!2 fix CVE-2019-15601
Merge pull request !2 from Vchanger/CVE-2019-15601
This commit is contained in:
openeuler-ci-bot
Gitee
commit
1c74858e38
45
0106-curl-fix-CVE-2019-15601.patch
Normal file
45
0106-curl-fix-CVE-2019-15601.patch
Normal file
@ -0,0 +1,45 @@
|
|||||||
|
From 1b71bc532bde8621fd3260843f8197182a467ff2 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daniel Stenberg <daniel@haxx.se>
|
||||||
|
Date: Thu, 7 Nov 2019 10:13:01 +0100
|
||||||
|
Subject: [PATCH] file: on Windows, refuse paths that start with \\
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
... as that might cause an unexpected SMB connection to a given host
|
||||||
|
name.
|
||||||
|
|
||||||
|
Reported-by: Fernando Muñoz
|
||||||
|
CVE-2019-15601
|
||||||
|
Bug: https://curl.haxx.se/docs/CVE-2019-15601.html
|
||||||
|
---
|
||||||
|
lib/file.c | 6 ++++--
|
||||||
|
1 file changed, 4 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/file.c b/lib/file.c
|
||||||
|
index d349cd9..166931d 100644
|
||||||
|
--- a/lib/file.c
|
||||||
|
+++ b/lib/file.c
|
||||||
|
@@ -136,7 +136,7 @@ static CURLcode file_connect(struct connectdata *conn, bool *done)
|
||||||
|
struct Curl_easy *data = conn->data;
|
||||||
|
char *real_path;
|
||||||
|
struct FILEPROTO *file = data->req.protop;
|
||||||
|
- int fd;
|
||||||
|
+ int fd = -1;
|
||||||
|
#ifdef DOS_FILESYSTEM
|
||||||
|
size_t i;
|
||||||
|
char *actual_path;
|
||||||
|
@@ -181,7 +181,9 @@ static CURLcode file_connect(struct connectdata *conn, bool *done)
|
||||||
|
return CURLE_URL_MALFORMAT;
|
||||||
|
}
|
||||||
|
|
||||||
|
- fd = open_readonly(actual_path, O_RDONLY|O_BINARY);
|
||||||
|
+ if(strncmp("\\\\", actual_path, 2))
|
||||||
|
+ /* refuse to open path that starts with two backslashes */
|
||||||
|
+ fd = open_readonly(actual_path, O_RDONLY|O_BINARY);
|
||||||
|
file->path = actual_path;
|
||||||
|
#else
|
||||||
|
if(memchr(real_path, 0, real_path_len)) {
|
||||||
|
--
|
||||||
|
1.8.3.1
|
||||||
|
|
||||||
@ -6,7 +6,7 @@
|
|||||||
|
|
||||||
Name: curl
|
Name: curl
|
||||||
Version: 7.66.0
|
Version: 7.66.0
|
||||||
Release: 1
|
Release: 2
|
||||||
Summary: Curl is used in command lines or scripts to transfer data
|
Summary: Curl is used in command lines or scripts to transfer data
|
||||||
License: MIT
|
License: MIT
|
||||||
URL: https://curl.haxx.se/
|
URL: https://curl.haxx.se/
|
||||||
@ -18,6 +18,7 @@ Patch102: 0102-curl-7.36.0-debug.patch
|
|||||||
Patch103: 0103-curl-7.59.0-python3.patch
|
Patch103: 0103-curl-7.59.0-python3.patch
|
||||||
Patch104: 0104-curl-7.19.7-localhost6.patch
|
Patch104: 0104-curl-7.19.7-localhost6.patch
|
||||||
Patch105: 0105-curl-7.63.0-lib1560-valgrind.patch
|
Patch105: 0105-curl-7.63.0-lib1560-valgrind.patch
|
||||||
|
Patch106: 0106-curl-fix-CVE-2019-15601.patch
|
||||||
|
|
||||||
BuildRequires: automake brotli-devel coreutils gcc groff krb5-devel
|
BuildRequires: automake brotli-devel coreutils gcc groff krb5-devel
|
||||||
BuildRequires: libidn2-devel libmetalink-devel libnghttp2-devel libpsl-devel
|
BuildRequires: libidn2-devel libmetalink-devel libnghttp2-devel libpsl-devel
|
||||||
@ -157,6 +158,12 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
|
|||||||
%{_mandir}/man3/*
|
%{_mandir}/man3/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Mar 17 2020 chenzhen <chenzhen44@huawei.com> - 7.66.0-2
|
||||||
|
- Type:cves
|
||||||
|
- ID:CVE-2019-15601
|
||||||
|
- SUG:NA
|
||||||
|
- DESC:fix CVE-2019-15601
|
||||||
|
|
||||||
* Sat Jan 11 2020 openEuler Buildteam <buildteam@openeuler.org> - 7.66.0-1
|
* Sat Jan 11 2020 openEuler Buildteam <buildteam@openeuler.org> - 7.66.0-1
|
||||||
- update to 7.66.0
|
- update to 7.66.0
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user