Blame SOURCES/0022-curl-7.76.1-CVE-2022-32221.patch

fa385f
From 08a53016db649bdf4f65c42a9704d35e052be7eb Mon Sep 17 00:00:00 2001
fa385f
From: Daniel Stenberg <daniel@haxx.se>
fa385f
Date: Thu, 15 Sep 2022 09:22:45 +0200
fa385f
Subject: [PATCH 1/2] setopt: when POST is set, reset the 'upload' field
fa385f
fa385f
Reported-by: RobBotic1 on github
fa385f
Fixes #9507
fa385f
Closes #9511
fa385f
fa385f
Upstream-commit: a64e3e59938abd7d667e4470a18072a24d7e9de9
fa385f
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
fa385f
---
fa385f
 lib/setopt.c | 1 +
fa385f
 1 file changed, 1 insertion(+)
fa385f
fa385f
diff --git a/lib/setopt.c b/lib/setopt.c
fa385f
index d5e3b50..b8793b4 100644
fa385f
--- a/lib/setopt.c
fa385f
+++ b/lib/setopt.c
fa385f
@@ -628,6 +628,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
fa385f
     }
fa385f
     else
fa385f
       data->set.method = HTTPREQ_GET;
fa385f
+    data->set.upload = FALSE;
fa385f
     break;
fa385f
 
fa385f
   case CURLOPT_HTTPPOST:
fa385f
-- 
fa385f
2.37.3
fa385f
fa385f
fa385f
From a5e36349807b98d31a16bd220f6434289465e16a Mon Sep 17 00:00:00 2001
fa385f
From: Daniel Stenberg <daniel@haxx.se>
fa385f
Date: Thu, 15 Sep 2022 09:23:33 +0200
fa385f
Subject: [PATCH 2/2] test1948: verify PUT + POST reusing the same handle
fa385f
fa385f
Reproduced #9507, verifies the fix
fa385f
fa385f
Upstream-commit: 1edb15925e350be3b891f8a8de86600b22c0bb20
fa385f
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
fa385f
---
fa385f
 tests/data/Makefile.inc    |  1 +
fa385f
 tests/data/test1948        | 73 +++++++++++++++++++++++++++++++++++
fa385f
 tests/libtest/Makefile.inc |  5 +++
fa385f
 tests/libtest/lib1948.c    | 79 ++++++++++++++++++++++++++++++++++++++
fa385f
 4 files changed, 158 insertions(+)
fa385f
 create mode 100644 tests/data/test1948
fa385f
 create mode 100644 tests/libtest/lib1948.c
fa385f
fa385f
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
fa385f
index 818ee08..0cfab9b 100644
fa385f
--- a/tests/data/Makefile.inc
fa385f
+++ b/tests/data/Makefile.inc
fa385f
@@ -217,6 +217,7 @@ test1908 test1909 test1910 test1911 test1912 test1913 test1914 test1915 \
fa385f
 test1916 test1917 test1918 \
fa385f
 \
fa385f
 test1933 test1934 test1935 test1936 \
fa385f
+test1948 \
fa385f
 \
fa385f
 test2000 test2001 test2002 test2003 test2004 test2005 test2006 test2007 \
fa385f
 test2008 test2009 test2010 test2011 test2012 test2013 test2014 test2015 \
fa385f
diff --git a/tests/data/test1948 b/tests/data/test1948
fa385f
new file mode 100644
fa385f
index 0000000..639523d
fa385f
--- /dev/null
fa385f
+++ b/tests/data/test1948
fa385f
@@ -0,0 +1,73 @@
fa385f
+<testcase>
fa385f
+<info>
fa385f
+<keywords>
fa385f
+HTTP
fa385f
+HTTP POST
fa385f
+HTTP PUT
fa385f
+</keywords>
fa385f
+</info>
fa385f
+
fa385f
+# Server-side
fa385f
+<reply>
fa385f
+<data>
fa385f
+HTTP/1.1 200 OK
fa385f
+Date: Thu, 01 Nov 2001 14:49:00 GMT
fa385f
+Content-Type: text/html
fa385f
+Content-Length: 6
fa385f
+
fa385f
+hello
fa385f
+</data>
fa385f
+<datacheck>
fa385f
+HTTP/1.1 200 OK
fa385f
+Date: Thu, 01 Nov 2001 14:49:00 GMT
fa385f
+Content-Type: text/html
fa385f
+Content-Length: 6
fa385f
+
fa385f
+hello
fa385f
