From e8705acd69383c13191c9dd4867d5118e58c54ba Mon Sep 17 00:00:00 2001

From: Daniel Stenberg <daniel@haxx.se>

Date: Thu, 6 Oct 2022 00:49:10 +0200

Subject: [PATCH 1/2] strcase: add Curl_timestrcmp

This is a strcmp() alternative function for comparing "secrets",

designed to take the same time no matter the content to not leak

match/non-match info to observers based on how fast it is.

The time this function takes is only a function of the shortest input

string.

Reported-by: Trail of Bits

Closes #9658

Upstream-commit: ed5095ed94281989e103c72e032200b83be37878

Signed-off-by: Kamil Dudka <kdudka@redhat.com>

---

 lib/strcase.c | 22 ++++++++++++++++++++++

 lib/strcase.h |  1 +

 2 files changed, 23 insertions(+)

diff --git a/lib/strcase.c b/lib/strcase.c

index f932485..c73907d 100644

--- a/lib/strcase.c

+++ b/lib/strcase.c

@@ -179,6 +179,28 @@ bool Curl_safecmp(char *a, char *b)

   return !a && !b;

 }

+/*

+ * Curl_timestrcmp() returns 0 if the two strings are identical. The time this

+ * function spends is a function of the shortest string, not of the contents.

+ */

+int Curl_timestrcmp(const char *a, const char *b)

+{

+  int match = 0;

+  int i = 0;

+

+  if(a && b) {

+    while(1) {

+      match |= a[i]^b[i];

+      if(!a[i] || !b[i])

+        break;

+      i++;

+    }

+  }

+  else

+    return a || b;

+  return match;

+}

+

 /* --- public functions --- */

 int curl_strequal(const char *first, const char *second)

diff --git a/lib/strcase.h b/lib/strcase.h

index d245929..11a67a1 100644

--- a/lib/strcase.h

+++ b/lib/strcase.h

@@ -52,5 +52,6 @@ void Curl_strntoupper(char *dest, const char *src, size_t n);

 void Curl_strntolower(char *dest, const char *src, size_t n);

 bool Curl_safecmp(char *a, char *b);

+int Curl_timestrcmp(const char *first, const char *second);

 #endif /* HEADER_CURL_STRCASE_H */

-- 

2.39.2

From 9cfaea212ff347937a38f6b5d6b885ed8ba1b931 Mon Sep 17 00:00:00 2001

From: Daniel Stenberg <daniel@haxx.se>

Date: Thu, 9 Mar 2023 17:47:06 +0100

Subject: [PATCH 2/2] ftp: add more conditions for connection reuse

Reported-by: Harry Sintonen

Closes #10730

Upstream-commit: 8f4608468b890dce2dad9f91d5607ee7e9c1aba1

Signed-off-by: Kamil Dudka <kdudka@redhat.com>

---

 lib/ftp.c     | 28 ++++++++++++++++++++++++++--

 lib/ftp.h     |  5 +++++

 lib/setopt.c  |  2 +-

 lib/url.c     | 16 +++++++++++++++-

 lib/urldata.h |  4 ++--

 5 files changed, 49 insertions(+), 6 deletions(-)

diff --git a/lib/ftp.c b/lib/ftp.c

index 9442832..df15bc0 100644

--- a/lib/ftp.c

+++ b/lib/ftp.c

@@ -4107,6 +4107,8 @@ static CURLcode ftp_disconnect(struct Curl_easy *data,

   }

   freedirs(ftpc);

+  Curl_safefree(ftpc->account);

+  Curl_safefree(ftpc->alternative_to_user);

   Curl_safefree(ftpc->prevpath);

   Curl_safefree(ftpc->server_os);

   Curl_pp_disconnect(pp);

@@ -4374,11 +4376,31 @@ static CURLcode ftp_setup_connection(struct Curl_easy *data,

 {

   char *type;

   struct FTP *ftp;

+  struct ftp_conn *ftpc = &conn->proto.ftpc;

-  data->req.p.ftp = ftp = calloc(sizeof(struct FTP), 1);

+  ftp = calloc(sizeof(struct FTP), 1);

   if(!ftp)

     return CURLE_OUT_OF_MEMORY;

+  /* clone connection related data that is FTP specific */

+  if(data->set.str[STRING_FTP_ACCOUNT]) {

+    ftpc->account = strdup(data->set.str[STRING_FTP_ACCOUNT]);

+    if(!ftpc->account) {

+      free(ftp);

+      return CURLE_OUT_OF_MEMORY;

+    }

+  }

+  if(data->set.str[STRING_FTP_ALTERNATIVE_TO_USER]) {

+    ftpc->alternative_to_user =

+      strdup(data->set.str[STRING_FTP_ALTERNATIVE_TO_USER]);

+    if(!ftpc->alternative_to_user) {

+      Curl_safefree(ftpc->account);

+      free(ftp);

+      return CURLE_OUT_OF_MEMORY;

+    }

+  }

+  data->req.p.ftp = ftp;

+

   ftp->path = &data->state.up.path[1]; /* don't include the initial slash */

   /* FTP URLs support an extension like ";type=<typecode>" that

@@ -4413,7 +4435,9 @@ static CURLcode ftp_setup_connection(struct Curl_easy *data,

   /* get some initial data into the ftp struct */

   ftp->transfer = PPTRANSFER_BODY;

   ftp->downloadsize = 0;

-  conn->proto.ftpc.known_filesize = -1; /* unknown size for now */

+  ftpc->known_filesize = -1; /* unknown size for now */

+  ftpc->use_ssl = data->set.use_ssl;

+  ftpc->ccc = data->set.ftp_ccc;

   return CURLE_OK;

 }

diff --git a/lib/ftp.h b/lib/ftp.h

index 7f6f432..3f33e27 100644

--- a/lib/ftp.h

+++ b/lib/ftp.h

@@ -119,6 +119,8 @@ struct FTP {

    struct */

 struct ftp_conn {

   struct pingpong pp;

+  char *account;

+  char *alternative_to_user;

   char *entrypath; /* the PWD reply when we logged on */

   char *file;    /* url-decoded file name (or path) */

   char **dirs;   /* realloc()ed array for path components */

@@ -148,6 +150,9 @@ struct ftp_conn {

   ftpstate state; /* always use ftp.c:state() to change state! */

   ftpstate state_saved; /* transfer type saved to be reloaded after

                            data connection is established */

+  unsigned char use_ssl;   /* if AUTH TLS is to be attempted etc, for FTP or

+                              IMAP or POP3 or others! (type: curl_usessl)*/

+  unsigned char ccc;       /* ccc level for this connection */

   curl_off_t retr_size_saved; /* Size of retrieved file saved */

   char *server_os;     /* The target server operating system. */

   curl_off_t known_filesize; /* file size is different from -1, if wildcard

diff --git a/lib/setopt.c b/lib/setopt.c

index 3339a67..6fc111d 100644

--- a/lib/setopt.c

+++ b/lib/setopt.c

@@ -2374,7 +2374,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)

     arg = va_arg(param, long);

     if((arg < CURLUSESSL_NONE) || (arg >= CURLUSESSL_LAST))

       return CURLE_BAD_FUNCTION_ARGUMENT;

-    data->set.use_ssl = (curl_usessl)arg;

+    data->set.use_ssl = (unsigned char)arg;

     break;

   case CURLOPT_SSL_OPTIONS:

diff --git a/lib/url.c b/lib/url.c

index 61ba832..4e21838 100644

--- a/lib/url.c

+++ b/lib/url.c

@@ -1378,10 +1378,24 @@ ConnectionExists(struct Curl_easy *data,

          (data->state.httpwant < CURL_HTTP_VERSION_2_0))

         continue;

-      if(get_protocol_family(needle->handler) == PROTO_FAMILY_SSH) {

+#ifdef USE_SSH

+      else if(get_protocol_family(needle->handler) == PROTO_FAMILY_SSH) {

         if(!ssh_config_matches(needle, check))

           continue;

       }

+#endif

+#ifndef CURL_DISABLE_FTP

+      else if(get_protocol_family(needle->handler) & PROTO_FAMILY_FTP) {

+        /* Also match ACCOUNT, ALTERNATIVE-TO-USER, USE_SSL and CCC options */

+        if(Curl_timestrcmp(needle->proto.ftpc.account,

+                           check->proto.ftpc.account) ||

+           Curl_timestrcmp(needle->proto.ftpc.alternative_to_user,

+                           check->proto.ftpc.alternative_to_user) ||

+           (needle->proto.ftpc.use_ssl != check->proto.ftpc.use_ssl) ||

+           (needle->proto.ftpc.ccc != check->proto.ftpc.ccc))

+          continue;

+      }

+#endif

       if((needle->handler->flags&PROTOPT_SSL)

 #ifndef CURL_DISABLE_PROXY

diff --git a/lib/urldata.h b/lib/urldata.h

index 9d9ca92..4e2f5b9 100644

--- a/lib/urldata.h

+++ b/lib/urldata.h

@@ -1760,8 +1760,6 @@ struct UserDefined {

 #ifndef CURL_DISABLE_NETRC

   unsigned char use_netrc;        /* enum CURL_NETRC_OPTION values  */

 #endif

-  curl_usessl use_ssl;   /* if AUTH TLS is to be attempted etc, for FTP or

-                            IMAP or POP3 or others! */

   unsigned int new_file_perms;      /* when creating remote files */

   unsigned int new_directory_perms; /* when creating remote dirs */

   int ssh_auth_types;    /* allowed SSH auth types */

@@ -1820,6 +1818,8 @@ struct UserDefined {

   BIT(mail_rcpt_allowfails); /* allow RCPT TO command to fail for some

                                 recipients */

 #endif

+  unsigned char use_ssl;   /* if AUTH TLS is to be attempted etc, for FTP or

+                              IMAP or POP3 or others! (type: curl_usessl)*/

   BIT(is_fread_set); /* has read callback been set to non-NULL? */

 #ifndef CURL_DISABLE_TFTP

   BIT(tftp_no_options); /* do not send TFTP options requests */

-- 

2.39.2