diff options
| author | Stefan Hajnoczi <stefanha@redhat.com> | 2013-02-13 09:25:34 +0100 |
|---|---|---|
| committer | Anthony Liguori <aliguori@us.ibm.com> | 2013-02-13 11:57:35 -0600 |
| commit | 8a8f5840082eb65d140ccfe7b128c92390cce1c3 (patch) | |
| tree | 73706401f78f35bda4f222c642fa8485c8671847 /block/curl.c | |
| parent | d36b2b904ee921b380fad559cb824a40eb587bcb (diff) | |
| download | qemu-8a8f5840082eb65d140ccfe7b128c92390cce1c3.tar.gz | |
block/curl: only restrict protocols with libcurl>=7.19.4
The curl_easy_setopt(state->curl, CURLOPT_PROTOCOLS, ...) interface was
introduced in libcurl 7.19.4. Therefore we cannot protect against
CVE-2013-0249 when linking against an older libcurl.
This fixes the build failure introduced by
fb6d1bbd246c7a57ef53d3847ef225cd1349d602.
Reported-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Tested-by: Andreas Färber <andreas.faeber@web.de>
Message-id: 1360743934-8337-1-git-send-email-stefanha@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Diffstat (limited to 'block/curl.c')
| -rw-r--r-- | block/curl.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/block/curl.c b/block/curl.c index f6226b3a08..98947dac32 100644 --- a/block/curl.c +++ b/block/curl.c @@ -309,9 +309,13 @@ static CURLState *curl_init_state(BDRVCURLState *s) /* Restrict supported protocols to avoid security issues in the more * obscure protocols. For example, do not allow POP3/SMTP/IMAP see * CVE-2013-0249. + * + * Restricting protocols is only supported from 7.19.4 upwards. */ +#if LIBCURL_VERSION_NUM >= 0x071304 curl_easy_setopt(state->curl, CURLOPT_PROTOCOLS, PROTOCOLS); curl_easy_setopt(state->curl, CURLOPT_REDIR_PROTOCOLS, PROTOCOLS); +#endif #ifdef DEBUG_VERBOSE curl_easy_setopt(state->curl, CURLOPT_VERBOSE, 1); |