Ubuntu
curl package

libcurl3 crashes when reusing handle with proxy NTLM authentication

Bug #1707214 reported by Patrick Steinhardt on 2017-07-28

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	curl (Ubuntu)	New	Undecided	Unassigned

Bug Description

The package libcurl3-7.35.0 on Ubuntu Trusty crashes when reusing a curl handle and turning on proxy NTLM authentication. The libgit2 project is repeatedly hitting this issue on the new Travis CI container infrastructure, which they have recently updated to make use of Ubuntu Trusty.

This issue stems from the backported fix to CVE-2016-0755 (NTLM: Fix ConnectionExists to compare Proxy credentials), which introduces a null-pointer exception when one of the proxy credentials is `NULL`. The issue has already been fixed upstream in commit fa5fa65a309f352284e58f52183d586886eb17ea, which should be backported to fix the segfault. See the attached patch from Isaac Boukris.

Please consider including this patch to fix the fix for CVE-2016-0755.

Revision history for this message

Patrick Steinhardt (steinhardtp-deactivatedaccount) wrote on 2017-07-28:

Upstream patch Edit (905 bytes, text/x-diff)

Revision history for this message

Edward Thomson (ethomson) wrote on 2017-10-19:

I was pleased to see that there was a new trusty-updates package for curl that fixes a number of out-of-bounds reads!

And I was immediately disappointed that it didn't fix _this_ set of out-of-bounds reads.

Alas.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Upstream patch Edit

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntucurl package