curl/backport-tool_getparam-clear-sensitive-arguments-better.patch

From 654f8cb5f353905c6eb5b2a6ef7e5beafa7d0634 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 19 Feb 2025 23:55:31 +0100
Subject: [PATCH] tool_getparam: clear sensitive arguments better

curl attempts to clear some flags to hide them from snooping neighbors
(on platforms where it works). For example the credentials provided with
-u. Previously it would only do that if there was a space between the
option and the credentials as in "-u joe:s3cr3t" but not when done
without a separating space as in "-ujoe:s3cr3t".

This addresses that previous shortcoming.

Reported-by: kayrus on github
Fixes #16396
Closes #16401

Conflict:context adapt
Reference:https://github.com/curl/curl/commit/654f8cb5f353905c6eb5b2a6ef7e5beafa7d0634
---
 src/tool_getparam.c | 19 ++++++++++++------
 src/tool_getparam.h |  3 ++-
 src/tool_parsecfg.c |  3 ++-
 3 files changed, 19 insertions(+), 7 deletions(-)

diff --git a/src/tool_getparam.c b/src/tool_getparam.c
index f66124d40a27..6944059df740 100644
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@@ -1564,7 +1564,8 @@ static ParameterError parse_time_cond(struct GlobalConfig *global,
 
 ParameterError getparameter(const char *flag, /* f or -long-flag */
                             char *nextarg,    /* NULL if unset */
-                            argv_item_t cleararg,
+                            argv_item_t cleararg1,
+                            argv_item_t cleararg2,
                             bool *usedarg,    /* set to TRUE if the arg
                                                  has been used */
                             struct GlobalConfig *global,
@@ -1590,6 +1591,9 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
                          by using --OPTION or --no-OPTION */
 #ifdef HAVE_WRITABLE_ARGV
   argv_item_t clearthis = NULL;
+#else
+  (void)cleararg1;
+  (void)cleararg2;
 #endif
   *usedarg = FALSE; /* default is that we don't use the arg */
 
@@ -1669,6 +1671,9 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
       if(!longopt && parse[1]) {
         nextarg = (char *)&parse[1]; /* this is the actual extra parameter */
         singleopt = TRUE;   /* don't loop anymore after this */
+#ifdef HAVE_WRITABLE_ARGV
+        clearthis = &cleararg1[parse + 2 - flag];
+#endif
       }
       else if(!nextarg)
         return PARAM_REQUIRES_PARAMETER;
@@ -1676,7 +1681,7 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
         return PARAM_REQUIRES_PARAMETER;
       else {
 #ifdef HAVE_WRITABLE_ARGV
-        clearthis = cleararg;
+        clearthis = cleararg2;
 #endif
         *usedarg = TRUE; /* mark it as used */
       }
@@ -2889,8 +2894,8 @@ ParameterError parse_args(struct GlobalConfig *global, int argc,
           }
         }
 
-        result = getparameter(orig_opt, nextarg, argv[i + 1], &passarg,
-                              global, config);
+        result = getparameter(orig_opt, nextarg, argv[i], argv[i + 1],
+                              &passarg, global, config);
         curlx_unicodefree(nextarg);
         config = global->last;
         if(result == PARAM_NEXT_OPERATION) {
@@ -2932,7 +2937,8 @@ ParameterError parse_args(struct GlobalConfig *global, int argc,
       bool used;
 
       /* Just add the URL please */
-      result = getparameter("--url", orig_opt, argv[i], &used, global, config);
+      result = getparameter("--url", orig_opt, NULL, NULL,
+                            &used, global, config);
     }
 
     if(!result)
diff --git a/src/tool_getparam.h b/src/tool_getparam.h
index beef191c66e8..bcfb35f0657e 100644
--- a/src/tool_getparam.h
+++ b/src/tool_getparam.h
@@ -361,7 +361,8 @@ const struct LongShort *findlongopt(const char *opt);
 struct OperationConfig;
 
 ParameterError getparameter(const char *flag, char *nextarg,
-                            argv_item_t cleararg,
+                            argv_item_t cleararg1,
+                            argv_item_t cleararg2,
                             bool *usedarg,
                             struct GlobalConfig *global,
                             struct OperationConfig *operation);
diff --git a/src/tool_parsecfg.c b/src/tool_parsecfg.c
index 651ec8e9f401..b9fd56b300ba 100644
--- a/src/tool_parsecfg.c
+++ b/src/tool_parsecfg.c
@@ -190,7 +190,8 @@ int parseconfig(const char *filename, struct GlobalConfig *global)
 #ifdef DEBUG_CONFIG
       fprintf(stderr, "PARAM: \"%s\"\n",(param ? param : "(null)"));
 #endif
-      res = getparameter(option, param, NULL, &usedarg, global, operation);
+      res = getparameter(option, param, NULL, NULL,
+                         &usedarg, global, operation);
       operation = global->last;
 
       if(!res && param && *param && !usedarg)