aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Hajnoczi <stefanha@redhat.com>2013-02-13 09:25:34 +0100
committerAnthony Liguori <aliguori@us.ibm.com>2013-02-13 11:57:35 -0600
commit8a8f5840082eb65d140ccfe7b128c92390cce1c3 (patch)
tree73706401f78f35bda4f222c642fa8485c8671847
parentd36b2b904ee921b380fad559cb824a40eb587bcb (diff)
block/curl: only restrict protocols with libcurl>=7.19.4
The curl_easy_setopt(state->curl, CURLOPT_PROTOCOLS, ...) interface was introduced in libcurl 7.19.4. Therefore we cannot protect against CVE-2013-0249 when linking against an older libcurl. This fixes the build failure introduced by fb6d1bbd246c7a57ef53d3847ef225cd1349d602. Reported-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Tested-by: Andreas Färber <andreas.faeber@web.de> Message-id: 1360743934-8337-1-git-send-email-stefanha@redhat.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
-rw-r--r--block/curl.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/block/curl.c b/block/curl.c
index f6226b3a08..98947dac32 100644
--- a/block/curl.c
+++ b/block/curl.c
@@ -309,9 +309,13 @@ static CURLState *curl_init_state(BDRVCURLState *s)
/* Restrict supported protocols to avoid security issues in the more
* obscure protocols. For example, do not allow POP3/SMTP/IMAP see
* CVE-2013-0249.
+ *
+ * Restricting protocols is only supported from 7.19.4 upwards.
*/
+#if LIBCURL_VERSION_NUM >= 0x071304
curl_easy_setopt(state->curl, CURLOPT_PROTOCOLS, PROTOCOLS);
curl_easy_setopt(state->curl, CURLOPT_REDIR_PROTOCOLS, PROTOCOLS);
+#endif
#ifdef DEBUG_VERBOSE
curl_easy_setopt(state->curl, CURLOPT_VERBOSE, 1);