packages/curl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!177 [sync] PR-176: Fix patch optimization for CVE-2023-27535

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @seuzw 
Signed-off-by: @seuzw
This commit is contained in:
openeuler-ci-bot 2023-03-27 08:50:03 +00:00 committed by Gitee
commit 1720bb87b2
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
3 changed files with 46 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
backport-CVE-2023-27535-pre1.patch
View File

@ -17,10 +17,10 @@ Closes #9658
lib/netrc.c | 6 +++--- lib/netrc.c | 6 +++---
lib/strcase.c | 22 ++++++++++++++++++++++ lib/strcase.c | 22 ++++++++++++++++++++++
lib/strcase.h | 1 + lib/strcase.h | 1 +
lib/url.c | 18 ++++++++++-------- lib/url.c | 33 +++++++++++++--------------------
lib/vauth/digest_sspi.c | 4 ++-- lib/vauth/digest_sspi.c | 4 ++--
lib/vtls/vtls.c | 4 ++-- lib/vtls/vtls.c | 4 ++--
6 files changed, 40 insertions(+), 15 deletions(-) 6 files changed, 43 insertions(+), 27 deletions(-)
diff --git a/lib/netrc.c b/lib/netrc.c diff --git a/lib/netrc.c b/lib/netrc.c
index 1c9da31..70b4e16 100644 index 1c9da31..70b4e16 100644
@ -92,10 +92,33 @@ index 8929a53..8077108 100644
#endif /* HEADER_CURL_STRCASE_H */ #endif /* HEADER_CURL_STRCASE_H */
diff --git a/lib/url.c b/lib/url.c diff --git a/lib/url.c b/lib/url.c
index 2771d32..7a1b3c2 100644 index 2771d32..ba4fa7a 100644
--- a/lib/url.c --- a/lib/url.c
+++ b/lib/url.c +++ b/lib/url.c
@@ -1267,10 +1267,10 @@ ConnectionExists(struct Curl_easy *data, @@ -888,19 +888,10 @@ socks_proxy_info_matches(const struct proxy_info *data,
/* the user information is case-sensitive
or at least it is not defined as case-insensitive
see https://tools.ietf.org/html/rfc3986#section-3.2.1 */
- if((data->user == NULL) != (needle->user == NULL))
- return FALSE;
- /* curl_strequal does a case insentive comparison, so do not use it here! */
- if(data->user &&
- needle->user &&
- strcmp(data->user, needle->user) != 0)
- return FALSE;
- if((data->passwd == NULL) != (needle->passwd == NULL))
- return FALSE;
+
/* curl_strequal does a case insentive comparison, so do not use it here! */
- if(data->passwd &&
- needle->passwd &&
- strcmp(data->passwd, needle->passwd) != 0)
+ if(Curl_timestrcmp(data->user, needle->user) ||
+ Curl_timestrcmp(data->passwd, needle->passwd))
return FALSE;
return TRUE;
}
@@ -1267,10 +1258,10 @@ ConnectionExists(struct Curl_easy *data,
if(!(needle->handler->flags & PROTOPT_CREDSPERREQUEST)) { if(!(needle->handler->flags & PROTOPT_CREDSPERREQUEST)) {
/* This protocol requires credentials per connection, /* This protocol requires credentials per connection,
so verify that we're using the same name and password as well */ so verify that we're using the same name and password as well */
@ -110,7 +133,7 @@ index 2771d32..7a1b3c2 100644
/* one of them was different */ /* one of them was different */
continue; continue;
} }
@@ -1339,8 +1339,8 @@ ConnectionExists(struct Curl_easy *data, @@ -1339,8 +1330,8 @@ ConnectionExists(struct Curl_easy *data,
possible. (Especially we must not reuse the same connection if possible. (Especially we must not reuse the same connection if
partway through a handshake!) */ partway through a handshake!) */
if(wantNTLMhttp) { if(wantNTLMhttp) {
@ -121,7 +144,7 @@ index 2771d32..7a1b3c2 100644
/* we prefer a credential match, but this is at least a connection /* we prefer a credential match, but this is at least a connection
that can be reused and "upgraded" to NTLM */ that can be reused and "upgraded" to NTLM */
@@ -1362,8 +1362,10 @@ ConnectionExists(struct Curl_easy *data, @@ -1362,8 +1353,10 @@ ConnectionExists(struct Curl_easy *data,
if(!check->http_proxy.user || !check->http_proxy.passwd) if(!check->http_proxy.user || !check->http_proxy.passwd)
continue; continue;

22
backport-CVE-2023-27535.patch
View File

@ -6,29 +6,27 @@ Subject: [PATCH] ftp: add more conditions for connection reuse
Reported-by: Harry Sintonen Reported-by: Harry Sintonen
Closes #10730 Closes #10730
--- ---
lib/ftp.c | 30 ++++++++++++++++++++++++++++-- lib/ftp.c | 28 ++++++++++++++++++++++++++--
lib/ftp.h | 5 +++++ lib/ftp.h | 5 +++++
lib/setopt.c | 2 +- lib/setopt.c | 2 +-
lib/url.c | 16 +++++++++++++++- lib/url.c | 16 +++++++++++++++-
lib/urldata.h | 4 ++-- lib/urldata.h | 4 ++--
5 files changed, 51 insertions(+), 6 deletions(-) 5 files changed, 49 insertions(+), 6 deletions(-)
diff --git a/lib/ftp.c b/lib/ftp.c diff --git a/lib/ftp.c b/lib/ftp.c
index 8e98a5f..195419c 100644 index 8e98a5f..82574db 100644
--- a/lib/ftp.c --- a/lib/ftp.c
+++ b/lib/ftp.c +++ b/lib/ftp.c
@@ -4077,6 +4077,10 @@ static CURLcode ftp_disconnect(struct connectdata *conn, bool dead_connection) @@ -4077,6 +4077,8 @@ static CURLcode ftp_disconnect(struct connectdata *conn, bool dead_connection)
} }
freedirs(ftpc); freedirs(ftpc);
+ free(ftpc->account); + Curl_safefree(ftpc->account);
+ ftpc->account = NULL; + Curl_safefree(ftpc->alternative_to_user);
+ free(ftpc->alternative_to_user);
+ ftpc->alternative_to_user = NULL;
free(ftpc->prevpath); free(ftpc->prevpath);
ftpc->prevpath = NULL; ftpc->prevpath = NULL;
free(ftpc->server_os); free(ftpc->server_os);
@@ -4344,11 +4348,31 @@ static CURLcode ftp_setup_connection(struct connectdata *conn) @@ -4344,11 +4346,31 @@ static CURLcode ftp_setup_connection(struct connectdata *conn)
struct Curl_easy *data = conn->data; struct Curl_easy *data = conn->data;
char *type; char *type;
struct FTP *ftp; struct FTP *ftp;
@ -61,7 +59,7 @@ index 8e98a5f..195419c 100644
ftp->path = &data->state.up.path[1]; /* don't include the initial slash */ ftp->path = &data->state.up.path[1]; /* don't include the initial slash */
/* FTP URLs support an extension like ";type=<typecode>" that /* FTP URLs support an extension like ";type=<typecode>" that
@@ -4383,7 +4407,9 @@ static CURLcode ftp_setup_connection(struct connectdata *conn) @@ -4383,7 +4405,9 @@ static CURLcode ftp_setup_connection(struct connectdata *conn)
/* get some initial data into the ftp struct */ /* get some initial data into the ftp struct */
ftp->transfer = FTPTRANSFER_BODY; ftp->transfer = FTPTRANSFER_BODY;
ftp->downloadsize = 0; ftp->downloadsize = 0;
@ -109,10 +107,10 @@ index ed54481..16e94a6 100644
case CURLOPT_SSL_OPTIONS: case CURLOPT_SSL_OPTIONS:
diff --git a/lib/url.c b/lib/url.c diff --git a/lib/url.c b/lib/url.c
index 2771d32..dcc97d5 100644 index ba4fa7a..6c34924 100644
--- a/lib/url.c --- a/lib/url.c
+++ b/lib/url.c +++ b/lib/url.c
@@ -1276,10 +1276,24 @@ ConnectionExists(struct Curl_easy *data, @@ -1267,10 +1267,24 @@ ConnectionExists(struct Curl_easy *data,
} }
} }

8
curl.spec
View File

@ -6,7 +6,7 @@
Name: curl Name: curl
Version: 7.71.1 Version: 7.71.1
Release: 23 Release: 24
Summary: Curl is used in command lines or scripts to transfer data Summary: Curl is used in command lines or scripts to transfer data
License: MIT License: MIT
URL: https://curl.haxx.se/ URL: https://curl.haxx.se/
@ -223,6 +223,12 @@ rm -rf ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
%{_mandir}/man3/* %{_mandir}/man3/*
%changelog %changelog
* Mon Mar 27 2023 xingwei <xingwei14@h-partners.com> - 7.71.1-24
- Type:cves
- CVE:CVE-2023-27535
- SUG:NA
- DESC:Fix patch optimization for CVE-2023-27535
* Thu Mar 23 2023 xingwei <xingwei14@h-partners.com> - 7.71.1-23 * Thu Mar 23 2023 xingwei <xingwei14@h-partners.com> - 7.71.1-23
- Type:cves - Type:cves
- CVE:CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 - CVE:CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538