diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2021-03-19 12:38:49 +0100 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2021-03-28 23:19:56 +0200 |
| commit | b09c8ee15771c614c4bf3ddac893cdb12187c844 (patch) | |
| tree | b0d127346d6e05c5a96d4b5f9814f6cdb6132409 /lib/vtls/wolfssl.c | |
| parent | 7214288898f5625a6cc196e22a74232eada7861c (diff) | |
| download | curl-b09c8ee15771c614c4bf3ddac893cdb12187c844.tar.gz | |
vtls: add 'isproxy' argument to Curl_ssl_get/addsessionid()
To make sure we set and extract the correct session.
Reported-by: Mingtao Yang
Bug: https://curl.se/docs/CVE-2021-22890.html
CVE-2021-22890
Diffstat (limited to 'lib/vtls/wolfssl.c')
| -rw-r--r-- | lib/vtls/wolfssl.c | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/lib/vtls/wolfssl.c b/lib/vtls/wolfssl.c index 7159ac9d5..8fb2ea7ac 100644 --- a/lib/vtls/wolfssl.c +++ b/lib/vtls/wolfssl.c @@ -516,7 +516,9 @@ wolfssl_connect_step1(struct Curl_easy *data, struct connectdata *conn, void *ssl_sessionid = NULL; Curl_ssl_sessionid_lock(data); - if(!Curl_ssl_getsessionid(data, conn, &ssl_sessionid, NULL, sockindex)) { + if(!Curl_ssl_getsessionid(data, conn, + SSL_IS_PROXY() ? TRUE : FALSE, + &ssl_sessionid, NULL, sockindex)) { /* we got a session id, use it! */ if(!SSL_set_session(backend->handle, ssl_sessionid)) { char error_buffer[WOLFSSL_MAX_ERROR_SZ]; @@ -772,11 +774,12 @@ wolfssl_connect_step3(struct Curl_easy *data, struct connectdata *conn, bool incache; void *old_ssl_sessionid = NULL; SSL_SESSION *our_ssl_sessionid = SSL_get_session(backend->handle); + bool isproxy = SSL_IS_PROXY() ? TRUE : FALSE; if(our_ssl_sessionid) { Curl_ssl_sessionid_lock(data); - incache = !(Curl_ssl_getsessionid(data, conn, &old_ssl_sessionid, NULL, - sockindex)); + incache = !(Curl_ssl_getsessionid(data, conn, isproxy, + &old_ssl_sessionid, NULL, sockindex)); if(incache) { if(old_ssl_sessionid != our_ssl_sessionid) { infof(data, "old SSL session ID is stale, removing\n"); @@ -786,8 +789,8 @@ wolfssl_connect_step3(struct Curl_easy *data, struct connectdata *conn, } if(!incache) { - result = Curl_ssl_addsessionid(data, conn, our_ssl_sessionid, - 0 /* unknown size */, sockindex); + result = Curl_ssl_addsessionid(data, conn, isproxy, our_ssl_sessionid, + 0, sockindex); if(result) { Curl_ssl_sessionid_unlock(data); failf(data, "failed to store ssl session"); |