Tree - rpms/curl - CentOS Git server

rpms / curl

Blame SOURCES/0022-curl-7.61.1-CVE-2020-8231.patch

Blob History Raw

		e88b99	`From 7a26092a9e21f1e0dc3cad69a580a7e2c7822ad0 Mon Sep 17 00:00:00 2001`
		e88b99	`From: Daniel Stenberg <daniel@haxx.se>`
		e88b99	`Date: Sun, 16 Aug 2020 11:34:35 +0200`
		e88b99	`Subject: [PATCH] Curl_easy: remember last connection by id, not by pointer`
		e88b99
		e88b99	`CVE-2020-8231`
		e88b99
		e88b99	`Bug: https://curl.haxx.se/docs/CVE-2020-8231.html`
		e88b99
		e88b99	`Reported-by: Marc Aldorasi`
		e88b99	`Closes #5824`
		e88b99
		e88b99	`Upstream-commit: 3c9e021f86872baae412a427e807fbfa2f3e8a22`
		e88b99	`Signed-off-by: Kamil Dudka <kdudka@redhat.com>`
		e88b99	`---`
		e88b99	`lib/connect.c \| 19 ++++++++++---------`
		e88b99	`lib/easy.c \| 3 +--`
		e88b99	`lib/multi.c \| 5 +++--`
		e88b99	`lib/url.c \| 2 +-`
		e88b99	`lib/urldata.h \| 2 +-`
		e88b99	`5 files changed, 16 insertions(+), 15 deletions(-)`
		e88b99
		e88b99	`diff --git a/lib/connect.c b/lib/connect.c`
		e88b99	`index 41f2202..f724646 100644`
		e88b99	`--- a/lib/connect.c`
		e88b99	`+++ b/lib/connect.c`
		e88b99	`@@ -1214,15 +1214,15 @@ CURLcode Curl_connecthost(struct connectdata conn, / context */`
		e88b99	`}`
		e88b99
		e88b99	`struct connfind {`
		e88b99	`- struct connectdata *tofind;`
		e88b99	`- bool found;`
		e88b99	`+ long id_tofind;`
		e88b99	`+ struct connectdata *found;`
		e88b99	`};`
		e88b99
		e88b99	`static int conn_is_conn(struct connectdata conn, void param)`
		e88b99	`{`
		e88b99	`struct connfind f = (struct connfind )param;`
		e88b99	`- if(conn == f->tofind) {`
		e88b99	`- f->found = TRUE;`
		e88b99	`+ if(conn->connection_id == f->id_tofind) {`
		e88b99	`+ f->found = conn;`
		e88b99	`return 1;`
		e88b99	`}`
		e88b99	`return 0;`
		e88b99	`@@ -1244,21 +1244,22 @@ curl_socket_t Curl_getconnectinfo(struct Curl_easy *data,`
		e88b99	`* - that is associated with a multi handle, and whose connection`
		e88b99	`* was detached with CURLOPT_CONNECT_ONLY`
		e88b99	`*/`
		e88b99	`- if(data->state.lastconnect && (data->multi_easy \|\| data->multi)) {`
		e88b99	`- struct connectdata *c = data->state.lastconnect;`
		e88b99	`+ if((data->state.lastconnect_id != -1) && (data->multi_easy \|\| data->multi)) {`
		e88b99	`+ struct connectdata *c;`
		e88b99	`struct connfind find;`
		e88b99	`- find.tofind = data->state.lastconnect;`
		e88b99	`- find.found = FALSE;`
		e88b99	`+ find.id_tofind = data->state.lastconnect_id;`
		e88b99	`+ find.found = NULL;`
		e88b99
		e88b99	`Curl_conncache_foreach(data, data->multi_easy?`
		e88b99	`&data->multi_easy->conn_cache:`
		e88b99	`&data->multi->conn_cache, &find, conn_is_conn);`
		e88b99
		e88b99	`if(!find.found) {`
		e88b99	`- data->state.lastconnect = NULL;`
		e88b99	`+ data->state.lastconnect_id = -1;`
		e88b99	`return CURL_SOCKET_BAD;`
		e88b99	`}`
		e88b99
		e88b99	`+ c = find.found;`
		e88b99	`if(connp) {`
		e88b99	`/* only store this if the caller cares for it */`
		e88b99	`*connp = c;`
		e88b99	`diff --git a/lib/easy.c b/lib/easy.c`