+HTTP/1.1 200 OK
fa385f
+Date: Thu, 01 Nov 2001 14:49:00 GMT
fa385f
+Content-Type: text/html
fa385f
+Content-Length: 6
fa385f
+
fa385f
+hello
fa385f
+</datacheck>
fa385f
+</reply>
fa385f
+
fa385f
+# Client-side
fa385f
+<client>
fa385f
+<server>
fa385f
+http
fa385f
+</server>
fa385f
+
fa385f
+<name>
fa385f
+CURLOPT_POST after CURLOPT_UPLOAD reusing handle
fa385f
+</name>
fa385f
+<tool>
fa385f
+lib%TESTNUMBER
fa385f
+</tool>
fa385f
+
fa385f
+<command>
fa385f
+http://%HOSTIP:%HTTPPORT/%TESTNUMBER
fa385f
+</command>
fa385f
+</client>
fa385f
+
fa385f
+# Verify data after the test has been "shot"
fa385f
+<verify>
fa385f
+<protocol>
fa385f
+PUT /%TESTNUMBER HTTP/1.1
fa385f
+Host: %HOSTIP:%HTTPPORT
fa385f
+Accept: */*
fa385f
+Content-Length: 22
fa385f
+Expect: 100-continue
fa385f
+
fa385f
+This is test PUT data
fa385f
+POST /1948 HTTP/1.1
fa385f
+Host: %HOSTIP:%HTTPPORT
fa385f
+Accept: */*
fa385f
+Content-Length: 22
fa385f
+Content-Type: application/x-www-form-urlencoded
fa385f
+
fa385f
+This is test PUT data
fa385f
+</protocol>
fa385f
+</verify>
fa385f
+</testcase>
fa385f
diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc
fa385f
index 83a8af4..3192eca 100644
fa385f
--- a/tests/libtest/Makefile.inc
fa385f
+++ b/tests/libtest/Makefile.inc
fa385f
@@ -61,6 +61,7 @@ noinst_PROGRAMS = chkhostname libauthretry libntlmconnect                \
fa385f
  lib1591 lib1592 lib1593 lib1594 lib1596 \
fa385f
          lib1905 lib1906 lib1907 lib1908 lib1910 lib1911 lib1912 lib1913 \
fa385f
          lib1915 lib1916 lib1917 lib1918 lib1933 lib1934 lib1935 lib1936 \
fa385f
+ lib1948 \
fa385f
          lib3010
fa385f
 
fa385f
 chkdecimalpoint_SOURCES = chkdecimalpoint.c ../../lib/mprintf.c \
fa385f
@@ -690,6 +691,10 @@ lib1936_SOURCES = lib1936.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
fa385f
 lib1936_LDADD = $(TESTUTIL_LIBS)
fa385f
 lib1936_CPPFLAGS = $(AM_CPPFLAGS)
fa385f
 
fa385f
+lib1948_SOURCES = lib1948.c $(SUPPORTFILES)
fa385f
+lib1948_LDADD = $(TESTUTIL_LIBS)
fa385f
+lib1948_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1948
fa385f
+
fa385f
 lib3010_SOURCES = lib3010.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
fa385f
 lib3010_LDADD = $(TESTUTIL_LIBS)
fa385f
 lib3010_CPPFLAGS = $(AM_CPPFLAGS)
fa385f
diff --git a/tests/libtest/lib1948.c b/tests/libtest/lib1948.c
fa385f
new file mode 100644
fa385f
index 0000000..7c891a2
fa385f
--- /dev/null
fa385f
+++ b/tests/libtest/lib1948.c
fa385f
@@ -0,0 +1,79 @@
fa385f
+/***************************************************************************
fa385f
+ *                                  _   _ ____  _
fa385f
+ *  Project                     ___| | | |  _ \| |
fa385f
+ *                             / __| | | | |_) | |
fa385f
+ *                            | (__| |_| |  _ <| |___
fa385f
+ *                             \___|\___/|_| \_\_____|
fa385f
+ *
fa385f
+ * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
fa385f
+ *
fa385f
+ * This software is licensed as described in the file COPYING, which
fa385f
+ * you should have received as part of this distribution. The terms
fa385f
+ * are also available at https://curl.haxx.se/docs/copyright.html.
