] tool_getparam: clear sensitive arguments better
curl attempts to clear some flags to hide them from snooping neighbors
(on platforms where it works). For example the credentials provided with
-u. Previously it would only do that if there was a space between the
option and the credentials as in "-u joe:s3cr3t" but not when done
without a separating space as in "-ujoe:s3cr3t".
This addresses that previous shortcoming.
Reported-by: kayrus on github
Fixes #16396
Closes #16401
Conflict:context adapt
Reference:https://github.com/curl/curl/commit/654f8cb5f353905c6eb5b2a6ef7e5beafa7d0634
---
src/tool_getparam.c | 18 ++++++++++++------
src/tool_getparam.h | 3 ++-
src/tool_parsecfg.c | 3 ++-
3 files changed, 16 insertions(+), 8 deletions(-)
diff --git a/src/tool_getparam.c b/src/tool_getparam.c
index d9772a3..53e3b76 100644
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@@ -740,7 +740,8 @@ out:
ParameterError getparameter(const char *flag, /* f or -long-flag */
char *nextarg, /* NULL if unset */
- argv_item_t cleararg,
+ argv_item_t cleararg1,
+ argv_item_t cleararg2,
bool *usedarg, /* set to TRUE if the arg
has been used */
struct GlobalConfig *global,
@@ -769,7 +770,8 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
#ifdef HAVE_WRITABLE_ARGV
argv_item_t clearthis = NULL;
#else
- (void)cleararg;
+ (void)cleararg1;
+ (void)cleararg2;
#endif
*usedarg = FALSE; /* default is that we don't use the arg */
@@ -879,6 +881,9 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
if(!longopt && parse[1]) {
nextarg = (char *)&parse[1]; /* this is the actual extra parameter */
singleopt = TRUE; /* don't loop anymore after this */
+#ifdef HAVE_WRITABLE_ARGV
+ clearthis = &cleararg1[parse + 2 - flag];
+#endif
}
else if(!nextarg) {
err = PARAM_REQUIRES_PARAMETER;
@@ -886,7 +891,7 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
}
else {
#ifdef HAVE_WRITABLE_ARGV
- clearthis = cleararg;
+ clearthis = cleararg2;
#endif
*usedarg = TRUE; /* mark it as used */
}
@@ -2714,8 +2719,8 @@ ParameterError parse_args(struct GlobalConfig *global, int argc,
}
}
- result = getparameter(orig_opt, nextarg, argv[i + 1], &passarg,
- global, config);
+ result = getparameter(orig_opt, nextarg, argv[i], argv[i + 1],
+ &passarg, global, config);
curlx_unicodefree(nextarg);
config = global->last;
@@ -2757,7 +2762,8 @@ ParameterError parse_args(struct GlobalConfig *global, int argc,
bool used;
/* Just add the URL please */
- result = getparameter("--url", orig_opt, argv[i], &used, global, config);
+ result = getparameter("--url", orig_opt, NULL, NULL,
+ &used, global, config);
}
if(!result)
diff --git a/src/tool_getparam.h b/src/tool_getparam.h
index a8a9d45..1a7ec4f 100644
--- a/src/tool_getparam.h
+++ b/src/tool_getparam.h
@@ -56,7 +56,8 @@ struct GlobalConfig;
struct OperationConfig;
ParameterError getparameter(const char *flag, char *nextarg,
- argv_item_t cleararg,
+ argv_item_t cleararg1,
+ argv_item_t cleararg2,
bool *usedarg,
struct GlobalConfig *global,
struct OperationConfig *operation);
diff --git a/src/tool_parsecfg.c b/src/tool_parsecfg.c
index c15f210..3f9e4e5 100644
--- a/src/tool_parsecfg.c
+++ b/src/tool_parsecfg.c
@@ -223,7 +223,8 @@ int parseconfig(const char *filename, struct GlobalConfig *global)
#ifdef DEBUG_CONFIG
fprintf(tool_stderr, "PARAM: \"%s\"\n",(param ? param : "(null)"));
#endif
- res = getparameter(option, param, NULL, &usedarg, global, operation);
+ res = getparameter(option, param, NULL, NULL,
+ &usedarg, global, operation);
operation = global->last;
if(!res && param && *param && !usedarg)
--
2.43.0
Reference in New Issue Copy Permalink