block/curl: only restrict protocols with libcurl>=7.19.4

The curl_easy_setopt(state->curl, CURLOPT_PROTOCOLS, ...) interface was introduced in libcurl 7.19.4. Therefore we cannot protect against CVE-2013-0249 when linking against an older libcurl. This fixes the build failure introduced by fb6d1bbd. Reported-by: N Andreas Färber <afaerber@suse.de> Signed-off-by: N Stefan Hajnoczi <stefanha@redhat.com> Tested-by: N Andreas Färber <andreas.faeber@web.de> Message-id: 1360743934-8337-1-git-send-email-stefanha@redhat.com Signed-off-by: N Anthony Liguori <aliguori@us.ibm.com>

block/curl: only restrict protocols with libcurl>=7.19.4
The curl_easy_setopt(state->curl, CURLOPT_PROTOCOLS, ...) interface was introduced in libcurl 7.19.4. Therefore we cannot protect against CVE-2013-0249 when linking against an older libcurl. This fixes the build failure introduced by fb6d1bbd. Reported-by: N Andreas Färber <afaerber@suse.de> Signed-off-by: N Stefan Hajnoczi <stefanha@redhat.com> Tested-by: N Andreas Färber <andreas.faeber@web.de> Message-id: 1360743934-8337-1-git-send-email-stefanha@redhat.com Signed-off-by: N Anthony Liguori <aliguori@us.ibm.com>
8a8f5840 · Stefan Hajnoczi · Anthony Liguori · d36b2b90 · 8a8f5840
隐藏空白更改
内联并排

Showing with 4 addition and 0 deletion

block/curl.c block/curl.c +4 -0

未找到文件。
--- a/block/curl.c
+++ b/block/curl.c
@@ -309,9 +309,13 @@ static CURLState *curl_init_state(BDRVCURLState *s)
    /* Restrict supported protocols to avoid security issues in the more
     * obscure protocols.  For example, do not allow POP3/SMTP/IMAP see
     * CVE-2013-0249.
+     *
+     * Restricting protocols is only supported from 7.19.4 upwards.
     */
+#if LIBCURL_VERSION_NUM >= 0x071304
    curl_easy_setopt(state->curl, CURLOPT_PROTOCOLS, PROTOCOLS);
    curl_easy_setopt(state->curl, CURLOPT_REDIR_PROTOCOLS, PROTOCOLS);
+#endif

 #ifdef DEBUG_VERBOSE
    curl_easy_setopt(state->curl, CURLOPT_VERBOSE, 1);