Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP3:Update
curl.28980
curl-CVE-2023-28322.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File curl-CVE-2023-28322.patch of Package curl.28980
From 7815647d6582c0a4900be2e1de6c5e61272c496b Mon Sep 17 00:00:00 2001 From: Daniel Stenberg <daniel@haxx.se> Date: Tue, 25 Apr 2023 08:28:01 +0200 Subject: [PATCH] lib: unify the upload/method handling By making sure we set state.upload based on the set.method value and not independently as set.upload, we reduce confusion and mixup risks, both internally and externally. Closes #11017 --- lib/curl_rtmp.c | 4 ++-- lib/file.c | 4 ++-- lib/ftp.c | 8 ++++---- lib/http.c | 4 ++-- lib/imap.c | 6 +++--- lib/rtsp.c | 4 ++-- lib/setopt.c | 6 ++---- lib/smb.c | 6 +++--- lib/smtp.c | 4 ++-- lib/tftp.c | 8 ++++---- lib/transfer.c | 4 ++-- lib/urldata.h | 2 +- lib/vssh/libssh.c | 6 +++--- lib/vssh/libssh2.c | 6 +++--- lib/vssh/wolfssh.c | 2 +- 15 files changed, 36 insertions(+), 38 deletions(-) Index: curl-7.66.0/lib/curl_rtmp.c =================================================================== --- curl-7.66.0.orig/lib/curl_rtmp.c +++ curl-7.66.0/lib/curl_rtmp.c @@ -213,7 +213,7 @@ static CURLcode rtmp_connect(struct conn /* We have to know if it's a write before we send the * connect request packet */ - if(conn->data->set.upload) + if(conn->data->state.upload) r->Link.protocol |= RTMP_FEATURE_WRITE; /* For plain streams, use the buffer toggle trick to keep data flowing */ @@ -245,7 +245,7 @@ static CURLcode rtmp_do(struct connectda if(!RTMP_ConnectStream(r, 0)) return CURLE_FAILED_INIT; - if(conn->data->set.upload) { + if(conn->data->state.upload) { Curl_pgrsSetUploadSize(data, data->state.infilesize); Curl_setup_transfer(data, -1, -1, FALSE, FIRSTSOCKET); } Index: curl-7.66.0/lib/file.c =================================================================== --- curl-7.66.0.orig/lib/file.c +++ curl-7.66.0/lib/file.c @@ -196,7 +196,7 @@ static CURLcode file_connect(struct conn file->freepath = real_path; /* free this when done */ file->fd = fd; - if(!data->set.upload && (fd == -1)) { + if(!data->state.upload && (fd == -1)) { failf(data, "Couldn't open file %s", data->state.up.path); file_done(conn, CURLE_FILE_COULDNT_READ_FILE, FALSE); return CURLE_FILE_COULDNT_READ_FILE; @@ -388,7 +388,7 @@ static CURLcode file_do(struct connectda Curl_pgrsStartNow(data); - if(data->set.upload) + if(data->state.upload) return file_upload(conn); file = conn->data->req.protop; Index: curl-7.66.0/lib/ftp.c =================================================================== --- curl-7.66.0.orig/lib/ftp.c +++ curl-7.66.0/lib/ftp.c @@ -1368,7 +1368,7 @@ static CURLcode ftp_state_prepare_transf data->set.str[STRING_CUSTOMREQUEST]: (data->set.ftp_list_only?"NLST":"LIST")); } - else if(data->set.upload) { + else if(data->state.upload) { PPSENDF(&conn->proto.ftpc.pp, "PRET STOR %s", conn->proto.ftpc.file); } else { @@ -3286,7 +3286,7 @@ static CURLcode ftp_done(struct connectd /* the response code from the transfer showed an error already so no use checking further */ ; - else if(data->set.upload) { + else if(data->state.upload) { if((-1 != data->state.infilesize) && (data->state.infilesize != data->req.writebytecount) && !data->set.crlf && @@ -3554,7 +3554,7 @@ static CURLcode ftp_do_more(struct conne connected back to us */ } } - else if(data->set.upload) { + else if(data->state.upload) { result = ftp_nb_type(conn, data->set.prefer_ascii, FTP_STOR_TYPE); if(result) return result; @@ -4240,7 +4240,7 @@ CURLcode ftp_parse_url_path(struct conne ftpc->file = NULL; /* instead of point to a zero byte, we make it a NULL pointer */ - if(data->set.upload && !ftpc->file && (ftp->transfer == FTPTRANSFER_BODY)) { + if(data->state.upload && !ftpc->file && (ftp->transfer == FTPTRANSFER_BODY)) { /* We need a file name when uploading. Return error! */ failf(data, "Uploading to a URL without a file name!"); return CURLE_URL_MALFORMAT; Index: curl-7.66.0/lib/http.c =================================================================== --- curl-7.66.0.orig/lib/http.c +++ curl-7.66.0/lib/http.c @@ -2084,7 +2084,7 @@ CURLcode Curl_http(struct connectdata *c } if((conn->handler->protocol&(PROTO_FAMILY_HTTP|CURLPROTO_FTP)) && - data->set.upload) { + data->state.upload) { httpreq = HTTPREQ_PUT; } @@ -2265,7 +2265,7 @@ CURLcode Curl_http(struct connectdata *c if((conn->handler->protocol & PROTO_FAMILY_HTTP) && (((httpreq == HTTPREQ_POST_MIME || httpreq == HTTPREQ_POST_FORM) && http->postsize < 0) || - ((data->set.upload || httpreq == HTTPREQ_POST) && + ((data->state.upload || httpreq == HTTPREQ_POST) && data->state.infilesize == -1))) { if(conn->bits.authneg) /* don't enable chunked during auth neg */ Index: curl-7.66.0/lib/imap.c =================================================================== --- curl-7.66.0.orig/lib/imap.c +++ curl-7.66.0/lib/imap.c @@ -1472,11 +1472,11 @@ static CURLcode imap_done(struct connect result = status; /* use the already set error code */ } else if(!data->set.connect_only && !imap->custom && - (imap->uid || imap->mindex || data->set.upload || + (imap->uid || imap->mindex || data->state.upload || data->set.mimepost.kind != MIMEKIND_NONE)) { /* Handle responses after FETCH or APPEND transfer has finished */ - if(!data->set.upload && data->set.mimepost.kind == MIMEKIND_NONE) + if(!data->state.upload && data->set.mimepost.kind == MIMEKIND_NONE) state(conn, IMAP_FETCH_FINAL); else { /* End the APPEND command first by sending an empty line */ @@ -1542,7 +1542,7 @@ static CURLcode imap_perform(struct conn selected = TRUE; /* Start the first command in the DO phase */ - if(conn->data->set.upload || data->set.mimepost.kind != MIMEKIND_NONE) + if(conn->data->state.upload || data->set.mimepost.kind != MIMEKIND_NONE) /* APPEND can be executed directly */ result = imap_perform_append(conn); else if(imap->custom && (selected || !imap->mailbox)) Index: curl-7.66.0/lib/rtsp.c =================================================================== --- curl-7.66.0.orig/lib/rtsp.c +++ curl-7.66.0/lib/rtsp.c @@ -499,7 +499,7 @@ static CURLcode rtsp_do(struct connectda rtspreq == RTSPREQ_SET_PARAMETER || rtspreq == RTSPREQ_GET_PARAMETER) { - if(data->set.upload) { + if(data->state.upload) { putsize = data->state.infilesize; data->set.httpreq = HTTPREQ_PUT; @@ -518,7 +518,7 @@ static CURLcode rtsp_do(struct connectda result = Curl_add_bufferf(&req_buffer, "Content-Length: %" CURL_FORMAT_CURL_OFF_T"\r\n", - (data->set.upload ? putsize : postsize)); + (data->state.upload ? putsize : postsize)); if(result) return result; } Index: curl-7.66.0/lib/setopt.c =================================================================== --- curl-7.66.0.orig/lib/setopt.c +++ curl-7.66.0/lib/setopt.c @@ -258,8 +258,8 @@ CURLcode Curl_vsetopt(struct Curl_easy * * We want to sent data to the remote host. If this is HTTP, that equals * using the PUT request. */ - data->set.upload = (0 != va_arg(param, long)) ? TRUE : FALSE; - if(data->set.upload) { + arg = va_arg(param, long); + if(arg) { /* If this is HTTP, PUT is what's needed to "upload" */ data->set.httpreq = HTTPREQ_PUT; data->set.opt_no_body = FALSE; /* this is implied */ @@ -486,7 +486,6 @@ CURLcode Curl_vsetopt(struct Curl_easy * } else data->set.httpreq = HTTPREQ_GET; - data->set.upload = FALSE; break; case CURLOPT_COPYPOSTFIELDS: @@ -797,7 +796,6 @@ CURLcode Curl_vsetopt(struct Curl_easy * */ if(va_arg(param, long)) { data->set.httpreq = HTTPREQ_GET; - data->set.upload = FALSE; /* switch off upload */ data->set.opt_no_body = FALSE; /* this is implied */ } break; Index: curl-7.66.0/lib/smb.c =================================================================== --- curl-7.66.0.orig/lib/smb.c +++ curl-7.66.0/lib/smb.c @@ -516,7 +516,7 @@ static CURLcode smb_send_open(struct con byte_count = strlen(req->path); msg.name_length = smb_swap16((unsigned short)byte_count); msg.share_access = smb_swap32(SMB_FILE_SHARE_ALL); - if(conn->data->set.upload) { + if(conn->data->state.upload) { msg.access = smb_swap32(SMB_GENERIC_READ | SMB_GENERIC_WRITE); msg.create_disposition = smb_swap32(SMB_FILE_OVERWRITE_IF); } @@ -791,7 +791,7 @@ static CURLcode smb_request_state(struct smb_m = (const struct smb_nt_create_response*) msg; req->fid = smb_swap16(smb_m->fid); conn->data->req.offset = 0; - if(conn->data->set.upload) { + if(conn->data->state.upload) { conn->data->req.size = conn->data->state.infilesize; Curl_pgrsSetUploadSize(conn->data, conn->data->req.size); next_state = SMB_UPLOAD; Index: curl-7.66.0/lib/smtp.c =================================================================== --- curl-7.66.0.orig/lib/smtp.c +++ curl-7.66.0/lib/smtp.c @@ -1210,7 +1210,7 @@ static CURLcode smtp_done(struct connect result = status; /* use the already set error code */ } else if(!data->set.connect_only && data->set.mail_rcpt && - (data->set.upload || data->set.mimepost.kind)) { + (data->state.upload || data->set.mimepost.kind)) { /* Calculate the EOB taking into account any terminating CRLF from the previous line of the email or the CRLF of the DATA command when there is "no mail data". RFC-5321, sect. 4.1.1.4. @@ -1297,7 +1297,7 @@ static CURLcode smtp_perform(struct conn smtp->eob = 2; /* Start the first command in the DO phase */ - if((data->set.upload || data->set.mimepost.kind) && data->set.mail_rcpt) + if((data->state.upload || data->set.mimepost.kind) && data->set.mail_rcpt) /* MAIL transfer */ result = smtp_perform_mail(conn); else Index: curl-7.66.0/lib/tftp.c =================================================================== --- curl-7.66.0.orig/lib/tftp.c +++ curl-7.66.0/lib/tftp.c @@ -390,7 +390,7 @@ static CURLcode tftp_parse_option_ack(tf /* tsize should be ignored on upload: Who cares about the size of the remote file? */ - if(!data->set.upload) { + if(!data->state.upload) { if(!tsize) { failf(data, "invalid tsize -:%s:- value in OACK packet", value); return CURLE_TFTP_ILLEGAL; @@ -470,7 +470,7 @@ static CURLcode tftp_send_first(tftp_sta return result; } - if(data->set.upload) { + if(data->state.upload) { /* If we are uploading, send an WRQ */ setpacketevent(&state->spacket, TFTP_EVENT_WRQ); state->conn->data->req.upload_fromhere = @@ -505,7 +505,7 @@ static CURLcode tftp_send_first(tftp_sta if(!data->set.tftp_no_options) { char buf[64]; /* add tsize option */ - if(data->set.upload && (data->state.infilesize != -1)) + if(data->state.upload && (data->state.infilesize != -1)) msnprintf(buf, sizeof(buf), "%" CURL_FORMAT_CURL_OFF_T, data->state.infilesize); else @@ -559,7 +559,7 @@ static CURLcode tftp_send_first(tftp_sta break; case TFTP_EVENT_OACK: - if(data->set.upload) { + if(data->state.upload) { result = tftp_connect_for_tx(state, event); } else { Index: curl-7.66.0/lib/transfer.c =================================================================== --- curl-7.66.0.orig/lib/transfer.c +++ curl-7.66.0/lib/transfer.c @@ -1402,6 +1402,7 @@ void Curl_init_CONNECT(struct Curl_easy { data->state.fread_func = data->set.fread_func_set; data->state.in = data->set.in_set; + data->state.upload = (data->set.httpreq == HTTPREQ_PUT); } /* @@ -1768,7 +1769,7 @@ CURLcode Curl_retry_request(struct conne /* if we're talking upload, we can't do the checks below, unless the protocol is HTTP as when uploading over HTTP we will still get a response */ - if(data->set.upload && + if(data->state.upload && !(conn->handler->protocol&(PROTO_FAMILY_HTTP|CURLPROTO_RTSP))) return CURLE_OK; Index: curl-7.66.0/lib/urldata.h =================================================================== --- curl-7.66.0.orig/lib/urldata.h +++ curl-7.66.0/lib/urldata.h @@ -1395,6 +1395,7 @@ struct UrlState { invoked twice when the multi interface is used. */ bit stream_depends_e:1; /* set or don't set the Exclusive bit */ bit previouslypending:1; /* this transfer WAS in the multi->pending queue */ + bit upload:1; /* upload request */ }; @@ -1733,7 +1734,6 @@ struct UserDefined { bit http_auto_referer:1; /* set "correct" referer when following location: */ bit opt_no_body:1; /* as set with CURLOPT_NOBODY */ - bit upload:1; /* upload request */ bit verbose:1; /* output verbosity */ bit krb:1; /* Kerberos connection requested */ bit reuse_forbid:1; /* forbidden to be reused, close after use */ Index: curl-7.66.0/lib/vssh/libssh.c =================================================================== --- curl-7.66.0.orig/lib/vssh/libssh.c +++ curl-7.66.0/lib/vssh/libssh.c @@ -1072,7 +1072,7 @@ static CURLcode myssh_statemach_act(stru } case SSH_SFTP_TRANS_INIT: - if(data->set.upload) + if(data->state.upload) state(conn, SSH_SFTP_UPLOAD_INIT); else { if(protop->path[strlen(protop->path)-1] == '/') @@ -1682,7 +1682,7 @@ static CURLcode myssh_statemach_act(stru /* Functions from the SCP subsystem cannot handle/return SSH_AGAIN */ ssh_set_blocking(sshc->ssh_session, 1); - if(data->set.upload) { + if(data->state.upload) { if(data->state.infilesize < 0) { failf(data, "SCP requires a known file size for upload"); sshc->actualcode = CURLE_UPLOAD_FAILED; @@ -1783,7 +1783,7 @@ static CURLcode myssh_statemach_act(stru break; } case SSH_SCP_DONE: - if(data->set.upload) + if(data->state.upload) state(conn, SSH_SCP_SEND_EOF); else state(conn, SSH_SCP_CHANNEL_FREE); Index: curl-7.66.0/lib/vssh/libssh2.c =================================================================== --- curl-7.66.0.orig/lib/vssh/libssh2.c +++ curl-7.66.0/lib/vssh/libssh2.c @@ -1630,7 +1630,7 @@ static CURLcode ssh_statemach_act(struct } case SSH_SFTP_TRANS_INIT: - if(data->set.upload) + if(data->state.upload) state(conn, SSH_SFTP_UPLOAD_INIT); else { if(sftp_scp->path[strlen(sftp_scp->path)-1] == '/') @@ -2332,7 +2332,7 @@ static CURLcode ssh_statemach_act(struct break; } - if(data->set.upload) { + if(data->state.upload) { if(data->state.infilesize < 0) { failf(data, "SCP requires a known file size for upload"); sshc->actualcode = CURLE_UPLOAD_FAILED; @@ -2470,7 +2470,7 @@ static CURLcode ssh_statemach_act(struct break; case SSH_SCP_DONE: - if(data->set.upload) + if(data->state.upload) state(conn, SSH_SCP_SEND_EOF); else state(conn, SSH_SCP_CHANNEL_FREE);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