		e88b99	`index 027d0be..fe61cdd 100644`
		e88b99	`--- a/lib/easy.c`
		e88b99	`+++ b/lib/easy.c`
		e88b99	`@@ -919,8 +919,7 @@ struct Curl_easy curl_easy_duphandle(struct Curl_easy data)`
		e88b99
		e88b99	`/* the connection cache is setup on demand */`
		e88b99	`outcurl->state.conn_cache = NULL;`
		e88b99	`-`
		e88b99	`- outcurl->state.lastconnect = NULL;`
		e88b99	`+ outcurl->state.lastconnect_id = -1;`
		e88b99
		e88b99	`outcurl->progress.flags = data->progress.flags;`
		e88b99	`outcurl->progress.callback = data->progress.callback;`
		e88b99	`diff --git a/lib/multi.c b/lib/multi.c`
		e88b99	`index 0caf943..0f57fd5 100644`
		e88b99	`--- a/lib/multi.c`
		e88b99	`+++ b/lib/multi.c`
		e88b99	`@@ -427,6 +427,7 @@ CURLMcode curl_multi_add_handle(struct Curl_multi *multi,`
		e88b99	`data->state.conn_cache = &data->share->conn_cache;`
		e88b99	`else`
		e88b99	`data->state.conn_cache = &multi->conn_cache;`
		e88b99	`+ data->state.lastconnect_id = -1;`
		e88b99
		e88b99	`#ifdef USE_LIBPSL`
		e88b99	`/* Do the same for PSL. */`
		e88b99	`@@ -644,11 +645,11 @@ static CURLcode multi_done(struct connectdata **connp,`
		e88b99	`/* the connection is no longer in use by this transfer */`
		e88b99	`if(Curl_conncache_return_conn(conn)) {`
		e88b99	`/* remember the most recently used connection */`
		e88b99	`- data->state.lastconnect = conn;`
		e88b99	`+ data->state.lastconnect_id = conn->connection_id;`
		e88b99	`infof(data, "%s\n", buffer);`
		e88b99	`}`
		e88b99	`else`
		e88b99	`- data->state.lastconnect = NULL;`
		e88b99	`+ data->state.lastconnect_id = -1;`
		e88b99	`}`
		e88b99
		e88b99	`connp = NULL; / to make the caller of this function better detect that`
		e88b99	`diff --git a/lib/url.c b/lib/url.c`
		e88b99	`index dcc6cc8..d65d17d 100644`
		e88b99	`--- a/lib/url.c`
		e88b99	`+++ b/lib/url.c`
		e88b99	`@@ -592,7 +592,7 @@ CURLcode Curl_open(struct Curl_easy **curl)`
		e88b99	`Curl_initinfo(data);`
		e88b99
		e88b99	`/* most recent connection is not yet defined */`
		e88b99	`- data->state.lastconnect = NULL;`
		e88b99	`+ data->state.lastconnect_id = -1;`
		e88b99
		e88b99	`data->progress.flags \|= PGRS_HIDE;`
		e88b99	`data->state.current_speed = -1; /* init to negative == impossible */`
		e88b99	`diff --git a/lib/urldata.h b/lib/urldata.h`
		e88b99	`index 67db3b2..4b70cc5 100644`
		e88b99	`--- a/lib/urldata.h`
		e88b99	`+++ b/lib/urldata.h`
		e88b99	`@@ -1219,7 +1219,7 @@ struct UrlState {`
		e88b99	`/* buffers to store authentication data in, as parsed from input options */`
		e88b99	`struct curltime keeps_speed; /* for the progress meter really */`
		e88b99
		e88b99	`- struct connectdata lastconnect; / The last connection, NULL if undefined */`
		e88b99	`+ long lastconnect_id; /* The last connection, -1 if undefined */`
		e88b99
		e88b99	`char headerbuff; / allocated buffer to store headers in */`
		e88b99	`size_t headersize; /* size of the allocation */`
		e88b99	`--`
		e88b99	`2.25.4`
		e88b99

rpms / curl

Source Code

Blame SOURCES/0022-curl-7.61.1-CVE-2020-8231.patch