curl/backport-tool_getparam-clear-sensitive-arguments-better.patch

From 654f8cb5f353905c6eb5b2a6ef7e5beafa7d0634 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 19 Feb 2025 23:55:31 +0100
Subject: [PATCH] tool_getparam: clear sensitive arguments better

curl attempts to clear some flags to hide them from snooping neighbors
(on platforms where it works). For example the credentials provided with
-u. Previously it would only do that if there was a space between the
option and the credentials as in "-u joe:s3cr3t" but not when done
without a separating space as in "-ujoe:s3cr3t".

This addresses that previous shortcoming.

Reported-by: kayrus on github
Fixes #16396
Closes #16401

Conflict:context adapt
Reference:https://github.com/curl/curl/commit/654f8cb5f353905c6eb5b2a6ef7e5beafa7d0634
---
 src/tool_getparam.c | 19 ++++++++++++------
 src/tool_getparam.h |  3 ++-
 src/tool_parsecfg.c |  3 ++-
 3 files changed, 19 insertions(+), 7 deletions(-)

diff --git a/src/tool_getparam.c b/src/tool_getparam.c
index f66124d40a27..6944059df740 100644
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@@ -1564,7 +1564,8 @@ static ParameterError parse_time_cond(struct GlobalConfig *global,
 
 ParameterError getparameter(const char *flag, /* f or -long-flag */
                             char *nextarg,    /* NULL if unset */
-                            argv_item_t cleararg,
+                            argv_item_t cleararg1,
+                            argv_item_t cleararg2,
                             bool *usedarg,    /* set to TRUE if the arg
                                                  has been used */
                             struct GlobalConfig *global,
@@ -1590,6 +1591,9 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
                          by using --OPTION or --no-OPTION */
 #ifdef HAVE_WRITABLE_ARGV
   argv_item_t clearthis = NULL;
+#else
+  (void)cleararg1;
+  (void)cleararg2;
 #endif
   *usedarg = FALSE; /* default is that we don't use the arg */
 
@@ -1669,6 +1671,9 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
       if(!longopt && parse[1]) {
         nextarg = (char *)&parse[1]; /* this is the actual extra parameter */
         singleopt = TRUE;   /* don't loop anymore after this */
+#ifdef HAVE_WRITABLE_ARGV
+        clearthis = &cleararg1[parse + 2 - flag];
+#endif
       }
       else if(!nextarg)
         return PARAM_REQUIRES_PARAMETER;
@@ -1676,7 +1681,7 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
         return PARAM_REQUIRES_PARAMETER;
       else {
 #ifdef HAVE_WRITABLE_ARGV
-        clearthis = cleararg;
+        clearthis = cleararg2;
 #endif
         *usedarg = TRUE; /* mark it as used */
       }
@@ -2889,8 +2894,8 @@ ParameterError parse_args(struct GlobalConfig *global, int argc,
           }
         }
 
-        result = getparameter(orig_opt, nextarg, argv[i + 1], &passarg,
-                              global, config);
+        result = getparameter(orig_opt, nextarg, argv[i], argv[i + 1],
+                              &passarg, global, config);
         curlx_unicodefree(nextarg);
         config = global->last;
         if(result == PARAM_NEXT_OPERATION) {
@@ -2932,7 +2937,8 @@ ParameterError parse_args(struct GlobalConfig *global, int argc,
       bool used;
 
       /* Just add the URL please */
-      result = getparameter("--url", orig_opt, argv[i], &used, global, config);
+      result = getparameter("--url", orig_opt, NULL, NULL,
+                            &used, global, config);
     }
 
     if(!result)
diff --git a/src/tool_getparam.h b/src/tool_getparam.h
index beef191c66e8..bcfb35f0657e 100644
--- a/src/tool_getparam.h
+++ b/src/tool_getparam.h
@@ -361,7 +361,8 @@ const struct LongShort *findlongopt(const char *opt);
 struct OperationConfig;
 
 ParameterError getparameter(const char *flag, char *nextarg,
-                            argv_item_t cleararg,
+                            argv_item_t cleararg1,
+                            argv_item_t cleararg2,
                             bool *usedarg,
                             struct GlobalConfig *global,
                             struct OperationConfig *operation);
diff --git a/src/tool_parsecfg.c b/src/tool_parsecfg.c
index 651ec8e9f401..b9fd56b300ba 100644
--- a/src/tool_parsecfg.c
+++ b/src/tool_parsecfg.c
@@ -190,7 +190,8 @@ int parseconfig(const char *filename, struct GlobalConfig *global)
 #ifdef DEBUG_CONFIG
       fprintf(stderr, "PARAM: \"%s\"\n",(param ? param : "(null)"));
 #endif
-      res = getparameter(option, param, NULL, &usedarg, global, operation);
+      res = getparameter(option, param, NULL, NULL,
+                         &usedarg, global, operation);
       operation = global->last;
 
       if(!res && param && *param && !usedarg)
backport patches 2025-03-25 07:53:18 +00:00			`From 654f8cb5f353905c6eb5b2a6ef7e5beafa7d0634 Mon Sep 17 00:00:00 2001`
			`From: Daniel Stenberg <daniel@haxx.se>`
			`Date: Wed, 19 Feb 2025 23:55:31 +0100`
			`Subject: [PATCH] tool_getparam: clear sensitive arguments better`

			`curl attempts to clear some flags to hide them from snooping neighbors`
			`(on platforms where it works). For example the credentials provided with`
			`-u. Previously it would only do that if there was a space between the`
			`option and the credentials as in "-u joe:s3cr3t" but not when done`
			`without a separating space as in "-ujoe:s3cr3t".`

			`This addresses that previous shortcoming.`

			`Reported-by: kayrus on github`
			`Fixes #16396`
			`Closes #16401`

			`Conflict:context adapt`
			`Reference:https://github.com/curl/curl/commit/654f8cb5f353905c6eb5b2a6ef7e5beafa7d0634`
			`---`
			`src/tool_getparam.c \| 19 ++++++++++++------`
			`src/tool_getparam.h \| 3 ++-`
			`src/tool_parsecfg.c \| 3 ++-`
			`3 files changed, 19 insertions(+), 7 deletions(-)`

			`diff --git a/src/tool_getparam.c b/src/tool_getparam.c`
			`index f66124d40a27..6944059df740 100644`
			`--- a/src/tool_getparam.c`
			`+++ b/src/tool_getparam.c`
			`@@ -1564,7 +1564,8 @@ static ParameterError parse_time_cond(struct GlobalConfig *global,`

			`ParameterError getparameter(const char flag, / f or -long-flag */`
			`char nextarg, / NULL if unset */`
			`- argv_item_t cleararg,`
			`+ argv_item_t cleararg1,`
			`+ argv_item_t cleararg2,`
			`bool usedarg, / set to TRUE if the arg`
			`has been used */`
			`struct GlobalConfig *global,`
			`@@ -1590,6 +1591,9 @@ ParameterError getparameter(const char flag, / f or -long-flag */`
			`by using --OPTION or --no-OPTION */`
			`#ifdef HAVE_WRITABLE_ARGV`
			`argv_item_t clearthis = NULL;`
			`+#else`
			`+ (void)cleararg1;`
			`+ (void)cleararg2;`
			`#endif`
			`usedarg = FALSE; / default is that we don't use the arg */`

			`@@ -1669,6 +1671,9 @@ ParameterError getparameter(const char flag, / f or -long-flag */`
			`if(!longopt && parse[1]) {`
			`nextarg = (char )&parse[1]; / this is the actual extra parameter */`
			`singleopt = TRUE; /* don't loop anymore after this */`
			`+#ifdef HAVE_WRITABLE_ARGV`
			`+ clearthis = &cleararg1[parse + 2 - flag];`
			`+#endif`
			`}`
			`else if(!nextarg)`
			`return PARAM_REQUIRES_PARAMETER;`
			`@@ -1676,7 +1681,7 @@ ParameterError getparameter(const char flag, / f or -long-flag */`
			`return PARAM_REQUIRES_PARAMETER;`
			`else {`
			`#ifdef HAVE_WRITABLE_ARGV`
			`- clearthis = cleararg;`
			`+ clearthis = cleararg2;`
			`#endif`
			`usedarg = TRUE; / mark it as used */`
			`}`
			`@@ -2889,8 +2894,8 @@ ParameterError parse_args(struct GlobalConfig *global, int argc,`
			`}`
			`}`

			`- result = getparameter(orig_opt, nextarg, argv[i + 1], &passarg,`
			`- global, config);`
			`+ result = getparameter(orig_opt, nextarg, argv[i], argv[i + 1],`
			`+ &passarg, global, config);`
			`curlx_unicodefree(nextarg);`
			`config = global->last;`
			`if(result == PARAM_NEXT_OPERATION) {`
			`@@ -2932,7 +2937,8 @@ ParameterError parse_args(struct GlobalConfig *global, int argc,`
			`bool used;`

			`/* Just add the URL please */`
			`- result = getparameter("--url", orig_opt, argv[i], &used, global, config);`
			`+ result = getparameter("--url", orig_opt, NULL, NULL,`
			`+ &used, global, config);`
			`}`

			`if(!result)`
			`diff --git a/src/tool_getparam.h b/src/tool_getparam.h`
			`index beef191c66e8..bcfb35f0657e 100644`
			`--- a/src/tool_getparam.h`
			`+++ b/src/tool_getparam.h`
			`@@ -361,7 +361,8 @@ const struct LongShort findlongopt(const char opt);`
			`struct OperationConfig;`

			`ParameterError getparameter(const char flag, char nextarg,`
			`- argv_item_t cleararg,`
			`+ argv_item_t cleararg1,`
			`+ argv_item_t cleararg2,`
			`bool *usedarg,`
			`struct GlobalConfig *global,`
			`struct OperationConfig *operation);`
			`diff --git a/src/tool_parsecfg.c b/src/tool_parsecfg.c`
			`index 651ec8e9f401..b9fd56b300ba 100644`
			`--- a/src/tool_parsecfg.c`
			`+++ b/src/tool_parsecfg.c`
			`@@ -190,7 +190,8 @@ int parseconfig(const char filename, struct GlobalConfig global)`
			`#ifdef DEBUG_CONFIG`
			`fprintf(stderr, "PARAM: \"%s\"\n",(param ? param : "(null)"));`
			`#endif`
			`- res = getparameter(option, param, NULL, &usedarg, global, operation);`
			`+ res = getparameter(option, param, NULL, NULL,`
			`+ &usedarg, global, operation);`
			`operation = global->last;`

			`if(!res && param && *param && !usedarg)`