packages/curl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!154 [sync] PR-153: fix CVE-2022-43552

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @seuzw 
Signed-off-by: @seuzw
This commit is contained in:
openeuler-ci-bot 2022-12-30 01:27:43 +00:00 committed by Gitee
commit 664e02e2b6
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 85 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

77
backport-CVE-2022-43552-smb-telnet-do-not-free-the-protocol-struct-in-_done.patch Normal file
View File

@ -0,0 +1,77 @@
From 4f20188ac644afe174be6005ef4f6ffba232b8b2 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 19 Dec 2022 08:38:37 +0100
Subject: [PATCH 2/2] smb/telnet: do not free the protocol struct in *_done()
It is managed by the generic layer.
Reported-by: Trail of Bits
Closes #10112
---
lib/smb.c | 14 ++------------
lib/telnet.c | 3 ---
2 files changed, 2 insertions(+), 15 deletions(-)
diff --git a/lib/smb.c b/lib/smb.c
index 2cfe041df..48d5a2fe0 100644
--- a/lib/smb.c
+++ b/lib/smb.c
@@ -58,8 +58,6 @@ static CURLcode smb_connect(struct Curl_easy *data, bool *done);
static CURLcode smb_connection_state(struct connectdata *conn, bool *done);
static CURLcode smb_do(struct connectdata *conn, bool *done);
static CURLcode smb_request_state(struct connectdata *conn, bool *done);
-static CURLcode smb_done(struct connectdata *conn, CURLcode status,
- bool premature);
static CURLcode smb_disconnect(struct connectdata *conn, bool dead);
static int smb_getsock(struct connectdata *conn, curl_socket_t *socks);
static CURLcode smb_parse_url_path(struct connectdata *conn);
@@ -74,7 +72,7 @@ const struct Curl_handler Curl_handler_smb = {
"SMB", /* scheme */
smb_setup_connection, /* setup_connection */
smb_do, /* do_it */
- smb_done, /* done */
+ ZERO_NULL, /* done */
ZERO_NULL, /* do_more */
smb_connect, /* connect_it */
smb_connection_state, /* connecting */
@@ -101,7 +99,7 @@ const struct Curl_handler Curl_handler_smbs = {
"SMBS", /* scheme */
smb_setup_connection, /* setup_connection */
smb_do, /* do_it */
- smb_done, /* done */
+ ZERO_NULL, /* done */
ZERO_NULL, /* do_more */
smb_connect, /* connect_it */
smb_connection_state, /* connecting */
@@ -936,14 +934,6 @@ static CURLcode smb_request_state(struct connectdata *conn, bool *done)
return CURLE_OK;
}
-static CURLcode smb_done(struct connectdata *conn, CURLcode status,
- bool premature)
-{
- (void) premature;
- Curl_safefree(conn->data->req.protop);
- return status;
-}
-
static CURLcode smb_disconnect(struct connectdata *conn, bool dead)
{
struct smb_conn *smbc = &conn->proto.smbc;
diff --git a/lib/telnet.c b/lib/telnet.c
index 24d3f1efb..22bc81e75 100644
--- a/lib/telnet.c
+++ b/lib/telnet.c
@@ -1248,9 +1248,6 @@ static CURLcode telnet_done(struct connectdata *conn,
curl_slist_free_all(tn->telnet_vars);
tn->telnet_vars = NULL;
-
- Curl_safefree(conn->data->req.protop);
-
return CURLE_OK;
}
--
2.33.0

9
curl.spec
View File

@ -6,7 +6,7 @@
Name: curl
Version: 7.71.1
Release: 19
Release: 20
Summary: Curl is used in command lines or scripts to transfer data
License: MIT
URL: https://curl.haxx.se/
@ -49,6 +49,7 @@ Patch135: backport-CVE-2022-32208.patch
Patch136: backport-fix-configure-disable-http-auth-build-error.patch
Patch137: backport-CVE-2022-35252-cookie-reject-cookies-with-control-bytes.patch
Patch138: backport-CVE-2022-32221.patch
Patch139: backport-CVE-2022-43552-smb-telnet-do-not-free-the-protocol-struct-in-_done.patch
BuildRequires: automake brotli-devel coreutils gcc groff krb5-devel
BuildRequires: libidn2-devel libnghttp2-devel libpsl-devel
@ -190,6 +191,12 @@ rm -rf ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
%{_mandir}/man3/*
%changelog
* Wed Dec 28 2022 zhouyihang <zhouyihang3@h-partners.com> - 7.71.1-20
- Type:cves
- CVE:CVE-2022-43552
- SUG:NA
- DESC:fix CVE-2022-43552
* Thu Oct 27 2022 yanglu <yanglu72@h-partners.com> - 7.71.1-19
- Type:cves
- CVE:CVE-2022-32221