rpms / curl

Clone
Source Code
GIT

Blame SOURCES/0047-curl-7.61.1-CVE-2023-23916.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   7d7193d1ad789a6784889db3134567c3edac0e36
  2.   SOURCES
  3.   0047-curl-7.61.1-CVE-2023-23916.patch
Blob History Raw
f3c1ec 
From 95f873ff983a1ae57415b3c16a881e74432cf8b8 Mon Sep 17 00:00:00 2001
f3c1ec 
From: Fabian Keil <fk@fabiankeil.de>
f3c1ec 
Date: Tue, 9 Feb 2021 14:04:32 +0100
f3c1ec 
Subject: [PATCH 1/2] runtests.pl: support the nonewline attribute for the data
f3c1ec 
 part
f3c1ec
f3c1ec 
Closes #8239
f3c1ec
f3c1ec 
Upstream-commit: 736847611a40c01e7c290407e22e2f0f5f8efd6a
f3c1ec 
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
f3c1ec 
---
f3c1ec 
 tests/runtests.pl      |  7 +++++++
f3c1ec 
 tests/server/getpart.c | 11 ++++++++++-
f3c1ec 
 2 files changed, 17 insertions(+), 1 deletion(-)
f3c1ec
f3c1ec 
diff --git a/tests/runtests.pl b/tests/runtests.pl
f3c1ec 
index 40315aa..2e1500d 100755
f3c1ec 
--- a/tests/runtests.pl
f3c1ec 
+++ b/tests/runtests.pl
f3c1ec 
@@ -3817,6 +3817,13 @@ sub singletest {
f3c1ec 
     else {
f3c1ec 
         # check against the data section
f3c1ec 
         @reply = getpart("reply", "data");
f3c1ec 
+        if(@reply) {
f3c1ec 
+            my %hash = getpartattr("reply", "data");
f3c1ec 
+            if($hash{'nonewline'}) {
f3c1ec 
+                # cut off the final newline from the final line of the data
f3c1ec 
+                chomp($reply[$#reply]);
f3c1ec 
+            }
f3c1ec 
+        }
f3c1ec 
         # get the mode attribute
f3c1ec 
         my $filemode=$replyattr{'mode'};
f3c1ec 
         if($filemode && ($filemode eq "text") && $has_textaware) {
f3c1ec 
diff --git a/tests/server/getpart.c b/tests/server/getpart.c
f3c1ec 
index 32b55bc..f8fe3f6 100644
f3c1ec 
--- a/tests/server/getpart.c
f3c1ec 
+++ b/tests/server/getpart.c
f3c1ec 
@@ -5,7 +5,7 @@
f3c1ec 
  *                            | (__| |_| |  _ <| |___
f3c1ec 
  *                             \___|\___/|_| \_\_____|
f3c1ec 
  *
f3c1ec 
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
f3c1ec 
+ * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
f3c1ec 
  *
f3c1ec 
  * This software is licensed as described in the file COPYING, which
f3c1ec 
  * you should have received as part of this distribution. The terms
f3c1ec 
@@ -295,6 +295,7 @@ int getpart(char **outbuf, size_t *outlen,
f3c1ec 
   size_t outalloc = 256;
f3c1ec 
   int in_wanted_part = 0;
f3c1ec 
   int base64 = 0;
f3c1ec 
+  int nonewline = 0;
f3c1ec 
   int error;
f3c1ec
f3c1ec 
   enum {
f3c1ec 
@@ -360,6 +361,8 @@ int getpart(char **outbuf, size_t *outlen,
f3c1ec 
             if(error)
f3c1ec 
               return error;
f3c1ec 
           }
f3c1ec 
+          if(nonewline)
f3c1ec 
+            (*outlen)--;
f3c1ec 
           break;
f3c1ec 
         }
f3c1ec 
       }
f3c1ec 
@@ -377,6 +380,8 @@ int getpart(char **outbuf, size_t *outlen,
