packages/curl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

backport some patches from community

Browse Source
This commit is contained in:
sherlock2010 2024-06-24 08:53:19 +00:00
parent 83d49c598d
commit 712a825d7e
10 changed files with 730 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

85
backport-curl-make-file2string-use-dynbuf.patch Normal file
View File

@ -0,0 +1,85 @@
From 0938f828bfa3c06416e6b4fb1be67340485466f6 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 11 Sep 2020 10:49:24 +0200
Subject: [PATCH] curl: make file2string use dynbuf
Closes #5952
Conflict:NA
Reference:https://github.com/curl/curl/commit/0938f828bfa3c06416e6b4fb1be67340485466f6
---
src/tool_paramhlp.c | 41 +++++++++--------------------------------
1 file changed, 9 insertions(+), 32 deletions(-)
diff --git a/src/tool_paramhlp.c b/src/tool_paramhlp.c
index e57daa2e12e4c4..f60d4f95798257 100644
--- a/src/tool_paramhlp.c
+++ b/src/tool_paramhlp.c
@@ -34,6 +34,7 @@
#include "tool_msgs.h"
#include "tool_paramhlp.h"
#include "tool_version.h"
+#include "dynbuf.h"
#include "memdebug.h" /* keep this as LAST include */
@@ -56,51 +57,27 @@ struct getout *new_getout(struct OperationConfig *config)
return node;
}
+#define MAX_FILE2STRING (256*1024*1024) /* big enough ? */
+
ParameterError file2string(char **bufp, FILE *file)
{
- char *string = NULL;
+ struct curlx_dynbuf dyn;
+ curlx_dyn_init(&dyn, MAX_FILE2STRING);
if(file) {
- char *ptr;
- size_t alloc = 512;
- size_t alloc_needed;
char buffer[256];
- size_t stringlen = 0;
- string = calloc(1, alloc);
- if(!string)
- return PARAM_NO_MEM;
while(fgets(buffer, sizeof(buffer), file)) {
- size_t buflen;
- ptr = strchr(buffer, '\r');
+ char *ptr = strchr(buffer, '\r');
if(ptr)
*ptr = '\0';
ptr = strchr(buffer, '\n');
if(ptr)
*ptr = '\0';
- buflen = strlen(buffer);
- alloc_needed = stringlen + buflen + 1;
- if(alloc < alloc_needed) {
-#if SIZEOF_SIZE_T < 8
- if(alloc >= (size_t)SIZE_T_MAX/2) {
- Curl_safefree(string);
- return PARAM_NO_MEM;
- }
-#endif
- /* doubling is enough since the string to add is always max 256 bytes
- and the alloc size start at 512 */
- alloc *= 2;
- ptr = realloc(string, alloc);
- if(!ptr) {
- Curl_safefree(string);
- return PARAM_NO_MEM;
- }
- string = ptr;
- }
- strcpy(string + stringlen, buffer);
- stringlen += buflen;
+ if(curlx_dyn_add(&dyn, buffer))
+ return PARAM_NO_MEM;
}
}
- *bufp = string;
+ *bufp = curlx_dyn_ptr(&dyn);
return PARAM_OK;
}

230
backport-curl-use-curlx_dynbuf-for-realloc-when-loading-config-files.patch Normal file
View File

@ -0,0 +1,230 @@
From 47dd957daff9199daa5fabfc557fe8c36d61f375 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 9 Sep 2020 15:41:25 +0200
Subject: [PATCH] curl: use curlx_dynbuf for realloc when loading config files
... fixes an integer overflow at the same time.
Reported-by: ihsinme on github
Assisted-by: Jay Satiro
Closes #5946
Conflict:Context adapt
Remove useless file winbuild/MakefileBuild.vc
Reference:https://github.com/curl/curl/commit/47dd957daff9199daa5fabfc557fe8c36d61f375
---
projects/generate.bat | 2 ++
src/Makefile.inc | 6 ++--
src/tool_parsecfg.c | 67 ++++++++++++++++++--------------------
tests/data/test558 | 4 +--
tests/libtest/Makefile.inc | 2 +-
5 files changed, 40 insertions(+), 41 deletions(-)
diff --git a/projects/generate.bat b/projects/generate.bat
index 88979683f58992..bc50245e8cbfd3 100644
--- a/projects/generate.bat
+++ b/projects/generate.bat
@@ -287,6 +287,7 @@ rem
call :element %1 lib "warnless.c" %3
call :element %1 lib "curl_ctype.c" %3
call :element %1 lib "curl_multibyte.c" %3
+ call :element %1 lib "dynbuf.c" %3
) else if "!var!" == "CURL_SRC_X_H_FILES" (
call :element %1 lib "config-win32.h" %3
call :element %1 lib "curl_setup.h" %3
@@ -296,6 +297,7 @@ rem
call :element %1 lib "warnless.h" %3
call :element %1 lib "curl_ctype.h" %3
call :element %1 lib "curl_multibyte.h" %3
+ call :element %1 lib "dynbuf.h" %3
) else if "!var!" == "CURL_LIB_C_FILES" (
for /f "delims=" %%c in ('dir /b ..\lib\*.c') do call :element %1 lib "%%c" %3
) else if "!var!" == "CURL_LIB_H_FILES" (
diff --git a/src/Makefile.inc b/src/Makefile.inc
index c0b9ad8645dcf0..6f236fecc3ca58 100644
--- a/src/Makefile.inc
+++ b/src/Makefile.inc
@@ -36,7 +36,8 @@ CURLX_CFILES = \
../lib/nonblock.c \
../lib/warnless.c \
../lib/curl_ctype.c \
- ../lib/curl_multibyte.c
+ ../lib/curl_multibyte.c \
+ ../lib/dynbuf.c
CURLX_HFILES = \
../lib/curl_setup.h \
@@ -45,7 +46,8 @@ CURLX_HFILES = \
../lib/nonblock.h \
../lib/warnless.h \
../lib/curl_ctype.h \
- ../lib/curl_multibyte.h
+ ../lib/curl_multibyte.h \
+ ../lib/dynbuf.h
CURL_CFILES = \
slist_wc.c \
diff --git a/src/tool_parsecfg.c b/src/tool_parsecfg.c
index 4e56492cb390a1..f09180ed4cf496 100644
--- a/src/tool_parsecfg.c
+++ b/src/tool_parsecfg.c
@@ -31,6 +31,7 @@
#include "tool_homedir.h"
#include "tool_msgs.h"
#include "tool_parsecfg.h"
+#include "dynbuf.h"
#include "memdebug.h" /* keep this as LAST include */
@@ -39,7 +40,9 @@
#define ISSEP(x,dash) (!dash && (((x) == '=') || ((x) == ':')))
static const char *unslashquote(const char *line, char *param);
-static char *my_get_line(FILE *fp);
+
+#define MAX_CONFIG_LINE_LENGTH (100*1024)
+static bool my_get_line(FILE *fp, struct curlx_dynbuf *, bool *error);
#ifdef WIN32
static FILE *execpath(const char *filename)
@@ -135,17 +138,23 @@ int parseconfig(const char *filename, struct GlobalConfig *global)
if(file) {
char *line;
- char *aline;
char *option;
char *param;
int lineno = 0;
bool dashed_option;
+ struct curlx_dynbuf buf;
+ bool fileerror;
+ curlx_dyn_init(&buf, MAX_CONFIG_LINE_LENGTH);
- while(NULL != (aline = my_get_line(file))) {
+ while(my_get_line(file, &buf, &fileerror)) {
int res;
bool alloced_param = FALSE;
lineno++;
- line = aline;
+ line = curlx_dyn_ptr(&buf);
+ if(!line) {
+ rc = 1; /* out of memory */
+ break;
+ }
/* line with # in the first non-blank column is a comment! */
while(*line && ISSPACE(*line))
@@ -158,7 +167,7 @@ int parseconfig(const char *filename, struct GlobalConfig *global)
case '\n':
case '*':
case '\0':
- Curl_safefree(aline);
+ curlx_dyn_reset(&buf);
continue;
}
@@ -190,7 +199,6 @@ int parseconfig(const char *filename, struct GlobalConfig *global)
param = malloc(strlen(line) + 1); /* parameter */
if(!param) {
/* out of memory */
- Curl_safefree(aline);
rc = 1;
break;
}
@@ -280,10 +288,13 @@ int parseconfig(const char *filename, struct GlobalConfig *global)
if(alloced_param)
Curl_safefree(param);
- Curl_safefree(aline);
+ curlx_dyn_reset(&buf);
}
+ curlx_dyn_free(&buf);
if(file != stdin)
fclose(file);
+ if(fileerror)
+ rc = 1;
}
else
rc = 1; /* couldn't open the file */
@@ -335,39 +346,23 @@ static const char *unslashquote(const char *line, char *param)
/*
* Reads a line from the given file, ensuring is NUL terminated.
- * The pointer must be freed by the caller.
- * NULL is returned on an out of memory condition.
*/
-static char *my_get_line(FILE *fp)
+static bool my_get_line(FILE *fp, struct curlx_dynbuf *db,
+ bool *error)
{
char buf[4096];
- char *nl = NULL;
- char *line = NULL;
-
+ *error = FALSE;
do {
- if(NULL == fgets(buf, sizeof(buf), fp))
- break;
- if(!line) {
- line = strdup(buf);
- if(!line)
- return NULL;
+ /* fgets() returns s on success, and NULL on error or when end of file
+ occurs while no characters have been read. */
+ if(!fgets(buf, sizeof(buf), fp))
+ /* only if there's data in the line, return TRUE */
+ return curlx_dyn_len(db) ? TRUE : FALSE;
+ if(curlx_dyn_add(db, buf)) {
+ *error = TRUE; /* error */
+ return FALSE; /* stop reading */
}
- else {
- char *ptr;
- size_t linelen = strlen(line);
- ptr = realloc(line, linelen + strlen(buf) + 1);
- if(!ptr) {
- Curl_safefree(line);
- return NULL;
- }
- line = ptr;
- strcpy(&line[linelen], buf);
- }
- nl = strchr(line, '\n');
- } while(!nl);
+ } while(!strchr(buf, '\n'));
- if(nl)
- *nl = '\0';
-
- return line;
+ return TRUE; /* continue */
}
diff --git a/tests/data/test558 b/tests/data/test558
index d5aa0e087fb7fe..f313e813acc993 100644
--- a/tests/data/test558
+++ b/tests/data/test558
@@ -38,8 +38,8 @@ nothing
<file name="log/memdump">
MEM lib558.c: malloc()
MEM lib558.c: free()
-MEM strdup.c: realloc()
-MEM strdup.c: realloc()
+MEM dynbuf.c: realloc()
+MEM dynbuf.c: realloc()
MEM escape.c: free()
</file>
<stripfile>
diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc
index 88dd6852902c6c..4904515cd1afce 100644
--- a/tests/libtest/Makefile.inc
+++ b/tests/libtest/Makefile.inc
@@ -65,7 +65,7 @@ chkdecimalpoint_SOURCES = chkdecimalpoint.c ../../lib/mprintf.c \
../../lib/curl_ctype.c ../../lib/dynbuf.c ../../lib/strdup.c
chkdecimalpoint_LDADD =
chkdecimalpoint_CPPFLAGS = $(AM_CPPFLAGS) -DCURL_STATICLIB \
- -DCURLX_NO_MEMORY_CALLBACKS
+ -DCURLX_NO_MEMORY_CALLBACKS -DBUILDING_LIBCURL
chkhostname_SOURCES = chkhostname.c ../../lib/curl_gethostname.c
chkhostname_LDADD = @CURL_NETWORK_LIBS@

78
backport-dynbuf-provide-curlx_names-for-reuse-by-the-curl-tool.patch Normal file
View File

@ -0,0 +1,78 @@
From c4ea71ae3235cca8c6837f48664d587e52eb32d2 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 9 Sep 2020 15:41:05 +0200
Subject: [PATCH] dynbuf: provide curlx_ names for reuse by the curl tool
Closes #5946
Conflict:NA
Reference:https://github.com/curl/curl/commit/c4ea71ae3235cca8c6837f48664d587e52eb32d2
---
lib/dynbuf.c | 13 ++++++++-----
lib/dynbuf.h | 16 ++++++++++++++++
2 files changed, 24 insertions(+), 5 deletions(-)
diff --git a/lib/dynbuf.c b/lib/dynbuf.c
index 265a769e871ded..5e15040bb51ef9 100644
--- a/lib/dynbuf.c
+++ b/lib/dynbuf.c
@@ -21,12 +21,11 @@
***************************************************************************/
#include "curl_setup.h"
-#include "strdup.h"
#include "dynbuf.h"
-
-/* The last 3 #include files should be in this order */
#include "curl_printf.h"
+#ifdef BUILDING_LIBCURL
#include "curl_memory.h"
+#endif
#include "memdebug.h"
#define MIN_FIRST_ALLOC 32
@@ -94,11 +93,15 @@ static CURLcode dyn_nappend(struct dynbuf *s,
}
if(a != s->allc) {
- s->bufr = Curl_saferealloc(s->bufr, a);
- if(!s->bufr) {
+ /* this logic is not using Curl_saferealloc() to make the tool not have to
+ include that as well when it uses this code */
+ void *p = realloc(s->bufr, a);
+ if(!p) {
+ Curl_safefree(s->bufr);
s->leng = s->allc = 0;
return CURLE_OUT_OF_MEMORY;
}
+ s->bufr = p;
s->allc = a;
}
diff --git a/lib/dynbuf.h b/lib/dynbuf.h
index ecc99575533c86..1360dd43286f32 100644
--- a/lib/dynbuf.h
+++ b/lib/dynbuf.h
@@ -22,6 +22,22 @@
*
***************************************************************************/
+#ifndef BUILDING_LIBCURL
+/* this renames the functions so that the tool code can use the same code
+ without getting symbol collisions */
+#define Curl_dyn_init(a,b) curlx_dyn_init(a,b)
+#define Curl_dyn_add(a,b) curlx_dyn_add(a,b)
+#define Curl_dyn_addn(a,b,c) curlx_dyn_addn(a,b,c)
+#define Curl_dyn_addf curlx_dyn_addf
+#define Curl_dyn_free(a) curlx_dyn_free(a)
+#define Curl_dyn_ptr(a) curlx_dyn_ptr(a)
+#define Curl_dyn_uptr(a) curlx_dyn_uptr(a)
+#define Curl_dyn_len(a) curlx_dyn_len(a)
+#define Curl_dyn_reset(a) curlx_dyn_reset(a)
+#define Curl_dyn_tail(a,b) curlx_dyn_tail(a,b)
+#define curlx_dynbuf dynbuf /* for the struct name */
+#endif
+
struct dynbuf {
char *bufr; /* point to a null-terminated allocated buffer */
size_t leng; /* number of bytes *EXCLUDING* the zero terminator */

31
backport-libssh2-set-length-to-0-if-strdup-failed.patch Normal file
View File

@ -0,0 +1,31 @@
From 6f3204820052263f488f86e02c206e1d24c4da2c Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Thu, 28 Mar 2024 00:38:09 +0100
Subject: [PATCH] libssh2: set length to 0 if strdup failed
Internally, libssh2 dereferences the NULL pointer if length is non-zero.
The callback function cannot return the error condition, so at least
prevent subsequent crash.
Closes #13213
Conflict:Context adapt
Reference:https://github.com/curl/curl/commit/6f3204820052263f488f86e02c206e1d24c4da2c
---
lib/vssh/libssh2.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lib/vssh/libssh2.c b/lib/vssh/libssh2.c
index 3cfbe126c69df3..7d8d5f46571e9f 100644
--- a/lib/vssh/libssh2.c
+++ b/lib/vssh/libssh2.c
@@ -201,7 +201,8 @@ kbd_callback(const char *name, int name_len, const char *instruction,
#endif /* CURL_LIBSSH2_DEBUG */
if(num_prompts == 1) {
responses[0].text = strdup(conn->passwd);
- responses[0].length = curlx_uztoui(strlen(conn->passwd));
+ responses[0].length =
+ responses[0].text == NULL ? 0 : curlx_uztoui(strlen(conn->passwd));
}
(void)prompts;
(void)abstract;

46
backport-multi-avoid-memory-leak-risk.patch Normal file
View File

@ -0,0 +1,46 @@
From 3572dd65bb233fc2720634804312192e3bdf4adf Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 25 Apr 2024 09:52:51 +0200
Subject: [PATCH] multi: avoid memory-leak risk
'newurl' is allocated in some conditions and used in a few scenarios,
but there were theoretical combinations in which it would not get freed.
Move the free to happen unconditionally. Never triggered by tests, but
spotted by Coverity.
Closes #13471
Conflict:Context adapt
Reference:https://github.com/curl/curl/commit/3572dd65bb233fc2720634804312192e3bdf4adf
---
lib/multi.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/lib/multi.c b/lib/multi.c
index fb98d80639f3b7..7e7590d60f8bcb 100644
--- a/lib/multi.c
+++ b/lib/multi.c
@@ -2530,7 +2530,6 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
multistate(data, CURLM_STATE_CONNECT);
rc = CURLM_CALL_MULTI_PERFORM;
}
- free(newurl);
}
else {
/* after the transfer is done, go DONE */
@@ -2542,7 +2541,6 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
newurl = data->req.location;
data->req.location = NULL;
result = Curl_follow(data, newurl, FOLLOW_FAKE);
- free(newurl);
if(result) {
stream_error = TRUE;
result = multi_done(data, result, TRUE);
@@ -2561,6 +2559,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
Curl_expire(data, 0, EXPIRE_RUN_NOW);
rc = CURLM_OK;
}
+ free(newurl);
break;
}

36
backport-openldap-create-ldap-URLs-correctly-for-IPv6-addresses.patch Normal file
View File

@ -0,0 +1,36 @@
From 56935a7dada6975d5a46aa494de0af195e4e8659 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Sat, 30 Mar 2024 11:14:54 +0100
Subject: [PATCH] openldap: create ldap URLs correctly for IPv6 addresses
Reported-by: Sergio Durigan Junior
Fixes #13228
Closes #13235
Conflict:hosturl = aprintf("%s://%s%s%s:%d", conn->handler->scheme, conn->bits.ipv6_ip? "[": "", conn->host.name, conn->bits.ipv6_ip? "]": "", conn->remote_port); => msnprintf(ptr, sizeof(hosturl)-(ptr-hosturl), "://%s%s%s:%d", conn->bits.ipv6_ip? "[": "", conn->host.name, conn->bits.ipv6_ip? "]": "", conn->remote_port);
Context adapt
Reference:https://github.com/curl/curl/commit/56935a7dada6975d5a46aa494de0af195e4e8659
---
lib/openldap.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/lib/openldap.c b/lib/openldap.c
index fb5e743..a3e81ea 100644
--- a/lib/openldap.c
+++ b/lib/openldap.c
@@ -223,8 +223,11 @@ static CURLcode oldap_connect(struct Curl_easy *data, bool *done)
ptr = hosturl + 4;
if(conn->handler->flags & PROTOPT_SSL)
*ptr++ = 's';
- msnprintf(ptr, sizeof(hosturl)-(ptr-hosturl), "://%s:%d",
- conn->host.name, conn->remote_port);
+ msnprintf(ptr, sizeof(hosturl)-(ptr-hosturl), "://%s%s%s:%d",
+ conn->bits.ipv6_ip? "[": "",
+ conn->host.name,
+ conn->bits.ipv6_ip? "]": "",
+ conn->remote_port);
#ifdef CURL_OPENLDAP_DEBUG
static int do_trace = 0;
--
2.33.0

102
backport-paramhlp-fix-CRLF-stripping-files-with-d-file.patch Normal file
View File

@ -0,0 +1,102 @@
From 923f7f8ce51b7f2f20282883cdafeb283310f3d9 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 6 Mar 2024 15:39:09 +0100
Subject: [PATCH] paramhlp: fix CRLF-stripping files with "-d @file"
All CR and LF bytes should be stripped, as documented, and all other
bytes are inluded in the data. Starting now, it also excludes null bytes
as they would otherwise also cut the data short.
Reported-by: Simon K
Fixes #13063
Closes #13064
Conflict:remove change of docs/cmdline-opts/data.md which is not exist
return PARAM_READ_ERROR => return PARAM_NO_MEM
Context adapt
Reference:https://github.com/curl/curl/commit/923f7f8ce51b7f2f20282883cdafeb283310f3d9
---
src/tool_paramhlp.c | 59 +++++++++++++++++++++++++++++++--------
1 files changed, 51 insertions(+), 12 deletions(-)
diff --git a/src/tool_paramhlp.c b/src/tool_paramhlp.c
index 2725815000dc95..c26f6bbefd775c 100644
--- a/src/tool_paramhlp.c
+++ b/src/tool_paramhlp.c
@@ -63,6 +63,33 @@ struct getout *new_getout(struct OperationConfig *config)
return node;
}
+#define ISCRLF(x) (((x) == '\r') || ((x) == '\n') || ((x) == '\0'))
+
+/* memcrlf() has two modes. Both operate on a given memory area with
+ a specified size.
+
+ countcrlf FALSE - return number of bytes from the start that DO NOT include
+ any CR or LF or NULL
+
+ countcrlf TRUE - return number of bytes from the start that are ONLY CR or
+ LF or NULL.
+
+*/
+static size_t memcrlf(char *orig,
+ bool countcrlf, /* TRUE if we count CRLF, FALSE
+ if we count non-CRLF */
+ size_t max)
+{
+ char *ptr = orig;
+ size_t total = max;
+ for(ptr = orig; max; max--, ptr++) {
+ bool crlf = ISCRLF(*ptr);
+ if(countcrlf ^ crlf)
+ return ptr - orig;
+ }
+ return total; /* no delimiter found */
+}
+
#define MAX_FILE2STRING (256*1024*1024) /* big enough ? */
ParameterError file2string(char **bufp, FILE *file)
@@ -71,18 +98,30 @@ ParameterError file2string(char **bufp, FILE *file)
struct curlx_dynbuf dyn;
curlx_dyn_init(&dyn, MAX_FILE2STRING);
if(file) {
- char buffer[256];
-
- while(fgets(buffer, sizeof(buffer), file)) {
- char *ptr = strchr(buffer, '\r');
- if(ptr)
- *ptr = '\0';
- ptr = strchr(buffer, '\n');
- if(ptr)
- *ptr = '\0';
- if(curlx_dyn_add(&dyn, buffer))
- return PARAM_NO_MEM;
- }
+ do {
+ char buffer[4096];
+ char *ptr;
+ size_t nread = fread(buffer, 1, sizeof(buffer), file);
+ if(ferror(file)) {
+ curlx_dyn_free(&dyn);
+ *bufp = NULL;
+ return PARAM_NO_MEM;
+ }
+ ptr = buffer;
+ while(nread) {
+ size_t nlen = memcrlf(ptr, FALSE, nread);
+ if(curlx_dyn_addn(&dyn, ptr, nlen))
+ return PARAM_NO_MEM;
+ nread -= nlen;
+
+ if(nread) {
+ ptr += nlen;
+ nlen = memcrlf(ptr, TRUE, nread);
+ ptr += nlen;
+ nread -= nlen;
+ }
+ }
+ } while(!feof(file));
}
*bufp = curlx_dyn_ptr(&dyn);
return PARAM_OK;

70
backport-tool_cb_rea-limit-rate-unpause-for-T-.-uploads.patch Normal file
View File

@ -0,0 +1,70 @@
From 5f4aaf8b66ef04208c1c2121d4b780c792303f32 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 30 Apr 2024 11:07:28 +0200
Subject: [PATCH] tool_cb_rea: limit rate unpause for -T . uploads
To avoid getting stuck in a busy-loop when nothing is read from stdin,
this function now checks the call rate and might enforce a short sleep
when called repeatedly without uploading anything. It is a crude
work-around to avoid a 100% busy CPU.
Reported-by: magisterquis on hackerone
Fixes #13174
Closes #13506
Conflict:Context adapt
add #include "tool_util.h" for tvdiff
Reference:https://github.com/curl/curl/commit/5f4aaf8b66ef04208c1c2121d4b780c792303f32
---
src/tool_cb_rea.c | 31 ++++++++++++++++++++++++++++--
1 file changed, 29 insertions(+), 2 deletions(-)
diff --git a/src/tool_cb_rea.c b/src/tool_cb_rea.c
index 8cb5bbe8ac1d11..961dd113bc519d 100644
--- a/src/tool_cb_rea.c
+++ b/src/tool_cb_rea.c
@@ -36,6 +36,8 @@
#include "tool_cfgable.h"
#include "tool_cb_rea.h"
#include "tool_operate.h"
+#include "tool_util.h"
+#include "tool_sleep.h"
#include "memdebug.h" /* keep this as LAST include */
@@ -124,8 +125,33 @@ int tool_readbusy_cb(void *clientp,
(void)ulnow; /* unused */
if(config->readbusy) {
- config->readbusy = FALSE;
- curl_easy_pause(per->curl, CURLPAUSE_CONT);
+ /* lame code to keep the rate down because the input might not deliver
+ anything, get paused again and come back here immediately */
+ static long rate = 500;
+ static struct timeval prev;
+ static curl_off_t ulprev;
+
+ if(ulprev == ulnow) {
+ /* it did not upload anything since last call */
+ struct timeval now = tvnow();
+ if(prev.tv_sec)
+ /* get a rolling average rate */
+ /* rate = rate - rate/4 + tvdiff(now, prev)/4; */
+ rate -= rate/4 - tvdiff(now, prev)/4;
+ prev = now;
+ }
+ else {
+ rate = 50;
+ ulprev = ulnow;
+ }
+ if(rate >= 50) {
+ /* keeps the looping down to 20 times per second in the crazy case */
+ config->readbusy = FALSE;
+ curl_easy_pause(per->curl, CURLPAUSE_CONT);
+ }
+ else
+ /* sleep half a period */
+ tool_go_sleep(25);
}
return per->noprogress? 0 : CURL_PROGRESSFUNC_CONTINUE;

28
backport-tool_cfgable-free-proxy_-cipher13_list-on-exit.patch Normal file
View File

@ -0,0 +1,28 @@
From 87d14e77b7d59a961eb56500017c0580f89f252b Mon Sep 17 00:00:00 2001
From: Jan Venekamp <1422460+jan2000@users.noreply.github.com>
Date: Sat, 4 May 2024 03:05:51 +0200
Subject: [PATCH] tool_cfgable: free {proxy_}cipher13_list on exit
Author: Jan Venekamp
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Closes: #13531
Conflict:NA
Reference:https://github.com/curl/curl/commit/87d14e77b7d59a961eb56500017c0580f89f252b
---
src/tool_cfgable.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/tool_cfgable.c b/src/tool_cfgable.c
index bb271583263db3..5564e250d33782 100644
--- a/src/tool_cfgable.c
+++ b/src/tool_cfgable.c
@@ -114,6 +114,8 @@ static void free_config_fields(struct OperationConfig *config)
Curl_safefree(config->doh_url);
Curl_safefree(config->cipher_list);
Curl_safefree(config->proxy_cipher_list);
+ Curl_safefree(config->cipher13_list);
+ Curl_safefree(config->proxy_cipher13_list);
Curl_safefree(config->cert);
Curl_safefree(config->proxy_cert);
Curl_safefree(config->cert_type);

25
curl.spec
View File

@ -6,7 +6,7 @@
Name: curl
Version: 7.71.1
Release: 33
Release: 34
Summary: Curl is used in command lines or scripts to transfer data
License: MIT
URL: https://curl.haxx.se/
@ -73,6 +73,15 @@ Patch160: backport-0002-CVE-2023-46218.patch
Patch161: backport-0001-CVE-2023-46219.patch
Patch162: backport-0002-CVE-2023-46219.patch
Patch163: backport-CVE-2024-2398.patch
Patch164: backport-dynbuf-provide-curlx_names-for-reuse-by-the-curl-tool.patch
Patch165: backport-curl-use-curlx_dynbuf-for-realloc-when-loading-config-files.patch
Patch166: backport-curl-make-file2string-use-dynbuf.patch
Patch167: backport-paramhlp-fix-CRLF-stripping-files-with-d-file.patch
Patch168: backport-libssh2-set-length-to-0-if-strdup-failed.patch
Patch169: backport-openldap-create-ldap-URLs-correctly-for-IPv6-addresses.patch
Patch170: backport-multi-avoid-memory-leak-risk.patch
Patch171: backport-tool_cb_rea-limit-rate-unpause-for-T-.-uploads.patch
Patch172: backport-tool_cfgable-free-proxy_-cipher13_list-on-exit.patch
BuildRequires: automake brotli-devel coreutils gcc groff krb5-devel
BuildRequires: libidn2-devel libnghttp2-devel libpsl-devel
@ -237,6 +246,20 @@ rm -rf ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
%{_mandir}/man3/*
%changelog
* Mon Jun 24 2024 zhouyihang <zhouyihang3@h-partners.com> - 7.71.1-34
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:dynbuf: provide curlx_ names for reuse by the curl tool
curl: use curlx_dynbuf for realloc when loading config files
curl: make file2string use dynbuf
paramhlp: fix CRLF-stripping files with "-d @file"
libssh2: set length to 0 if strdup failed
openldap: create ldap URLs correctly for IPv6 addresses
multi: avoid memory-leak risk
tool_cb_rea: limit rate unpause for -T . uploads
tool_cfgable: free {proxy_}cipher13_list on exit
* Fri Mar 29 2024 zhouyihang <zhouyihang3@h-partners.com> - 7.71.1-33
- Type:CVE
- CVE:CVE-2024-2398