rpms / curl

Clone
Source Code
GIT

Blame SOURCES/0007-curl-7.76.1-CVE-2021-22945.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   7517ddb75c68f3e132cdce1bcd614796878b191b
  2.   SOURCES
  3.   0007-curl-7.76.1-CVE-2021-22945.patch
Blob History Raw
b5a08f 
From bb7619897e53ed424e0712ca5a4c93d5fae99715 Mon Sep 17 00:00:00 2001
b5a08f 
From: z2_ on hackerone <>
b5a08f 
Date: Tue, 24 Aug 2021 09:50:33 +0200
b5a08f 
Subject: [PATCH] mqtt: clear the leftovers pointer when sending succeeds
b5a08f
b5a08f 
CVE-2021-22945
b5a08f
b5a08f 
Bug: https://curl.se/docs/CVE-2021-22945.html
b5a08f
b5a08f 
Upstream-commit: 43157490a5054bd24256fe12876931e8abc9df49
b5a08f 
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
b5a08f 
---
b5a08f 
 lib/mqtt.c | 4 ++++
b5a08f 
 1 file changed, 4 insertions(+)
b5a08f
b5a08f 
diff --git a/lib/mqtt.c b/lib/mqtt.c
b5a08f 
index d88fa73..f3fc045 100644
b5a08f 
--- a/lib/mqtt.c
b5a08f 
+++ b/lib/mqtt.c
b5a08f 
@@ -128,6 +128,10 @@ static CURLcode mqtt_send(struct Curl_easy *data,
b5a08f 
     mq->sendleftovers = sendleftovers;
b5a08f 
     mq->nsend = nsend;
b5a08f 
   }
b5a08f 
+  else {
b5a08f 
+    mq->sendleftovers = NULL;
b5a08f 
+    mq->nsend = 0;
b5a08f 
+  }
b5a08f 
   return result;
b5a08f 
 }
b5a08f
b5a08f 
--
b5a08f 
2.31.1
b5a08f

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation