Re: [PATCH 2/2] http: prevent redirect from dropping credentials during reauth

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Quentin,

>  I have suggested to switch to implementing the same behaviour as libcurl when it comes to reusing credentials: if the hostname of the redirect is the same as the original URL, reuse the credentials, otherwise drop them.

The protocol & port number also need to match, so it doesn't end up
the same as CVE-2022-27774 [1]

Rob :)

[1] https://curl.se/docs/CVE-2022-27774.html
[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux