From: Stefan Hajnoczi <stefanha@redhat.com>
Date: Wed, 13 Feb 2013 08:25:34 +0000 (+0100)
Subject: block/curl: only restrict protocols with libcurl>=7.19.4
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=3dfdb53b2331bb8eb3f02f8f22cf1eb6acd47acd;p=qemu-upstream-4.2-testing.git

block/curl: only restrict protocols with libcurl>=7.19.4

The curl_easy_setopt(state->curl, CURLOPT_PROTOCOLS, ...) interface was
introduced in libcurl 7.19.4.  Therefore we cannot protect against
CVE-2013-0249 when linking against an older libcurl.

This fixes the build failure introduced by
fb6d1bbd246c7a57ef53d3847ef225cd1349d602.

Reported-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Tested-by: Andreas Färber <andreas.faeber@web.de>
Message-id: 1360743934-8337-1-git-send-email-stefanha@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
---

diff --git a/block/curl.c b/block/curl.c
index d9f6dd966..7d9ff602b 100644
--- a/block/curl.c
+++ b/block/curl.c
@@ -311,9 +311,13 @@ static CURLState *curl_init_state(BDRVCURLState *s)
     /* Restrict supported protocols to avoid security issues in the more
      * obscure protocols.  For example, do not allow POP3/SMTP/IMAP see
      * CVE-2013-0249.
+     *
+     * Restricting protocols is only supported from 7.19.4 upwards.
      */
+#if LIBCURL_VERSION_NUM >= 0x071304
     curl_easy_setopt(state->curl, CURLOPT_PROTOCOLS, PROTOCOLS);
     curl_easy_setopt(state->curl, CURLOPT_REDIR_PROTOCOLS, PROTOCOLS);
+#endif
 
 #ifdef DEBUG_VERBOSE
     curl_easy_setopt(state->curl, CURLOPT_VERBOSE, 1);