From 654f8cb5f353905c6eb5b2a6ef7e5beafa7d0634 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 19 Feb 2025 23:55:31 +0100 Subject: [PATCH] tool_getparam: clear sensitive arguments better curl attempts to clear some flags to hide them from snooping neighbors (on platforms where it works). For example the credentials provided with -u. Previously it would only do that if there was a space between the option and the credentials as in "-u joe:s3cr3t" but not when done without a separating space as in "-ujoe:s3cr3t". This addresses that previous shortcoming. Reported-by: kayrus on github Fixes #16396 Closes #16401 Conflict:context adapt Reference:https://github.com/curl/curl/commit/654f8cb5f353905c6eb5b2a6ef7e5beafa7d0634 --- src/tool_getparam.c | 18 ++++++++++++------ src/tool_getparam.h | 3 ++- src/tool_parsecfg.c | 3 ++- 3 files changed, 16 insertions(+), 8 deletions(-) diff --git a/src/tool_getparam.c b/src/tool_getparam.c index d9772a3..53e3b76 100644 --- a/src/tool_getparam.c +++ b/src/tool_getparam.c @@ -740,7 +740,8 @@ out: ParameterError getparameter(const char *flag, /* f or -long-flag */ char *nextarg, /* NULL if unset */ - argv_item_t cleararg, + argv_item_t cleararg1, + argv_item_t cleararg2, bool *usedarg, /* set to TRUE if the arg has been used */ struct GlobalConfig *global, @@ -769,7 +770,8 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */ #ifdef HAVE_WRITABLE_ARGV argv_item_t clearthis = NULL; #else - (void)cleararg; + (void)cleararg1; + (void)cleararg2; #endif *usedarg = FALSE; /* default is that we don't use the arg */ @@ -879,6 +881,9 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */ if(!longopt && parse[1]) { nextarg = (char *)&parse[1]; /* this is the actual extra parameter */ singleopt = TRUE; /* don't loop anymore after this */ +#ifdef HAVE_WRITABLE_ARGV + clearthis = &cleararg1[parse + 2 - flag]; +#endif } else if(!nextarg) { err = PARAM_REQUIRES_PARAMETER; @@ -886,7 +891,7 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */ } else { #ifdef HAVE_WRITABLE_ARGV - clearthis = cleararg; + clearthis = cleararg2; #endif *usedarg = TRUE; /* mark it as used */ } @@ -2714,8 +2719,8 @@ ParameterError parse_args(struct GlobalConfig *global, int argc, } } - result = getparameter(orig_opt, nextarg, argv[i + 1], &passarg, - global, config); + result = getparameter(orig_opt, nextarg, argv[i], argv[i + 1], + &passarg, global, config); curlx_unicodefree(nextarg); config = global->last; @@ -2757,7 +2762,8 @@ ParameterError parse_args(struct GlobalConfig *global, int argc, bool used; /* Just add the URL please */ - result = getparameter("--url", orig_opt, argv[i], &used, global, config); + result = getparameter("--url", orig_opt, NULL, NULL, + &used, global, config); } if(!result) diff --git a/src/tool_getparam.h b/src/tool_getparam.h index a8a9d45..1a7ec4f 100644 --- a/src/tool_getparam.h +++ b/src/tool_getparam.h @@ -56,7 +56,8 @@ struct GlobalConfig; struct OperationConfig; ParameterError getparameter(const char *flag, char *nextarg, - argv_item_t cleararg, + argv_item_t cleararg1, + argv_item_t cleararg2, bool *usedarg, struct GlobalConfig *global, struct OperationConfig *operation); diff --git a/src/tool_parsecfg.c b/src/tool_parsecfg.c index c15f210..3f9e4e5 100644 --- a/src/tool_parsecfg.c +++ b/src/tool_parsecfg.c @@ -223,7 +223,8 @@ int parseconfig(const char *filename, struct GlobalConfig *global) #ifdef DEBUG_CONFIG fprintf(tool_stderr, "PARAM: \"%s\"\n",(param ? param : "(null)")); #endif - res = getparameter(option, param, NULL, &usedarg, global, operation); + res = getparameter(option, param, NULL, NULL, + &usedarg, global, operation); operation = global->last; if(!res && param && *param && !usedarg) -- 2.43.0