From 3c34544890e6fba5df3ddffd11a0533c96426cc6 Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Mon, 8 Apr 2013 20:18:19 +0200
Subject: [PATCH 2/3] rhbz#918080 restrict the set of protocols for curl
 (cherry picked from commit 6401443248d7ce9fad1b42bad291418d59f4a623)

Conflicts:
	src/libcmis/base-session.cxx
	src/libcmis/base-session.hxx
---
 src/libcmis/base-session.cxx | 10 ++++++++++
 src/libcmis/base-session.hxx |  1 +
 2 files changed, 11 insertions(+)

diff --git a/src/libcmis/base-session.cxx b/src/libcmis/base-session.cxx
index b007a9d..9d08edc 100644
--- a/src/libcmis/base-session.cxx
+++ b/src/libcmis/base-session.cxx
@@ -123,6 +123,7 @@ BaseSession::BaseSession( string atomPubUrl, string repositoryId, string usernam
 {
     curl_global_init( CURL_GLOBAL_ALL );
     m_curlHandle = curl_easy_init( );
+    initProtocols();
 }
 
 BaseSession::BaseSession( const BaseSession& copy ) :
@@ -142,6 +143,7 @@ BaseSession::BaseSession( const BaseSession& copy ) :
     // Not sure how sharing curl handles is safe.
     curl_global_init( CURL_GLOBAL_ALL );
     m_curlHandle = curl_easy_init( );
+    initProtocols();
 }
 
 BaseSession& BaseSession::operator=( const BaseSession& copy )
@@ -161,6 +163,7 @@ BaseSession& BaseSession::operator=( const BaseSession& copy )
     // Not sure how sharing curl handles is safe.
     curl_global_init( CURL_GLOBAL_ALL );
     m_curlHandle = curl_easy_init( );
+    initProtocols();
 
     return *this;
 }
@@ -535,3 +538,10 @@ libcmis::Exception CurlException::getCmisException( ) const
 
     return libcmis::Exception( msg, type );
 }
+
+void BaseSession::initProtocols( )
+{
+    const unsigned long protocols = CURLPROTO_HTTP | CURLPROTO_HTTPS;
+    curl_easy_setopt(m_curlHandle, CURLOPT_PROTOCOLS, protocols);
+    curl_easy_setopt(m_curlHandle, CURLOPT_REDIR_PROTOCOLS, protocols);
+}
diff --git a/src/libcmis/base-session.hxx b/src/libcmis/base-session.hxx
index 0b90c1f..6446a41 100644
--- a/src/libcmis/base-session.hxx
+++ b/src/libcmis/base-session.hxx
@@ -149,6 +149,7 @@ class BaseSession : public libcmis::Session
         virtual void setAuthenticationProvider( libcmis::AuthProviderPtr provider ) { m_authProvider = provider; }
     private:
         void httpRunRequest( std::string url ) throw ( CurlException );
+        void initProtocols( );
 };
 
 #endif
-- 
1.8.1.4