fix CVE-2023-32001
This commit is contained in:
sherlock2010
parent
59b0169f42
commit
36f3729c77
37
backport-CVE-2023-32001.patch
Normal file
37
backport-CVE-2023-32001.patch
Normal file
@ -0,0 +1,37 @@
|
||||
From 0c667188e0c6cda615a036b8a2b4125f2c404dde Mon Sep 17 00:00:00 2001
|
||||
From: SaltyMilk <soufiane.elmelcaoui@gmail.com>
|
||||
Date: Mon, 10 Jul 2023 21:43:28 +0200
|
||||
Subject: [PATCH] fopen: optimize
|
||||
|
||||
Closes #11419
|
||||
---
|
||||
lib/fopen.c | 12 ++++++------
|
||||
1 file changed, 6 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/lib/fopen.c b/lib/fopen.c
|
||||
index c9c9e3d6e..b6e3caddd 100644
|
||||
--- a/lib/fopen.c
|
||||
+++ b/lib/fopen.c
|
||||
@@ -56,13 +56,13 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename,
|
||||
int fd = -1;
|
||||
*tempname = NULL;
|
||||
|
||||
- if(stat(filename, &sb) == -1 || !S_ISREG(sb.st_mode)) {
|
||||
- /* a non-regular file, fallback to direct fopen() */
|
||||
- *fh = fopen(filename, FOPEN_WRITETEXT);
|
||||
- if(*fh)
|
||||
- return CURLE_OK;
|
||||
+ *fh = fopen(filename, FOPEN_WRITETEXT);
|
||||
+ if(!*fh)
|
||||
goto fail;
|
||||
- }
|
||||
+ if(fstat(fileno(*fh), &sb) == -1 || !S_ISREG(sb.st_mode))
|
||||
+ return CURLE_OK;
|
||||
+ fclose(*fh);
|
||||
+ *fh = NULL;
|
||||
|
||||
result = Curl_rand_hex(data, randsuffix, sizeof(randsuffix));
|
||||
if(result)
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -6,7 +6,7 @@
|
||||
|
||||
Name: curl
|
||||
Version: 8.1.2
|
||||
Release: 1
|
||||
Release: 2
|
||||
Summary: Curl is used in command lines or scripts to transfer data
|
||||
License: curl
|
||||
URL: https://curl.se/
|
||||
@ -15,6 +15,7 @@ Source: https://curl.se/download/curl-%{version}.tar.xz
|
||||
Patch1: backport-0101-curl-7.32.0-multilib.patch
|
||||
Patch2: backport-curl-7.84.0-test3026.patch
|
||||
Patch4: backport-curl-7.88.0-tests-warnings.patch
|
||||
Patch5: backport-CVE-2023-32001.patch
|
||||
|
||||
BuildRequires: automake brotli-devel coreutils gcc groff krb5-devel
|
||||
BuildRequires: libidn2-devel libnghttp2-devel libpsl-devel
|
||||
@ -199,6 +200,12 @@ rm -rf ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
|
||||
%{_mandir}/man3/*
|
||||
|
||||
%changelog
|
||||
* Thu Jul 20 2023 zhouyihang <zhouyihang3@h-partners.com> - 8.1.2-2
|
||||
- Type:CVE
|
||||
- CVE:CVE-2023-32001
|
||||
- SUG:NA
|
||||
- DESC:fix CVE-2023-32001
|
||||
|
||||
* Sat Jul 15 2023 gaihuiying <eaglegai@163.com> - 8.1.2-1
|
||||
- Type:requirement
|
||||
- CVE:NA
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user