packages/curl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!1 update to 7.66.0

Browse Source 
Merge pull request !1 from algorithmofdish/master
This commit is contained in:
openeuler-ci-bot 2020-01-12 13:00:25 +08:00 committed by Gitee
commit 4e989ea0fc
64 changed files with 174 additions and 2829 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
0001-curl-7.61.1-test320-gnutls.patch
View File

@ -1,63 +0,0 @@
From 3cd5b375e31fb98e4782dc3a77e7316ad9eb26cf Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 4 Oct 2018 15:34:13 +0200
Subject: [PATCH] test320: strip out more HTML when comparing
To make the test case work with different gnutls-serv versions better.
Reported-by: Kamil Dudka
Fixes #3093
Closes #3094
Upstream-commit: 94ad57b0246b5658c2a9139dbe6a80efa4c4e2f3
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
tests/data/test320 | 24 ++++--------------------
1 file changed, 4 insertions(+), 20 deletions(-)
diff --git a/tests/data/test320 b/tests/data/test320
index 457a11eb2..87311d4f2 100644
--- a/tests/data/test320
+++ b/tests/data/test320
@@ -62,34 +62,18 @@ simple TLS-SRP HTTPS GET, check user in response
HTTP/1.0 200 OK
Content-type: text/html
-
-<HTML><BODY>
-<CENTER><H1>This is <a href="http://www.gnu.org/software/gnutls">GnuTLS</a></H1></CENTER>
-
-
-
-<h5>If your browser supports session resuming, then you should see the same session ID, when you press the <b>reload</b> button.</h5>
-<p>Connected as user 'jsmith'.</p>
-<P>
-<TABLE border=1><TR><TD></TD></TR>
-<TR><TD>Key Exchange:</TD><TD>SRP</TD></TR>
-<TR><TD>Compression</TD><TD>NULL</TD></TR>
-<TR><TD>Cipher</TD><TD>AES-NNN-CBC</TD></TR>
-<TR><TD>MAC</TD><TD>SHA1</TD></TR>
-<TR><TD>Ciphersuite</TD><TD>SRP_SHA_AES_NNN_CBC_SHA1</TD></TR></p></TABLE>
-<hr><P>Your HTTP header was:<PRE>Host: %HOSTIP:%HTTPTLSPORT
+FINE
User-Agent: curl-test-suite
Accept: */*
-</PRE></P>
-</BODY></HTML>
-
</file>
<stripfile>
-s/^<p>Session ID:.*//
+s/^<p>Connected as user 'jsmith'.*/FINE/
s/Protocol version:.*[0-9]//
s/GNUTLS/GnuTLS/
s/(AES[-_])\d\d\d([-_]CBC)/$1NNN$2/
+s/^<.*\n//
+s/^\n//
</stripfile>
</verify>
--
2.17.1

71
0001-curl-7.66.0-metalink-memleak.patch Normal file
View File

@ -0,0 +1,71 @@
From 855ebacdffbc421b121563ae1ecd9fde736bfaf2 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Wed, 11 Sep 2019 16:32:11 +0200
Subject: [PATCH] curl: fix memory leaked by parse_metalink()
This commit fixes a regression introduced by curl-7_65_3-5-gb88940850.
Detected by tests 2005, 2008, 2009, 2010, 2011, and 2012 with valgrind
and libmetalink enabled.
Closes #4326
Upstream-commit: 1ca91bcdb588dc6c25d345f2411fdba314433732
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
src/tool_metalink.c | 2 +-
src/tool_metalink.h | 3 +++
src/tool_operate.c | 4 ++++
3 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/tool_metalink.c b/src/tool_metalink.c
index 0740407f9..cd5a7d650 100644
--- a/src/tool_metalink.c
+++ b/src/tool_metalink.c
@@ -965,7 +965,7 @@ static void delete_metalink_resource(metalink_resource *res)
Curl_safefree(res);
}
-static void delete_metalinkfile(metalinkfile *mlfile)
+void delete_metalinkfile(metalinkfile *mlfile)
{
metalink_resource *res;
if(mlfile == NULL) {
diff --git a/src/tool_metalink.h b/src/tool_metalink.h
index 1e367033c..f5ec306f7 100644
--- a/src/tool_metalink.h
+++ b/src/tool_metalink.h
@@ -105,6 +105,8 @@ extern const digest_params SHA256_DIGEST_PARAMS[1];
* Counts the resource in the metalinkfile.
*/
int count_next_metalink_resource(metalinkfile *mlfile);
+
+void delete_metalinkfile(metalinkfile *mlfile);
void clean_metalink(struct OperationConfig *config);
/*
@@ -158,6 +160,7 @@ void metalink_cleanup(void);
#else /* USE_METALINK */
#define count_next_metalink_resource(x) 0
+#define delete_metalinkfile(x) (void)x
#define clean_metalink(x) (void)x
/* metalink_cleanup() takes no arguments */
diff --git a/src/tool_operate.c b/src/tool_operate.c
index d2ad9642d..09dfc0c84 100644
--- a/src/tool_operate.c
+++ b/src/tool_operate.c
@@ -2073,6 +2073,10 @@ static CURLcode serial_transfers(struct GlobalConfig *global,
result = post_transfer(global, share, per, result, &retry);
if(retry)
continue;
+
+ /* Release metalink related resources here */
+ delete_metalinkfile(per->mlfile);
+
per = del_transfer(per);
/* Bail out upon critical errors or --fail-early */
--
2.20.1

24
0001-fix-double-free-when-multi-perform.patch
View File

@ -1,24 +0,0 @@
From 8df95297b910daa93627eb3edb89f863e6867b93 Mon Sep 17 00:00:00 2001
From: wangjia <wangjia55@huawei.com>
Date: Sat, 30 Mar 2019 01:14:21 -0400
Subject: [PATCH] fix double free when multi perform
---
lib/multi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/multi.c b/lib/multi.c
index 49b8b19..228a3da 100644
--- a/lib/multi.c
+++ b/lib/multi.c
@@ -2034,7 +2034,6 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
else if(comeback)
rc = CURLM_CALL_MULTI_PERFORM;
- free(newurl);
break;
}
--
2.19.1

2
0101-curl-7.32.0-multilib.patch
View File

@ -22,7 +22,7 @@ index 150004d..95d0759 100644
;; ;;
--prefix) --prefix)
@@ -143,32 +143,17 @@ while test $# -gt 0; do @@ -155,32 +155,17 @@ while test $# -gt 0; do
;; ;;
--libs) --libs)

4
0102-curl-7.36.0-debug.patch
View File

@ -12,7 +12,7 @@ diff --git a/configure b/configure
index 8f079a3..53b4774 100755 index 8f079a3..53b4774 100755
--- a/configure --- a/configure
+++ b/configure +++ b/configure
@@ -16414,18 +16414,11 @@ $as_echo "yes" >&6; } @@ -16301,18 +16301,11 @@ $as_echo "yes" >&6; }
gccvhi=`echo $gccver | cut -d . -f1` gccvhi=`echo $gccver | cut -d . -f1`
gccvlo=`echo $gccver | cut -d . -f2` gccvlo=`echo $gccver | cut -d . -f2`
compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null` compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`
@ -38,7 +38,7 @@ diff --git a/m4/curl-compilers.m4 b/m4/curl-compilers.m4
index 0cbba7a..9175b5b 100644 index 0cbba7a..9175b5b 100644
--- a/m4/curl-compilers.m4 --- a/m4/curl-compilers.m4
+++ b/m4/curl-compilers.m4 +++ b/m4/curl-compilers.m4
@@ -157,18 +157,11 @@ AC_DEFUN([CURL_CHECK_COMPILER_GNU_C], [ @@ -166,18 +166,11 @@ AC_DEFUN([CURL_CHECK_COMPILER_GNU_C], [
gccvhi=`echo $gccver | cut -d . -f1` gccvhi=`echo $gccver | cut -d . -f1`
gccvlo=`echo $gccver | cut -d . -f2` gccvlo=`echo $gccver | cut -d . -f2`
compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null` compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`

91
0103-curl-7.59.0-python3.patch
View File

@ -1,88 +1,23 @@
From bdba7b54224814055185513de1e7ff6619031553 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Thu, 15 Mar 2018 13:21:40 +0100
Subject: [PATCH 1/2] tests/http_pipe.py: migrate to Python 3
---
tests/http_pipe.py | 4 ++--
tests/runtests.pl | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/tests/http_pipe.py b/tests/http_pipe.py
index bc32173..75ac165 100755
--- a/tests/http_pipe.py
+++ b/tests/http_pipe.py
@@ -383,13 +383,13 @@ class PipelineRequestHandler(socketserver.BaseRequestHandler):
self.request.setblocking(True)
if not new_data:
return
- new_requests = self._request_parser.ParseAdditionalData(new_data)
+ new_requests = self._request_parser.ParseAdditionalData(new_data.decode('utf8'))
self._response_builder.QueueRequests(
new_requests, self._request_parser.were_all_requests_http_1_1)
self._num_queued += len(new_requests)
self._last_queued_time = time.time()
elif fileno in wlist:
- num_bytes_sent = self.request.send(self._send_buffer[0:4096])
+ num_bytes_sent = self.request.send(self._send_buffer[0:4096].encode('utf8'))
self._send_buffer = self._send_buffer[num_bytes_sent:]
time.sleep(0.05)
diff --git a/tests/runtests.pl b/tests/runtests.pl
index d6aa5ca..4d395ef 100755
--- a/tests/runtests.pl
+++ b/tests/runtests.pl
@@ -1439,7 +1439,7 @@ sub runhttpserver {
elsif($alt eq "pipe") {
# basically the same, but another ID
$idnum = 3;
- $exe = "python $srcdir/http_pipe.py";
+ $exe = "python3 $srcdir/http_pipe.py";
$verbose_flag .= "1 ";
}
elsif($alt eq "unix") {
--
2.14.3
From 3c4c7340e455b7256c0786759422f34ec3e2d440 Mon Sep 17 00:00:00 2001 From 3c4c7340e455b7256c0786759422f34ec3e2d440 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com> From: Kamil Dudka <kdudka@redhat.com>
Date: Thu, 15 Mar 2018 14:49:56 +0100 Date: Thu, 15 Mar 2018 14:49:56 +0100
Subject: [PATCH 2/2] tests/{negtelnet,smb}server.py: migrate to Python 3 Subject: [PATCH] tests/{negtelnet,smb}server.py: migrate to Python 3
Unfortunately, smbserver.py does not work with Python 3 because Unfortunately, smbserver.py does not work with Python 3 because
there is no 'impacket' module available for Python 3: there is no 'impacket' module available for Python 3:
https://github.com/CoreSecurity/impacket/issues/61 https://github.com/CoreSecurity/impacket/issues/61
--- ---
tests/negtelnetserver.py | 12 ++++++------ tests/negtelnetserver.py | 4 ++--
tests/smbserver.py | 4 ++-- tests/smbserver.py | 4 ++--
2 files changed, 8 insertions(+), 8 deletions(-) 2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/tests/negtelnetserver.py b/tests/negtelnetserver.py diff --git a/tests/negtelnetserver.py b/tests/negtelnetserver.py
index 8cfd409..72ee771 100755 index 8cfd409..72ee771 100755
--- a/tests/negtelnetserver.py --- a/tests/negtelnetserver.py
+++ b/tests/negtelnetserver.py +++ b/tests/negtelnetserver.py
@@ -23,7 +23,7 @@ IDENT = "NTEL"
# The strings that indicate the test framework is checking our aliveness
VERIFIED_REQ = b"verifiedserver"
-VERIFIED_RSP = b"WE ROOLZ: {pid}"
+VERIFIED_RSP = "WE ROOLZ: {pid}"
def telnetserver(options):
@@ -34,7 +34,7 @@ def telnetserver(options):
if options.pidfile:
pid = os.getpid()
with open(options.pidfile, "w") as f:
- f.write(b"{0}".format(pid))
+ f.write("{0}".format(pid))
local_bind = (HOST, options.port)
log.info("Listening on %s", local_bind)
@@ -73,11 +73,11 @@ class NegotiatingTelnetHandler(socketserver.BaseRequestHandler): @@ -73,11 +73,11 @@ class NegotiatingTelnetHandler(socketserver.BaseRequestHandler):
response_data = VERIFIED_RSP.format(pid=os.getpid()) response_data = response.encode('ascii')
else: else:
log.debug("Received normal request - echoing back") log.debug("Received normal request - echoing back")
- response_data = data.strip() - response_data = data.strip()
@ -95,24 +30,6 @@ index 8cfd409..72ee771 100755
except IOError: except IOError:
log.exception("IOError hit during request") log.exception("IOError hit during request")
@@ -132,7 +132,7 @@ class Negotiator(object):
return buffer
def byte_to_int(self, byte):
- return struct.unpack(b'B', byte)[0]
+ return int(byte)
def no_neg(self, byte, byte_int, buffer):
# Not negotiating anything thus far. Check to see if we
@@ -197,7 +197,7 @@ class Negotiator(object):
self.tcp.sendall(packed_message)
def pack(self, arr):
- return struct.pack(b'{0}B'.format(len(arr)), *arr)
+ return struct.pack('{0}B'.format(len(arr)), *arr)
def send_iac(self, arr):
message = [NegTokens.IAC]
diff --git a/tests/smbserver.py b/tests/smbserver.py diff --git a/tests/smbserver.py b/tests/smbserver.py
index 195ae39..b09cd44 100755 index 195ae39..b09cd44 100755
--- a/tests/smbserver.py --- a/tests/smbserver.py

4
0104-curl-7.19.7-localhost6.patch
View File

@ -14,8 +14,8 @@ index e441278..b0958b6 100644
+-g "http://%HOST6IP:%HTTP6PORT/1083" --interface localhost6 +-g "http://%HOST6IP:%HTTP6PORT/1083" --interface localhost6
</command> </command>
<precheck> <precheck>
-perl -e "if ('%CLIENT6IP' ne '[::1]') {print 'Test requires default test server host address';} else {exec './server/resolve --ipv6 ip6-localhost'; print 'Cannot run precheck resolve';}" -perl -e "if ('%CLIENT6IP' ne '[::1]') {print 'Test requires default test client host address';} else {exec './server/resolve --ipv6 ip6-localhost'; print 'Cannot run precheck resolve';}"
+perl -e "if ('%CLIENT6IP' ne '[::1]') {print 'Test requires default test server host address';} else {exec './server/resolve --ipv6 localhost6'; print 'Cannot run precheck resolve';}" +perl -e "if ('%CLIENT6IP' ne '[::1]') {print 'Test requires default test client host address';} else {exec './server/resolve --ipv6 localhost6'; print 'Cannot run precheck resolve';}"
</precheck> </precheck>
</client> </client>

39
0105-curl-7.63.0-lib1560-valgrind.patch Normal file
View File

@ -0,0 +1,39 @@
From f55cca0e86f59ec11ffafd5c0503c39ca3723e2e Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Mon, 4 Feb 2019 17:32:56 +0100
Subject: [PATCH] libtest: compile lib1560.c with -fno-builtin-strcmp
... to prevent valgrind from reporting false positives on x86_64:
Conditional jump or move depends on uninitialised value(s)
at 0x10BCAA: part2id (lib1560.c:489)
by 0x10BCAA: updateurl (lib1560.c:521)
by 0x10BCAA: set_parts (lib1560.c:630)
by 0x10BCAA: test (lib1560.c:802)
by 0x4923412: (below main) (in /usr/lib64/libc-2.28.9000.so)
Conditional jump or move depends on uninitialised value(s)
at 0x10BCC3: part2id (lib1560.c:491)
by 0x10BCC3: updateurl (lib1560.c:521)
by 0x10BCC3: set_parts (lib1560.c:630)
by 0x10BCC3: test (lib1560.c:802)
by 0x4923412: (below main) (in /usr/lib64/libc-2.28.9000.so)
---
tests/libtest/Makefile.inc | 1 +
1 file changed, 1 insertion(+)
diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc
index 080421b..ea3b806 100644
--- a/tests/libtest/Makefile.inc
+++ b/tests/libtest/Makefile.inc
@@ -531,6 +531,7 @@ lib1559_SOURCES = lib1559.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
lib1559_LDADD = $(TESTUTIL_LIBS)
lib1560_SOURCES = lib1560.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
+lib1560_CFLAGS = $(AM_CFLAGS) -fno-builtin-strcmp
lib1560_LDADD = $(TESTUTIL_LIBS)
lib1591_SOURCES = lib1591.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
--
2.17.2

29
CVE-2018-16839-Curl_auth_create_plain_message-fix-too-large-input-c.patch
View File

@ -1,29 +0,0 @@
From f3a24d7916b9173c69a3e0ee790102993833d6c5 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 28 Sep 2018 16:08:16 +0200
Subject: [PATCH 225/557] Curl_auth_create_plain_message: fix
too-large-input-check
CVE-2018-16839
Reported-by: Harry Sintonen
Bug: https://curl.haxx.se/docs/CVE-2018-16839.html
---
lib/vauth/cleartext.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/vauth/cleartext.c b/lib/vauth/cleartext.c
index a10edbd..be6d611 100644
--- a/lib/vauth/cleartext.c
+++ b/lib/vauth/cleartext.c
@@ -74,7 +74,7 @@ CURLcode Curl_auth_create_plain_message(struct Curl_easy *data,
plen = strlen(passwdp);
/* Compute binary message length. Check for overflows. */
- if((ulen > SIZE_T_MAX/2) || (plen > (SIZE_T_MAX/2 - 2)))
+ if((ulen > SIZE_T_MAX/4) || (plen > (SIZE_T_MAX/2 - 2)))
return CURLE_OUT_OF_MEMORY;
plainlen = 2 * ulen + plen + 2;
--
1.8.3.1

36
CVE-2018-16840-Curl_close-clear-data-multi_easy-on-free-to-avoid-us.patch
View File

@ -1,36 +0,0 @@
From 81d135d67155c5295b1033679c606165d4e28f3f Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 18 Oct 2018 15:07:15 +0200
Subject: [PATCH 224/557] Curl_close: clear data->multi_easy on free to avoid
use-after-free
Regression from b46cfbc068 (7.59.0)
CVE-2018-16840
Reported-by: Brian Carpenter (Geeknik Labs)
Bug: https://curl.haxx.se/docs/CVE-2018-16840.html
---
lib/url.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/lib/url.c b/lib/url.c
index 723b898..0d5a13f 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -319,10 +319,12 @@ CURLcode Curl_close(struct Curl_easy *data)
and detach this handle from there. */
curl_multi_remove_handle(data->multi, data);
- if(data->multi_easy)
+ if(data->multi_easy) {
/* when curl_easy_perform() is used, it creates its own multi handle to
use and this is the one */
curl_multi_cleanup(data->multi_easy);
+ data->multi_easy = NULL;
+ }
/* Destroy the timeout list that is held in the easy handle. It is
/normally/ done by curl_multi_remove_handle() but this is "just in
--
1.8.3.1

29
CVE-2018-16842-voutf-fix-bad-arethmetic-when-outputting-warnings-to.patch
View File

@ -1,29 +0,0 @@
From d530e92f59ae9bb2d47066c3c460b25d2ffeb211 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Sun, 28 Oct 2018 01:33:23 +0200
Subject: [PATCH 232/557] voutf: fix bad arethmetic when outputting warnings to
stderr
CVE-2018-16842
Reported-by: Brian Carpenter
Bug: https://curl.haxx.se/docs/CVE-2018-16842.html
---
src/tool_msgs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/tool_msgs.c b/src/tool_msgs.c
index 832ed81..f5e1df2 100644
--- a/src/tool_msgs.c
+++ b/src/tool_msgs.c
@@ -67,7 +67,7 @@ static void voutf(struct GlobalConfig *config,
(void)fwrite(ptr, cut + 1, 1, config->errors);
fputs("\n", config->errors);
ptr += cut + 1; /* skip the space too */
- len -= cut;
+ len -= cut + 1;
}
else {
fputs(ptr, config->errors);
--
1.8.3.1

34
CVE-2018-16890-NTLM-fix-size-check-condition-for-type2-received-dat.patch
View File

@ -1,34 +0,0 @@
From b780b30d1377adb10bbe774835f49e9b237fb9bb Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 2 Jan 2019 20:33:08 +0100
Subject: [PATCH 478/557] NTLM: fix size check condition for type2 received
data
Bug: https://curl.haxx.se/docs/CVE-2018-16890.html
Reported-by: Wenxiang Qian
CVE-2018-16890
---
lib/vauth/ntlm.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/lib/vauth/ntlm.c b/lib/vauth/ntlm.c
index c3d55ed..0ad4d97 100644
--- a/lib/vauth/ntlm.c
+++ b/lib/vauth/ntlm.c
@@ -182,10 +182,11 @@ static CURLcode ntlm_decode_type2_target(struct Curl_easy *data,
target_info_len = Curl_read16_le(&buffer[40]);
target_info_offset = Curl_read32_le(&buffer[44]);
if(target_info_len > 0) {
- if(((target_info_offset + target_info_len) > size) ||
+ if((target_info_offset >= size) ||
+ ((target_info_offset + target_info_len) > size) ||
(target_info_offset < 48)) {
infof(data, "NTLM handshake failure (bad type-2 message). "
- "Target Info Offset Len is set incorrect by the peer\n");
+ "Target Info Offset Len is set incorrect by the peer\n");
return CURLE_BAD_CONTENT_ENCODING;
}
--
1.8.3.1

39
CVE-2019-3822-ntlm-fix-_type3_message-size-check-to-avoid-buffer-o.patch
View File

@ -1,39 +0,0 @@
From 50c9484278c63b958655a717844f0721263939cc Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 3 Jan 2019 12:59:28 +0100
Subject: [PATCH 479/557] ntlm: fix *_type3_message size check to avoid buffer
overflow
Bug: https://curl.haxx.se/docs/CVE-2019-3822.html
Reported-by: Wenxiang Qian
CVE-2019-3822
---
lib/vauth/ntlm.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/lib/vauth/ntlm.c b/lib/vauth/ntlm.c
index 0ad4d97..6a8fc5a 100644
--- a/lib/vauth/ntlm.c
+++ b/lib/vauth/ntlm.c
@@ -779,11 +779,14 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
});
#ifdef USE_NTRESPONSES
- if(size < (NTLM_BUFSIZE - ntresplen)) {
- DEBUGASSERT(size == (size_t)ntrespoff);
- memcpy(&ntlmbuf[size], ptr_ntresp, ntresplen);
- size += ntresplen;
+ /* ntresplen + size should not be risking an integer overflow here */
+ if(ntresplen + size > sizeof(ntlmbuf)) {
+ failf(data, "incoming NTLM message too big");
+ return CURLE_OUT_OF_MEMORY;
}
+ DEBUGASSERT(size == (size_t)ntrespoff);
+ memcpy(&ntlmbuf[size], ptr_ntresp, ntresplen);
+ size += ntresplen;
DEBUG_OUT({
fprintf(stderr, "\n ntresp=");
--
1.8.3.1

47
CVE-2019-3823-smtp-avoid-risk-of-buffer-overflow-in-strtol.patch
View File

@ -1,47 +0,0 @@
From 39df4073e5413fcdbb5a38da0c1ce6f1c0ceb484 Mon Sep 17 00:00:00 2001
From: Daniel Gustafsson <daniel@yesql.se>
Date: Sat, 19 Jan 2019 00:42:47 +0100
Subject: [PATCH 480/557] smtp: avoid risk of buffer overflow in strtol
If the incoming len 5, but the buffer does not have a termination
after 5 bytes, the strtol() call may keep reading through the line
buffer until is exceeds its boundary. Fix by ensuring that we are
using a bounded read with a temporary buffer on the stack.
Bug: https://curl.haxx.se/docs/CVE-2019-3823.html
Reported-by: Brian Carpenter (Geeknik Labs)
CVE-2019-3823
---
lib/smtp.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/lib/smtp.c b/lib/smtp.c
index 84fc68e..d55647b 100644
--- a/lib/smtp.c
+++ b/lib/smtp.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -207,8 +207,12 @@ static bool smtp_endofresp(struct connectdata *conn, char *line, size_t len,
Section 4. Examples of RFC-4954 but some e-mail servers ignore this and
only send the response code instead as per Section 4.2. */
if(line[3] == ' ' || len == 5) {
+ char tmpline[6];
+
result = TRUE;
- *resp = curlx_sltosi(strtol(line, NULL, 10));
+ memset(tmpline, '\0', sizeof(tmpline));
+ memcpy(tmpline, line, (len == 5 ? 5 : 3));
+ *resp = curlx_sltosi(strtol(tmpline, NULL, 10));
/* Make sure real server never sends internal value */
if(*resp == 1)
--
1.8.3.1

25
CVE-2019-5436.patch
View File

@ -1,25 +0,0 @@
From 5c89b6583079cd4cccbdf59929fa14515397430a Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 3 May 2019 22:20:37 +0200
Subject: [PATCH] tftp: use the current blksize for recvfrom()
bug: CVE-2019-XXXXX
Reported-by: l00p3r
---
lib/tftp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: curl-7.64.0/lib/tftp.c
===================================================================
--- curl-7.64.0.orig/lib/tftp.c 2019-05-16 08:35:01.353786616 -0400
+++ curl-7.64.0/lib/tftp.c 2019-05-16 08:35:01.353786616 -0400
@@ -1005,7 +1005,7 @@ static CURLcode tftp_connect(struct conn
state->sockfd = state->conn->sock[FIRSTSOCKET];
state->state = TFTP_STATE_START;
state->error = TFTP_ERR_NONE;
- state->blksize = TFTP_BLKSIZE_DEFAULT;
+ state->blksize = blksize;
state->requested_blksize = blksize;
((struct sockaddr *)&state->local_addr)->sa_family =

40
CVE-2019-5481.patch
View File

@ -1,40 +0,0 @@
From 9069838b30fb3b48af0123e39f664cea683254a5 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 3 Sep 2019 22:59:32 +0200
Subject: [PATCH] security:read_data fix bad realloc()
... that could end up a double-free
CVE-2019-5481
Bug: https://curl.haxx.se/docs/CVE-2019-5481.html
---
lib/security.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/lib/security.c b/lib/security.c
index 550ea2da8d..c5e4e135df 100644
--- a/lib/security.c
+++ b/lib/security.c
@@ -191,7 +191,6 @@ static CURLcode read_data(struct connectdata *conn,
struct krb5buffer *buf)
{
int len;
- void *tmp = NULL;
CURLcode result;
result = socket_read(fd, &len, sizeof(len));
@@ -201,12 +200,11 @@ static CURLcode read_data(struct connectdata *conn,
if(len) {
/* only realloc if there was a length */
len = ntohl(len);
- tmp = Curl_saferealloc(buf->data, len);
+ buf->data = Curl_saferealloc(buf->data, len);
}
- if(tmp == NULL)
+ if(!len || !buf->data)
return CURLE_OUT_OF_MEMORY;
- buf->data = tmp;
result = socket_read(fd, buf->data, len);
if(result)
return result;

59
CVE-2019-5482.patch
View File

@ -1,59 +0,0 @@
From facb0e4662415b5f28163e853dc6742ac5fafb3d Mon Sep 17 00:00:00 2001
From: Thomas Vegas <>
Date: Sat, 31 Aug 2019 17:30:51 +0200
Subject: [PATCH] tftp: Alloc maximum blksize, and use default unless OACK is
received
Fixes potential buffer overflow from 'recvfrom()', should the server
return an OACK without blksize.
Bug: https://curl.haxx.se/docs/CVE-2019-5482.html
CVE-2019-5482
---
lib/tftp.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/lib/tftp.c b/lib/tftp.c
index a7176cec80..346f293dc5 100644
--- a/lib/tftp.c
+++ b/lib/tftp.c
@@ -985,6 +985,7 @@ static CURLcode tftp_connect(struct connectdata *conn, bool *done)
{
tftp_state_data_t *state;
int blksize;
+ int need_blksize;
blksize = TFTP_BLKSIZE_DEFAULT;
@@ -999,15 +1000,20 @@ static CURLcode tftp_connect(struct connectdata *conn, bool *done)
return CURLE_TFTP_ILLEGAL;
}
+ need_blksize = blksize;
+ /* default size is the fallback when no OACK is received */
+ if(need_blksize < TFTP_BLKSIZE_DEFAULT)
+ need_blksize = TFTP_BLKSIZE_DEFAULT;
+
if(!state->rpacket.data) {
- state->rpacket.data = calloc(1, blksize + 2 + 2);
+ state->rpacket.data = calloc(1, need_blksize + 2 + 2);
if(!state->rpacket.data)
return CURLE_OUT_OF_MEMORY;
}
if(!state->spacket.data) {
- state->spacket.data = calloc(1, blksize + 2 + 2);
+ state->spacket.data = calloc(1, need_blksize + 2 + 2);
if(!state->spacket.data)
return CURLE_OUT_OF_MEMORY;
@@ -1021,7 +1027,7 @@ static CURLcode tftp_connect(struct connectdata *conn, bool *done)
state->sockfd = state->conn->sock[FIRSTSOCKET];
state->state = TFTP_STATE_START;
state->error = TFTP_ERR_NONE;
- state->blksize = blksize;
+ state->blksize = TFTP_BLKSIZE_DEFAULT; /* Unless updated by OACK response */
state->requested_blksize = blksize;
((struct sockaddr *)&state->local_addr)->sa_family =

25
Curl_dedotdotify-always-nul-terminate-returned-strin.patch
View File

@ -1,25 +0,0 @@
From c558db3c39db1817f78ac1bd81ec03a99447d423 Mon Sep 17 00:00:00 2001
From: kangenbo <kangenbo@huawei.com>
Date: Mon, 18 Mar 2019 12:47:43 -0400
Subject: [PATCH] 0095
---
lib/dotdot.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lib/dotdot.c b/lib/dotdot.c
index cbb308d..2c6177a 100644
--- a/lib/dotdot.c
+++ b/lib/dotdot.c
@@ -62,6 +62,8 @@ char *Curl_dedotdotify(const char *input)
if(!out)
return NULL; /* out of memory */
+ *out = 0; /* zero terminates, for inputs like "./" */
+
/* get a cloned copy of the input */
clone = strdup(input);
if(!clone) {
--
1.8.3.1

44
Curl_http2_done-fix-memleak-in-error-path.patch
View File

@ -1,44 +0,0 @@
From d26605818339acb190572a5c4291945160063ff0 Mon Sep 17 00:00:00 2001
From: kangenbo <kangenbo@huawei.com>
Date: Mon, 18 Mar 2019 13:41:26 -0400
Subject: [PATCH] 0101
---
lib/http2.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/lib/http2.c b/lib/http2.c
index dfc780e..eb395f9 100644
--- a/lib/http2.c
+++ b/lib/http2.c
@@ -1085,12 +1085,8 @@ void Curl_http2_done(struct connectdata *conn, bool premature)
struct HTTP *http = data->req.protop;
struct http_conn *httpc = &conn->proto.httpc;
- if(!httpc->h2) /* not HTTP/2 ? */
- return;
-
- if(data->state.drain)
- drained_transfer(data, httpc);
-
+ /* there might be allocated resources done before this got the 'h2' pointer
+ setup */
if(http->header_recvbuf) {
Curl_add_buffer_free(http->header_recvbuf);
http->header_recvbuf = NULL; /* clear the pointer */
@@ -1106,6 +1102,12 @@ void Curl_http2_done(struct connectdata *conn, bool premature)
}
}
+ if(!httpc->h2) /* not HTTP/2 ? */
+ return;
+
+ if(data->state.drain)
+ drained_transfer(data, httpc);
+
if(premature) {
/* RST_STREAM */
if(!nghttp2_submit_rst_stream(httpc->h2, NGHTTP2_FLAG_NONE,
--
1.8.3.1

36
Curl_retry_request-fix-memory-leak.patch
View File

@ -1,36 +0,0 @@
From ef695fc30144c8b92700c0161cdafd141c70ae60 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 24 Sep 2018 14:05:24 +0200
Subject: [PATCH 098/557] Curl_retry_request: fix memory leak
Detected by OSS-Fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10648
Closes #3042
---
lib/transfer.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/lib/transfer.c b/lib/transfer.c
index 6a80bf3..efd9292 100644
--- a/lib/transfer.c
+++ b/lib/transfer.c
@@ -1705,8 +1705,13 @@ CURLcode Curl_retry_request(struct connectdata *conn,
if(conn->handler->protocol&PROTO_FAMILY_HTTP) {
struct HTTP *http = data->req.protop;
- if(http->writebytecount)
- return Curl_readrewind(conn);
+ if(http->writebytecount) {
+ CURLcode result = Curl_readrewind(conn);
+ if(result) {
+ Curl_safefree(*url);
+ return result;
+ }
+ }
}
}
return CURLE_OK;
--
1.8.3.1

26
Curl_saferealloc-Fixed-typo-in-docblock.patch
View File

@ -1,26 +0,0 @@
From 39c9140cceaffd98c683e1f426cc451909703554 Mon Sep 17 00:00:00 2001
From: Erik Minekus <tsunami@tsunami-productions.nl>
Date: Fri, 21 Sep 2018 14:20:18 +0200
Subject: [PATCH 081/557] Curl_saferealloc: Fixed typo in docblock
Closes #3029
---
lib/strdup.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/strdup.c b/lib/strdup.c
index 19cb044..51e7978 100644
--- a/lib/strdup.c
+++ b/lib/strdup.c
@@ -81,7 +81,7 @@ void *Curl_memdup(const void *src, size_t length)
* Curl_saferealloc(ptr, size)
*
* Does a normal realloc(), but will free the data pointer if the realloc
- * fails. If 'size' is zero, it will free the data and return a failure.
+ * fails. If 'size' is non-zero, it will free the data and return a failure.
*
* This convenience function is provided and used to help us avoid a common
* mistake pattern when we could pass in a zero, catch the NULL return and end
--
1.8.3.1

50
OS400-handle-memory-error-in-list-conversion.patch
View File

@ -1,50 +0,0 @@
From a58b27740fd78fee88b35104fa71b7019280ccff Mon Sep 17 00:00:00 2001
From: Daniel Gustafsson <daniel@yesql.se>
Date: Thu, 13 Dec 2018 10:15:00 +0100
Subject: [PATCH 363/557] OS400: handle memory error in list conversion
Curl_slist_append_nodup() returns NULL when it fails to create a new
item for the specified list, and since the coding here reassigned the
new list on top of the old list it would result in a dangling pointer
and lost memory. Also, in case we hit an allocation failure at some
point during the conversion, with allocation succeeding again on the
subsequent call(s) we will return a truncated list around the malloc
failure point. Fix by assigning to a temporary list pointer, which can
be checked (which is the common pattern for slist appending), and free
all the resources on allocation failure.
Closes #3372
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
---
packages/OS400/ccsidcurl.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/packages/OS400/ccsidcurl.c b/packages/OS400/ccsidcurl.c
index b1d3ba8..ca711d0 100644
--- a/packages/OS400/ccsidcurl.c
+++ b/packages/OS400/ccsidcurl.c
@@ -219,13 +219,20 @@ slist_convert(int dccsid, struct curl_slist * from, int sccsid)
struct curl_slist * to = (struct curl_slist *) NULL;
for(; from; from = from->next) {
+ struct curl_slist *nl;
char * cp = dynconvert(dccsid, from->data, -1, sccsid);
if(!cp) {
curl_slist_free_all(to);
return (struct curl_slist *) NULL;
}
- to = Curl_slist_append_nodup(to, cp);
+ nl = Curl_slist_append_nodup(to, cp);
+ if(!nl) {
+ curl_slist_free_all(to);
+ free(cp);
+ return NULL;
+ }
+ to = nl;
}
return to;
}
--
1.8.3.1

61
configure-include-all-libraries-in-ssl-libs-fetch.patch
View File

@ -1,61 +0,0 @@
From 0fac7a10fd08281f659df82a9d1c779bf61d7401 Mon Sep 17 00:00:00 2001
From: James Knight <james.d.knight@live.com>
Date: Tue, 30 Oct 2018 03:17:44 -0400
Subject: [PATCH 318/557] configure: include all libraries in ssl-libs fetch
When compiling a collection of SSL libraries to link against (SSL_LIBS),
ensure all libraries are included. The call `--libs-only-l` can produce
only a subset of found in a `--libs` call (e.x. pthread may be excluded).
Adding `--libs-only-other` ensures other libraries are also included in
the list. This corrects select build environments compiling against a
static version of OpenSSL. Before the change, the following could be
observed:
checking for openssl options with pkg-config... found
configure: pkg-config: SSL_LIBS: "-lssl -lz -ldl -lcrypto -lz -ldl "
configure: pkg-config: SSL_LDFLAGS: "-L/home/jdknight/<workdir>/staging/usr/lib -L/home/jdknight/<workdir>/staging/usr/lib "
configure: pkg-config: SSL_CPPFLAGS: "-I/home/jdknight/<workdir>/staging/usr/include "
checking for HMAC_Update in -lcrypto... no
checking for HMAC_Init_ex in -lcrypto... no
checking OpenSSL linking with -ldl... no
checking OpenSSL linking with -ldl and -lpthread... no
configure: WARNING: SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more.
configure: WARNING: Use --with-ssl, --with-gnutls, --with-polarssl, --with-cyassl, --with-nss, --with-axtls, --with-winssl, or --with-darwinssl to address this.
...
SSL support: no (--with-{ssl,gnutls,nss,polarssl,mbedtls,cyassl,axtls,winssl,darwinssl} )
...
And include the other libraries when compiling SSL_LIBS succeeds with:
checking for openssl options with pkg-config... found
configure: pkg-config: SSL_LIBS: "-lssl -lz -ldl -pthread -lcrypto -lz -ldl -pthread "
configure: pkg-config: SSL_LDFLAGS: "-L/home/jdknight/<workdir>/staging/usr/lib -L/home/jdknight/<workdir>/staging/usr/lib "
configure: pkg-config: SSL_CPPFLAGS: "-I/home/jdknight/<workdir>/staging/usr/include "
checking for HMAC_Update in -lcrypto... yes
checking for SSL_connect in -lssl... yes
...
SSL support: enabled (OpenSSL)
...
Signed-off-by: James Knight <james.d.knight@live.com>
Closes #3193
---
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index 80f8ae1..b0bd9a3 100755
--- a/configure.ac
+++ b/configure.ac
@@ -1623,7 +1623,7 @@ if test -z "$ssl_backends" -o "x$OPT_SSL" != xno &&
if test "$PKGCONFIG" != "no" ; then
SSL_LIBS=`CURL_EXPORT_PCDIR([$OPENSSL_PCDIR]) dnl
- $PKGCONFIG --libs-only-l openssl 2>/dev/null`
+ $PKGCONFIG --libs-only-l --libs-only-other openssl 2>/dev/null`
SSL_LDFLAGS=`CURL_EXPORT_PCDIR([$OPENSSL_PCDIR]) dnl
$PKGCONFIG --libs-only-L openssl 2>/dev/null`
--
1.8.3.1

BIN
curl-7.61.1.tar.xz
View File

Binary file not shown.

BIN
curl-7.66.0.tar.xz Normal file
View File

Binary file not shown.

30
curl-fix-memory-leak-reading-writeout-from-file.patch
View File

@ -1,30 +0,0 @@
From 650281ed5ba335d16a932ccba53665551197880f Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 30 Nov 2018 11:59:04 +0100
Subject: [PATCH 324/557] curl: fix memory leak reading --writeout from file
If another string had been set first, the writout function for reading
the syntax from file would leak the previously allocated memory.
Reported-by: Brian Carpenter
Fixes #3322
Closes #3330
---
src/tool_getparam.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/tool_getparam.c b/src/tool_getparam.c
index cd21f77..c0d3a84 100644
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@@ -2066,6 +2066,7 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
fname = nextarg;
file = fopen(nextarg, FOPEN_READTEXT);
}
+ Curl_safefree(config->writeout);
err = file2string(&config->writeout, file);
if(file && (file != stdin))
fclose(file);
--
1.8.3.1

