diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2021-11-15 16:51:32 +0100 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2021-11-15 23:13:09 +0100 |
| commit | 4d97fe547322c4ad0868e2282476b1a7d2027f86 (patch) | |
| tree | 017299b640922f78372066f6c85eb888c10e4283 | |
| parent | 2511a41bf987164a5f82c03ff0e8c1776da546a9 (diff) | |
| download | curl-4d97fe547322c4ad0868e2282476b1a7d2027f86.tar.gz | |
tftp: mark protocol as not possible to do over CONNECT
... and make connect_init() refusing trying to tunnel protocols marked
as not working. Avoids a double-free.
Reported-by: Even Rouault
Fixes #8018
Closes #8020
| -rw-r--r-- | lib/connect.c | 14 | ||||
| -rw-r--r-- | lib/http_proxy.c | 4 | ||||
| -rw-r--r-- | lib/tftp.c | 2 | ||||
| -rw-r--r-- | lib/urldata.h | 1 |
4 files changed, 14 insertions, 7 deletions
diff --git a/lib/connect.c b/lib/connect.c index af6094731..94490805a 100644 --- a/lib/connect.c +++ b/lib/connect.c @@ -744,15 +744,17 @@ void Curl_conninfo_local(struct Curl_easy *data, curl_socket_t sockfd, void Curl_updateconninfo(struct Curl_easy *data, struct connectdata *conn, curl_socket_t sockfd) { - /* 'local_ip' and 'local_port' get filled with local's numerical ip address - and port number whenever an outgoing connection is **established** from - the primary socket to a remote address. */ + /* 'local_ip' and 'local_port' get filled with local's numerical + ip address and port number whenever an outgoing connection is + **established** from the primary socket to a remote address. */ char local_ip[MAX_IPADR_LEN] = ""; int local_port = -1; - if(!conn->bits.reuse && !conn->bits.tcp_fastopen) - Curl_conninfo_remote(data, conn, sockfd); - Curl_conninfo_local(data, sockfd, local_ip, &local_port); + if(conn->transport == TRNSPRT_TCP) { + if(!conn->bits.reuse && !conn->bits.tcp_fastopen) + Curl_conninfo_remote(data, conn, sockfd); + Curl_conninfo_local(data, sockfd, local_ip, &local_port); + } /* end of TCP-only section */ /* persist connection info in session handle */ Curl_persistconninfo(data, conn, local_ip, local_port); diff --git a/lib/http_proxy.c b/lib/http_proxy.c index 2555b401a..e788babed 100644 --- a/lib/http_proxy.c +++ b/lib/http_proxy.c @@ -158,6 +158,10 @@ static CURLcode connect_init(struct Curl_easy *data, bool reinit) { struct http_connect_state *s; struct connectdata *conn = data->conn; + if(conn->handler->flags & PROTOPT_NOTCPPROXY) { + failf(data, "%s cannot be done over CONNECT", conn->handler->scheme); + return CURLE_UNSUPPORTED_PROTOCOL; + } if(!reinit) { CURLcode result; DEBUGASSERT(!conn->connect_state); diff --git a/lib/tftp.c b/lib/tftp.c index 7e5246f01..f8c68441c 100644 --- a/lib/tftp.c +++ b/lib/tftp.c @@ -186,7 +186,7 @@ const struct Curl_handler Curl_handler_tftp = { PORT_TFTP, /* defport */ CURLPROTO_TFTP, /* protocol */ CURLPROTO_TFTP, /* family */ - PROTOPT_NONE | PROTOPT_NOURLQUERY /* flags */ + PROTOPT_NOTCPPROXY | PROTOPT_NOURLQUERY /* flags */ }; /********************************************************** diff --git a/lib/urldata.h b/lib/urldata.h index f12e99b8d..22c66cd44 100644 --- a/lib/urldata.h +++ b/lib/urldata.h @@ -835,6 +835,7 @@ struct Curl_handler { #define PROTOPT_WILDCARD (1<<12) /* protocol supports wildcard matching */ #define PROTOPT_USERPWDCTRL (1<<13) /* Allow "control bytes" (< 32 ascii) in user name and password */ +#define PROTOPT_NOTCPPROXY (1<<14) /* this protocol can't proxy over TCP */ #define CONNCHECK_NONE 0 /* No checks */ #define CONNCHECK_ISDEAD (1<<0) /* Check if the connection is dead. */ |