rpms / curl

Clone
Source Code
GIT

Blame SOURCES/0070-curl-7.29.0-CVE-2019-5436.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   c7-beta
  2.   SOURCES
  3.   0070-curl-7.29.0-CVE-2019-5436.patch
Blob History Raw
9d7d3f 
From 55a27027d5f024a0ecc2c23c81ed99de6192c9f3 Mon Sep 17 00:00:00 2001
9d7d3f 
From: Daniel Stenberg <daniel@haxx.se>
9d7d3f 
Date: Fri, 3 May 2019 22:20:37 +0200
9d7d3f 
Subject: [PATCH] tftp: use the current blksize for recvfrom()
9d7d3f
9d7d3f 
bug: https://curl.haxx.se/docs/CVE-2019-5436.html
9d7d3f 
Reported-by: l00p3r on hackerone
9d7d3f 
CVE-2019-5436
9d7d3f
9d7d3f 
Upstream-commit: 2576003415625d7b5f0e390902f8097830b82275
9d7d3f 
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
9d7d3f 
---
9d7d3f 
 lib/tftp.c | 2 +-
9d7d3f 
 1 file changed, 1 insertion(+), 1 deletion(-)
9d7d3f
9d7d3f 
diff --git a/lib/tftp.c b/lib/tftp.c
9d7d3f 
index 269b3cd..4f2a131 100644
9d7d3f 
--- a/lib/tftp.c
9d7d3f 
+++ b/lib/tftp.c
9d7d3f 
@@ -985,7 +985,7 @@ static CURLcode tftp_connect(struct connectdata *conn, bool *done)
9d7d3f 
   state->sockfd = state->conn->sock[FIRSTSOCKET];
9d7d3f 
   state->state = TFTP_STATE_START;
9d7d3f 
   state->error = TFTP_ERR_NONE;
9d7d3f 
-  state->blksize = TFTP_BLKSIZE_DEFAULT;
9d7d3f 
+  state->blksize = blksize;
9d7d3f 
   state->requested_blksize = blksize;
9d7d3f
9d7d3f 
   ((struct sockaddr *)&state->local_addr)->sa_family =
9d7d3f 
--
9d7d3f 
2.20.1
9d7d3f

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation