Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP3:GA
curl-mini.17557
curl-CVE-2020-8231.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File curl-CVE-2020-8231.patch of Package curl-mini.17557
From 8c899c70575126151628b1455429cdb7224894fc Mon Sep 17 00:00:00 2001 From: Daniel Stenberg <daniel@haxx.se> Date: Mon, 3 Aug 2020 14:54:13 +0200 Subject: [PATCH] Curl_easy: remember last connection by id, not by pointer CVE-2020-8231 Bug: https://curl.haxx.se/docs/CVE-2020-8231.html Reported-by: Marc Aldorasi --- lib/connect.c | 19 ++++++++++--------- lib/easy.c | 3 +-- lib/multi.c | 10 ++++++---- lib/url.c | 2 +- lib/urldata.h | 2 +- 5 files changed, 19 insertions(+), 17 deletions(-) Index: curl-7.66.0/lib/connect.c =================================================================== --- curl-7.66.0.orig/lib/connect.c +++ curl-7.66.0/lib/connect.c @@ -1328,15 +1328,15 @@ CURLcode Curl_connecthost(struct connect } struct connfind { - struct connectdata *tofind; - bool found; + long id_tofind; + struct connectdata *found; }; static int conn_is_conn(struct connectdata *conn, void *param) { struct connfind *f = (struct connfind *)param; - if(conn == f->tofind) { - f->found = TRUE; + if(conn->connection_id == f->id_tofind) { + f->found = conn; return 1; } return 0; @@ -1358,21 +1358,22 @@ curl_socket_t Curl_getconnectinfo(struct * - that is associated with a multi handle, and whose connection * was detached with CURLOPT_CONNECT_ONLY */ - if(data->state.lastconnect && (data->multi_easy || data->multi)) { - struct connectdata *c = data->state.lastconnect; + if((data->state.lastconnect_id != -1) && (data->multi_easy || data->multi)) { + struct connectdata *c; struct connfind find; - find.tofind = data->state.lastconnect; - find.found = FALSE; + find.id_tofind = data->state.lastconnect_id; + find.found = NULL; Curl_conncache_foreach(data, data->multi_easy? &data->multi_easy->conn_cache: &data->multi->conn_cache, &find, conn_is_conn); if(!find.found) { - data->state.lastconnect = NULL; + data->state.lastconnect_id = -1; return CURL_SOCKET_BAD; } + c = find.found; if(connp) { /* only store this if the caller cares for it */ *connp = c; Index: curl-7.66.0/lib/easy.c =================================================================== --- curl-7.66.0.orig/lib/easy.c +++ curl-7.66.0/lib/easy.c @@ -828,8 +828,7 @@ struct Curl_easy *curl_easy_duphandle(st /* the connection cache is setup on demand */ outcurl->state.conn_cache = NULL; - - outcurl->state.lastconnect = NULL; + outcurl->state.lastconnect_id = -1; outcurl->progress.flags = data->progress.flags; outcurl->progress.callback = data->progress.callback; Index: curl-7.66.0/lib/multi.c =================================================================== --- curl-7.66.0.orig/lib/multi.c +++ curl-7.66.0/lib/multi.c @@ -434,6 +434,7 @@ CURLMcode curl_multi_add_handle(struct C data->state.conn_cache = &data->share->conn_cache; else data->state.conn_cache = &multi->conn_cache; + data->state.lastconnect_id = -1; #ifdef USE_LIBPSL /* Do the same for PSL. */ @@ -639,11 +640,11 @@ static CURLcode multi_done(struct Curl_e /* the connection is no longer in use by this transfer */ if(Curl_conncache_return_conn(conn)) { /* remember the most recently used connection */ - data->state.lastconnect = conn; + data->state.lastconnect_id = conn->connection_id; infof(data, "%s\n", buffer); } else - data->state.lastconnect = NULL; + data->state.lastconnect_id = -1; } Curl_free_request_state(data); Index: curl-7.66.0/lib/url.c =================================================================== --- curl-7.66.0.orig/lib/url.c +++ curl-7.66.0/lib/url.c @@ -608,7 +608,7 @@ CURLcode Curl_open(struct Curl_easy **cu Curl_initinfo(data); /* most recent connection is not yet defined */ - data->state.lastconnect = NULL; + data->state.lastconnect_id = -1; data->progress.flags |= PGRS_HIDE; data->state.current_speed = -1; /* init to negative == impossible */ Index: curl-7.66.0/lib/urldata.h =================================================================== --- curl-7.66.0.orig/lib/urldata.h +++ curl-7.66.0/lib/urldata.h @@ -1274,7 +1274,7 @@ struct UrlState { /* buffers to store authentication data in, as parsed from input options */ struct curltime keeps_speed; /* for the progress meter really */ - struct connectdata *lastconnect; /* The last connection, NULL if undefined */ + long lastconnect_id; /* The last connection, -1 if undefined */ char *headerbuff; /* allocated buffer to store headers in */ size_t headersize; /* size of the allocation */
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
