luo980/curl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

gnutls: don't leak the SRP credentials in redirects

Browse Source 
Follow-up to 620ea21410 and 139a54ed0a

Reported-by: Harry Sintonen
Closes #8752
This commit is contained in:
Daniel Stenberg 2022-04-26 07:46:19 +02:00
parent d2a36beee6
commit 0935315562
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/vtls/gtls.c
View File

@ -445,11 +445,11 @@ gtls_connect_step1(struct Curl_easy *data,
} }
#ifdef USE_GNUTLS_SRP #ifdef USE_GNUTLS_SRP
if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP) { if((SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP) &&
Curl_allow_auth_to_host(data)) {
infof(data, "Using TLS-SRP username: %s", SSL_SET_OPTION(username)); infof(data, "Using TLS-SRP username: %s", SSL_SET_OPTION(username));
rc = gnutls_srp_allocate_client_credentials( rc = gnutls_srp_allocate_client_credentials(&backend->srp_client_cred);
&backend->srp_client_cred);
if(rc != GNUTLS_E_SUCCESS) { if(rc != GNUTLS_E_SUCCESS) {
failf(data, "gnutls_srp_allocate_client_cred() failed: %s", failf(data, "gnutls_srp_allocate_client_cred() failed: %s",
gnutls_strerror(rc)); gnutls_strerror(rc));