f3c1ec 
             if(error)
f3c1ec 
               return error;
f3c1ec 
           }
f3c1ec 
+          if(nonewline)
f3c1ec 
+            (*outlen)--;
f3c1ec 
           break;
f3c1ec 
         }
f3c1ec 
       }
f3c1ec 
@@ -451,6 +456,10 @@ int getpart(char **outbuf, size_t *outlen,
f3c1ec 
               /* bit rough test, but "mostly" functional, */
f3c1ec 
               /* treat wanted part data as base64 encoded */
f3c1ec 
               base64 = 1;
f3c1ec 
+          if(strstr(patt, "nonewline=")) {
f3c1ec 
+            show(("* setting nonewline\n"));
f3c1ec 
+            nonewline = 1;
f3c1ec 
+          }
f3c1ec 
         }
f3c1ec 
         continue;
f3c1ec 
       }
f3c1ec 
--
f3c1ec 
2.39.1
f3c1ec
f3c1ec
f3c1ec 
From bc5fc958b017895728962c9d44c469418cbec1a0 Mon Sep 17 00:00:00 2001
f3c1ec 
From: Patrick Monnerat <patrick@monnerat.net>
f3c1ec 
Date: Mon, 13 Feb 2023 08:33:09 +0100
f3c1ec 
Subject: [PATCH 2/2] content_encoding: do not reset stage counter for each
f3c1ec 
 header
f3c1ec
f3c1ec 
Test 418 verifies
f3c1ec
f3c1ec 
Closes #10492
f3c1ec
f3c1ec 
Upstream-commit: 119fb187192a9ea13dc90d9d20c215fc82799ab9
f3c1ec 
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
f3c1ec 
---
f3c1ec 
 lib/content_encoding.c  |   7 +-
f3c1ec 
 lib/urldata.h           |   1 +
f3c1ec 
 tests/data/Makefile.inc |   1 +
f3c1ec 
 tests/data/test387      |   2 +-
f3c1ec 
 tests/data/test418      | 152 ++++++++++++++++++++++++++++++++++++++++
f3c1ec 
 5 files changed, 158 insertions(+), 5 deletions(-)
f3c1ec 
 create mode 100644 tests/data/test418
f3c1ec
f3c1ec 
diff --git a/lib/content_encoding.c b/lib/content_encoding.c
f3c1ec 
index bfc13e2..94344d6 100644
f3c1ec 
--- a/lib/content_encoding.c
f3c1ec 
+++ b/lib/content_encoding.c
f3c1ec 
@@ -944,7 +944,6 @@ CURLcode Curl_build_unencoding_stack(struct connectdata *conn,
f3c1ec 
 {
f3c1ec 
   struct Curl_easy *data = conn->data;
f3c1ec 
   struct SingleRequest *k = &data->req;
f3c1ec 
-  int counter = 0;
f3c1ec
f3c1ec 
   do {
f3c1ec 
     const char *name;
f3c1ec 
@@ -979,9 +978,9 @@ CURLcode Curl_build_unencoding_stack(struct connectdata *conn,
f3c1ec 
       if(!encoding)
f3c1ec 
         encoding = &error_encoding;  /* Defer error at stack use. */
f3c1ec
f3c1ec 
-      if(++counter >= MAX_ENCODE_STACK) {
f3c1ec 
-        failf(data, "Reject response due to %u content encodings",
f3c1ec 
-              counter);
f3c1ec 
+      if(k->writer_stack_depth++ >= MAX_ENCODE_STACK) {
f3c1ec 
+        failf(data, "Reject response due to more than %u content encodings",
f3c1ec 
+              MAX_ENCODE_STACK);
f3c1ec 
         return CURLE_BAD_CONTENT_ENCODING;
f3c1ec 
       }
f3c1ec 
       /* Stack the unencoding stage. */
f3c1ec 
diff --git a/lib/urldata.h b/lib/urldata.h
f3c1ec 
index 5b4b34f..8c8c20b 100644
f3c1ec 
--- a/lib/urldata.h
f3c1ec 
+++ b/lib/urldata.h
f3c1ec 
@@ -539,6 +539,7 @@ struct SingleRequest {
