openGauss-third_party/dependency/libcurl/CVE-2025-14524.patch-代码预览-openGauss-third_party:基于开源生态的数据库依赖编译项目 - AtomGit

lin-qiang123fix CVE-2025-14017,CVE-2025-14524

From 1a822275d333dc6da6043497160fd04c8fa48640 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 10 Dec 2025 11:40:47 +0100
Subject: [PATCH] curl_sasl: if redirected, require permission to use bearer

Closes #19933

Conflict:adapted for curl-7.78.0
Applied to both Curl_sasl_start() and Curl_sasl_continue() functions
Line numbers adjusted: 349->329 and added 515
Reference:https://github.com/curl/curl/commit/1a822275d333dc6da6043497160fd04c8fa48640
---
 lib/curl_sasl.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

--- curl-7.78.0/lib/curl_sasl.c	2021-07-19 15:19:57.000000000 +0800
+++ curl-7.78.0-sasl-patched/lib/curl_sasl.c	2026-01-16 15:27:09.016075297 +0800
@@ -326,7 +326,9 @@
     data->set.str[STRING_SERVICE_NAME] :
     sasl->params->service;
 #endif
-  const char *oauth_bearer = data->set.str[STRING_BEARER];
+  const char *oauth_bearer =
+    (!data->state.this_is_a_follow || data->set.allow_auth_to_other_hosts) ?
+    data->set.str[STRING_BEARER] : NULL;
   struct bufref nullmsg;
 
   Curl_bufref_init(&nullmsg);
@@ -512,7 +514,9 @@
     data->set.str[STRING_SERVICE_NAME] :
     sasl->params->service;
 #endif
-  const char *oauth_bearer = data->set.str[STRING_BEARER];
+  const char *oauth_bearer =
+    (!data->state.this_is_a_follow || data->set.allow_auth_to_other_hosts) ?
+    data->set.str[STRING_BEARER] : NULL;
   struct bufref serverdata;
 
   Curl_bufref_init(&serverdata);