|
|
d004d8 |
From 93c0d8e98f3859c91fbfa2a6998235ee899e878e Mon Sep 17 00:00:00 2001
|
|
|
d004d8 |
From: Kamil Dudka <kdudka@redhat.com>
|
|
|
d004d8 |
Date: Thu, 20 Jul 2017 08:05:59 +0200
|
|
|
d004d8 |
Subject: [PATCH 1/2] nss: unify the coding style of nss_send() and nss_recv()
|
|
|
d004d8 |
|
|
|
d004d8 |
No changes in behavior intended by this commit.
|
|
|
d004d8 |
|
|
|
d004d8 |
Upstream-commit: c89eb6d0f87a3620074bc04a6af255e5dc3a523e
|
|
|
d004d8 |
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
|
|
d004d8 |
---
|
|
|
d004d8 |
lib/nss.c | 12 +++++++-----
|
|
|
d004d8 |
1 file changed, 7 insertions(+), 5 deletions(-)
|
|
|
d004d8 |
|
|
|
d004d8 |
diff --git a/lib/nss.c b/lib/nss.c
|
|
|
d004d8 |
index 9e0e373..ce1e25a 100644
|
|
|
d004d8 |
--- a/lib/nss.c
|
|
|
d004d8 |
+++ b/lib/nss.c
|
|
|
d004d8 |
@@ -1689,9 +1689,10 @@ static ssize_t nss_send(struct connectdata *conn, /* connection data */
|
|
|
d004d8 |
size_t len, /* amount to write */
|
|
|
d004d8 |
CURLcode *curlcode)
|
|
|
d004d8 |
{
|
|
|
d004d8 |
- int rc;
|
|
|
d004d8 |
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
|
|
d004d8 |
+ ssize_t rc;
|
|
|
d004d8 |
|
|
|
d004d8 |
- rc = PR_Send(conn->ssl[sockindex].handle, mem, (int)len, 0, -1);
|
|
|
d004d8 |
+ rc = PR_Send(connssl->handle, mem, (int)len, 0, -1);
|
|
|
d004d8 |
|
|
|
d004d8 |
if(rc < 0) {
|
|
|
d004d8 |
PRInt32 err = PR_GetError();
|
|
|
d004d8 |
@@ -1714,15 +1715,16 @@ static ssize_t nss_send(struct connectdata *conn, /* connection data */
|
|
|
d004d8 |
return rc; /* number of bytes */
|
|
|
d004d8 |
}
|
|
|
d004d8 |
|
|
|
d004d8 |
-static ssize_t nss_recv(struct connectdata * conn, /* connection data */
|
|
|
d004d8 |
- int num, /* socketindex */
|
|
|
d004d8 |
+static ssize_t nss_recv(struct connectdata *conn, /* connection data */
|
|
|
d004d8 |
+ int sockindex, /* socketindex */
|
|
|
d004d8 |
char *buf, /* store read data here */
|
|
|
d004d8 |
size_t buffersize, /* max amount to read */
|
|
|
d004d8 |
CURLcode *curlcode)
|
|
|
d004d8 |
{
|
|
|
d004d8 |
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
|
|
d004d8 |
ssize_t nread;
|
|
|
d004d8 |
|
|
|
d004d8 |
- nread = PR_Recv(conn->ssl[num].handle, buf, (int)buffersize, 0, -1);
|
|
|
d004d8 |
+ nread = PR_Recv(connssl->handle, buf, (int)buffersize, 0, -1);
|
|
|
d004d8 |
if(nread < 0) {
|
|
|
d004d8 |
/* failed SSL read */
|
|
|
d004d8 |
PRInt32 err = PR_GetError();
|
|
|
d004d8 |
--
|
|
|
d004d8 |
2.13.5
|
|
|
d004d8 |
|
|
|
d004d8 |
|
|
|
d004d8 |
From 032731492497a1cde17752f8c178719bd32a7722 Mon Sep 17 00:00:00 2001
|
|
|
d004d8 |
From: Kamil Dudka <kdudka@redhat.com>
|
|
|
d004d8 |
Date: Wed, 19 Jul 2017 18:02:26 +0200
|
|
|
d004d8 |
Subject: [PATCH 2/2] nss: fix a possible use-after-free in SelectClientCert()
|
|
|
d004d8 |
|
|
|
d004d8 |
... causing a SIGSEGV in showit() in case the handle used to initiate
|
|
|
d004d8 |
the connection has already been freed.
|
|
|
d004d8 |
|
|
|
d004d8 |
This commit fixes a bug introduced in curl-7_19_5-204-g5f0cae803.
|
|
|
d004d8 |
|
|
|
d004d8 |
Reported-by: Rob Sanders
|
|
|
d004d8 |
Bug: https://bugzilla.redhat.com/1436158
|
|
|
d004d8 |
|
|
|
d004d8 |
Upstream-commit: 42a4cd4c78b3feb5ca07286479129116e125a730
|
|
|
d004d8 |
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
|
|
d004d8 |
---
|
|
|
d004d8 |
lib/nss.c | 8 ++++++++
|
|
|
d004d8 |
1 file changed, 8 insertions(+)
|
|
|
d004d8 |
|
|
|
d004d8 |
diff --git a/lib/nss.c b/lib/nss.c
|
|
|
d004d8 |
index ce1e25a..b73a1e8 100644
|
|
|
d004d8 |
--- a/lib/nss.c
|
|
|
d004d8 |
+++ b/lib/nss.c
|
|
|
d004d8 |
@@ -1692,6 +1692,10 @@ static ssize_t nss_send(struct connectdata *conn, /* connection data */
|
|
|
d004d8 |
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
|
|
d004d8 |
ssize_t rc;
|
|
|
d004d8 |
|
|
|
d004d8 |
+ /* The SelectClientCert() hook uses this for infof() and failf() but the
|
|
|
d004d8 |
+ handle stored in nss_setup_connect() could have already been freed. */
|
|
|
d004d8 |
+ connssl->data = conn->data;
|
|
|
d004d8 |
+
|
|
|
d004d8 |
rc = PR_Send(connssl->handle, mem, (int)len, 0, -1);
|
|
|
d004d8 |
|
|
|
d004d8 |
if(rc < 0) {
|
|
|
d004d8 |
@@ -1724,6 +1728,10 @@ static ssize_t nss_recv(struct connectdata *conn, /* connection data */
|
|
|
d004d8 |
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
|
|
d004d8 |
ssize_t nread;
|
|
|
d004d8 |
|
|
|
d004d8 |
+ /* The SelectClientCert() hook uses this for infof() and failf() but the
|
|
|
d004d8 |
+ handle stored in nss_setup_connect() could have already been freed. */
|
|
|
d004d8 |
+ connssl->data = conn->data;
|
|
|
d004d8 |
+
|
|
|
d004d8 |
nread = PR_Recv(connssl->handle, buf, (int)buffersize, 0, -1);
|
|
|
d004d8 |
if(nread < 0) {
|
|
|
d004d8 |
/* failed SSL read */
|
|
|
d004d8 |
--
|
|
|
d004d8 |
2.13.5
|
|
|
d004d8 |
|