f3c1ec
f3c1ec 
   struct curltime start;         /* transfer started at this time */
f3c1ec 
   struct curltime now;           /* current time */
f3c1ec 
+  unsigned char writer_stack_depth; /* Unencoding stack depth. */
f3c1ec 
   bool header;                  /* incoming data has HTTP header */
f3c1ec 
   enum {
f3c1ec 
     HEADER_NORMAL,              /* no bad header at all */
f3c1ec 
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
f3c1ec 
index fb51cd6..86b6f85 100644
f3c1ec 
--- a/tests/data/Makefile.inc
f3c1ec 
+++ b/tests/data/Makefile.inc
f3c1ec 
@@ -66,6 +66,7 @@ test393 test394 test395 \
f3c1ec 
 \
f3c1ec 
 test400 test401 test402 test403 test404 test405 test406 test407 test408 \
f3c1ec 
 test409 \
f3c1ec 
+test418 \
f3c1ec 
 \
f3c1ec 
 test500 test501 test502 test503 test504 test505 test506 test507 test508 \
f3c1ec 
 test509 test510 test511 test512 test513 test514 test515 test516 test517 \
f3c1ec 
diff --git a/tests/data/test387 b/tests/data/test387
f3c1ec 
index 015ec25..644fc7f 100644
f3c1ec 
--- a/tests/data/test387
f3c1ec 
+++ b/tests/data/test387
f3c1ec 
@@ -47,7 +47,7 @@ Accept: */*
f3c1ec 
 61
f3c1ec 
 </errorcode>
f3c1ec 
 <stderr mode="text">
f3c1ec 
-curl: (61) Reject response due to 5 content encodings
f3c1ec 
+curl: (61) Reject response due to more than 5 content encodings
f3c1ec 
 </stderr>
f3c1ec 
 </verify>
f3c1ec 
 </testcase>
f3c1ec 
diff --git a/tests/data/test418 b/tests/data/test418
f3c1ec 
new file mode 100644
f3c1ec 
index 0000000..50e974e
f3c1ec 
--- /dev/null
f3c1ec 
+++ b/tests/data/test418
f3c1ec 
@@ -0,0 +1,152 @@
f3c1ec 
+<testcase>
f3c1ec 
+<info>
f3c1ec 
+<keywords>
f3c1ec 
+HTTP
f3c1ec 
+gzip
f3c1ec 
+</keywords>
f3c1ec 
+</info>
f3c1ec 
+
f3c1ec 
+#
f3c1ec 
+# Server-side
f3c1ec 
+<reply>
f3c1ec 
+<data nocheck="yes">
f3c1ec 
+HTTP/1.1 200 OK
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+Transfer-Encoding: gzip
f3c1ec 
+
f3c1ec 
+-foo-
f3c1ec 
+</data>
f3c1ec 
+</reply>
f3c1ec 
+
f3c1ec 
+#
f3c1ec 
+# Client-side
f3c1ec 
+<client>
f3c1ec 
+<server>
f3c1ec 
+http
f3c1ec 
+</server>
f3c1ec 
+ <name>
f3c1ec 
+Response with multiple Transfer-Encoding headers
f3c1ec 
+ </name>
f3c1ec 
+ <command>
f3c1ec 
+http://%HOSTIP:%HTTPPORT/%TESTNUMBER -sS
f3c1ec 
+</command>
f3c1ec 
+</client>
f3c1ec 
+
f3c1ec 
+#
f3c1ec 
+# Verify data after the test has been "shot"
f3c1ec 
+<verify>
f3c1ec 
+<protocol>
f3c1ec 
+GET /%TESTNUMBER HTTP/1.1
f3c1ec 
+Host: %HOSTIP:%HTTPPORT
f3c1ec 
+User-Agent: curl/7.61.1
f3c1ec 
+Accept: */*
f3c1ec 
+
f3c1ec 
+</protocol>
f3c1ec 
+
f3c1ec 
+# CURLE_BAD_CONTENT_ENCODING is 61
f3c1ec 
+<errorcode>
f3c1ec 
+61
f3c1ec 
+</errorcode>
f3c1ec 
+<stderr mode="text">
f3c1ec 
+curl: (61) Reject response due to more than 5 content encodings
f3c1ec 
+</stderr>
f3c1ec 
+</verify>
f3c1ec 
+</testcase>
f3c1ec 
--
f3c1ec 
2.39.1
f3c1ec

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation