From 5bc491031e5fb48a3d09762c1cebd690b8aa4d46 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 27 Sep 2016 18:01:53 +0200 Subject: [PATCH] connectionexists: use case sensitive user/password comparisons CVE-2016-8616 Bug: https://curl.haxx.se/docs/adv_20161102B.html Reported-by: Cure53 Upstream-commit: b3ee26c5df75d97f6895e6ec4538894ebaf76e48 Signed-off-by: Kamil Dudka --- lib/url.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/lib/url.c b/lib/url.c index a88903c..b6ad5a6 100644 --- a/lib/url.c +++ b/lib/url.c @@ -3305,8 +3305,8 @@ ConnectionExists(struct SessionHandle *data, if(!(needle->handler->flags & PROTOPT_CREDSPERREQUEST)) { /* This protocol requires credentials per connection, so verify that we're using the same name and password as well */ - if(!strequal(needle->user, check->user) || - !strequal(needle->passwd, check->passwd)) { + if(strcmp(needle->user, check->user) || + strcmp(needle->passwd, check->passwd)) { /* one of them was different */ continue; } @@ -3369,8 +3369,8 @@ ConnectionExists(struct SessionHandle *data, possible. (Especially we must not reuse the same connection if partway through a handshake!) */ if(wantNTLMhttp) { - if(!strequal(needle->user, check->user) || - !strequal(needle->passwd, check->passwd)) + if(strcmp(needle->user, check->user) || + strcmp(needle->passwd, check->passwd)) continue; } else if(check->ntlm.state != NTLMSTATE_NONE) { @@ -3380,8 +3380,8 @@ ConnectionExists(struct SessionHandle *data, /* Same for Proxy NTLM authentication */ if(wantProxyNTLMhttp) { - if(!strequal(needle->proxyuser, check->proxyuser) || - !strequal(needle->proxypasswd, check->proxypasswd)) + if(strcmp(needle->proxyuser, check->proxyuser) || + strcmp(needle->proxypasswd, check->proxypasswd)) continue; } else if(check->proxyntlm.state != NTLMSTATE_NONE) { -- 2.7.4