fa385f
+ *
fa385f
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
fa385f
+ * copies of the Software, and permit persons to whom the Software is
fa385f
+ * furnished to do so, under the terms of the COPYING file.
fa385f
+ *
fa385f
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
fa385f
+ * KIND, either express or implied.
fa385f
+ *
fa385f
+ * SPDX-License-Identifier: curl
fa385f
+ *
fa385f
+ ***************************************************************************/
fa385f
+
fa385f
+#include "test.h"
fa385f
+
fa385f
+typedef struct
fa385f
+{
fa385f
+  char *buf;
fa385f
+  size_t len;
fa385f
+} put_buffer;
fa385f
+
fa385f
+static size_t put_callback(char *ptr, size_t size, size_t nmemb, void *stream)
fa385f
+{
fa385f
+  put_buffer *putdata = (put_buffer *)stream;
fa385f
+  size_t totalsize = size * nmemb;
fa385f
+  size_t tocopy = (putdata->len < totalsize) ? putdata->len : totalsize;
fa385f
+  memcpy(ptr, putdata->buf, tocopy);
fa385f
+  putdata->len -= tocopy;
fa385f
+  putdata->buf += tocopy;
fa385f
+  return tocopy;
fa385f
+}
fa385f
+
fa385f
+int test(char *URL)
fa385f
+{
fa385f
+  CURL *curl;
fa385f
+  CURLcode res = CURLE_OUT_OF_MEMORY;
fa385f
+
fa385f
+  curl_global_init(CURL_GLOBAL_DEFAULT);
fa385f
+
fa385f
+  curl = curl_easy_init();
fa385f
+  if(curl) {
fa385f
+    const char *testput = "This is test PUT data\n";
fa385f
+    put_buffer pbuf;
fa385f
+
fa385f
+    /* PUT */
fa385f
+    curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L);
fa385f
+    curl_easy_setopt(curl, CURLOPT_HEADER, 1L);
fa385f
+    curl_easy_setopt(curl, CURLOPT_READFUNCTION, put_callback);
fa385f
+    pbuf.buf = (char *)testput;
fa385f
+    pbuf.len = strlen(testput);
fa385f
+    curl_easy_setopt(curl, CURLOPT_READDATA, &pbuf);
fa385f
+    curl_easy_setopt(curl, CURLOPT_INFILESIZE, (long)strlen(testput));
fa385f
+    res = curl_easy_setopt(curl, CURLOPT_URL, URL);
fa385f
+    if(!res)
fa385f
+      res = curl_easy_perform(curl);
fa385f
+    if(!res) {
fa385f
+      /* POST */
fa385f
+      curl_easy_setopt(curl, CURLOPT_POST, 1L);
fa385f
+      curl_easy_setopt(curl, CURLOPT_POSTFIELDS, testput);
fa385f
+      curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, (long)strlen(testput));
fa385f
+      res = curl_easy_perform(curl);
fa385f
+    }
fa385f
+    curl_easy_cleanup(curl);
fa385f
+  }
fa385f
+
fa385f
+  curl_global_cleanup();
fa385f
+  return (int)res;
fa385f
+}
fa385f
-- 
fa385f
2.37.3
fa385f