164
curl.spec
View File

@ -4,93 +4,40 @@
%global openssl_version %(pkg-config --modversion openssl 2>/dev/null || echo 0) %global openssl_version %(pkg-config --modversion openssl 2>/dev/null || echo 0)
%global _configure ../configure %global _configure ../configure
#Basic Information
Name: curl Name: curl
Version: 7.61.1 Version: 7.66.0
Release: 4 Release: 1
Summary: curl is used in command lines or scripts to transfer data Summary: Curl is used in command lines or scripts to transfer data
License: MIT License: MIT
URL: https://curl.haxx.se/ URL: https://curl.haxx.se/
Source: https://curl.haxx.se/download/curl-%{version}.tar.xz Source: https://curl.haxx.se/download/curl-%{version}.tar.xz
Patch1: 0001-curl-7.61.1-test320-gnutls.patch Patch1: 0001-curl-7.66.0-metalink-memleak.patch
Patch101: 0101-curl-7.32.0-multilib.patch Patch101: 0101-curl-7.32.0-multilib.patch
Patch102: 0102-curl-7.36.0-debug.patch Patch102: 0102-curl-7.36.0-debug.patch
Patch103: 0103-curl-7.59.0-python3.patch Patch103: 0103-curl-7.59.0-python3.patch
Patch104: 0104-curl-7.19.7-localhost6.patch Patch104: 0104-curl-7.19.7-localhost6.patch
Patch105: 0105-curl-7.63.0-lib1560-valgrind.patch
Patch6000: fix-leak-when-writing-cookies-to-file.patch BuildRequires: automake brotli-devel coreutils gcc groff krb5-devel
Patch6001: fix-gcc8-warning.patch BuildRequires: libidn2-devel libmetalink-devel libnghttp2-devel libpsl-devel
Patch6002: fix-gcc8-warning-on-Windows.patch BuildRequires: libssh-devel make openldap-devel openssh-clients openssh-server
Patch6003: fix-compiler-warning-on-64-bit-Windows.patch BuildRequires: openssl-devel perl-interpreter pkgconfig python3-devel sed
Patch6004: urlglob-improve-error-message.patch BuildRequires: stunnel zlib-devel gnutls-utils nghttp2 perl(IO::Compress::Gzip)
Patch6005: krb5-fix-memory-leak-in-krb_auth.patch BuildRequires: perl(Getopt::Long) perl(Pod::Usage) perl(strict) perl(warnings)
Patch6006: secure-Openwall-URLs.patch BuildRequires: perl(Cwd) perl(Digest::MD5) perl(Exporter) perl(File::Basename)
Patch6007: http2-fix-memory-leaks-on-error-path.patch BuildRequires: perl(File::Copy) perl(File::Spec) perl(IPC::Open2) perl(MIME::Base64)
Patch6008: memory-add-missing-curl_printf-header.patch BuildRequires: perl(Time::Local) perl(Time::HiRes) perl(vars)
Patch6009: examples-Fix-memory-leaks-from-realloc-errors.patch
Patch6010: darwinssl-Fix-realloc-memleak.patch
Patch6011: nss-try-to-connect-even-if-libnssckbi.so-fails-to-lo.patch
Patch6012: Curl_saferealloc-Fixed-typo-in-docblock.patch
Patch6013: Curl_dedotdotify-always-nul-terminate-returned-strin.patch
Patch6014: Curl_retry_request-fix-memory-leak.patch
Patch6015: http-fix-memleak-in-rewind-error-path.patch
Patch6016: Curl_http2_done-fix-memleak-in-error-path.patch
Patch6017: multi-fix-location-URL-memleak-in-error-path.patch
Patch6018: multi-fix-memory-leak-in-content-encoding-related-er.patch
Patch6019: memory-ensure-to-check-allocation-results.patch
Patch6020: hostip-fix-check-on-Curl_shuffle_addr-return-value.patch
Patch6021: nonblock-fix-unused-parameter-warning.patch
Patch6022: tool_cb_hdr-handle-failure-of-rename.patch
Patch6023: multi-avoid-double-free.patch
Patch6024: netrc-free-temporary-strings-if-memory-allocation-fa.patch
Patch6025: ssh-free-the-session-on-init-failures.patch
Patch6026: multi-Fix-error-handling-in-the-SENDPROTOCONNECT-sta.patch
Patch6027: CVE-2018-16840-Curl_close-clear-data-multi_easy-on-free-to-avoid-us.patch
Patch6028: CVE-2018-16839-Curl_auth_create_plain_message-fix-too-large-input-c.patch
Patch6029: CVE-2018-16842-voutf-fix-bad-arethmetic-when-outputting-warnings-to.patch
Patch6030: curl_multibyte-fix-a-malloc-overcalculation.patch
Patch6031: curl_easy_perform-fix-timeout-handling.patch
Patch6032: configure-include-all-libraries-in-ssl-libs-fetch.patch
Patch6033: curl-fix-memory-leak-reading-writeout-from-file.patch
Patch6034: OS400-handle-memory-error-in-list-conversion.patch
Patch6035: smb-fix-incorrect-path-in-request-if-connection-reus.patch
Patch6036: wolfssl-Perform-cleanup.patch
Patch6037: libssh-free-sftp_canonicalize_path-data-correctly.patch
Patch6038: openvms-fix-OpenSSL-discovery-on-VAX.patch
Patch6039: timediff-fix-math-for-unsigned-time_t.patch
Patch6040: tool_cb_prg-avoid-integer-overflow.patch
Patch6041: openssl-fix-the-SSL_get_tlsext_status_ocsp_resp-call.patch
Patch6042: ssh-log-the-libssh2-error-message-when-ssh-session-s.patch
Patch6043: schannel-on-connection-close-there-might-not-be-a-tr.patch
Patch6044: CVE-2018-16890-NTLM-fix-size-check-condition-for-type2-received-dat.patch
Patch6045: CVE-2019-3822-ntlm-fix-_type3_message-size-check-to-avoid-buffer-o.patch
Patch6046: CVE-2019-3823-smtp-avoid-risk-of-buffer-overflow-in-strtol.patch
Patch6047: zsh.pl-escape-character.patch
Patch6048: examples-postinmemory-Potential-leak-of-memory-point.patch
Patch6049: mbedtls-release-sessionid-resources-on-error.patch
Patch6050: CVE-2019-5436.patch
Patch6051: CVE-2019-5481.patch
Patch6052: CVE-2019-5482.patch
Patch9000: 0001-fix-double-free-when-multi-perform.patch
Provides: curl-full = %{version}-%{release} libcurl-full = %{version}-%{release}
Provides: webclient libcurl = %{version}-%{release}
Obsoletes: libcurl
BuildRequires: automake brotli-devel coreutils gcc groff krb5-devel libidn2-devel libmetalink-devel
BuildRequires: libnghttp2-devel libpsl-devel libssh-devel make openldap-devel openssh-clients
BuildRequires: openssh-server openssl-devel pkgconfig python3-devel sed stunnel zlib-devel
BuildRequires: gnutls-utils nghttp2 perl(Cwd) perl(Digest::MD5) perl(Exporter) perl(File::Basename)
BuildRequires: perl(File::Copy) perl(File::Spec) perl(IPC::Open2) perl(MIME::Base64) perl(strict)
BuildRequires: perl(Time::Local) perl(Time::HiRes) perl(warnings) perl(vars)
%ifarch x86_64 %ifarch x86_64
BuildRequires: valgrind BuildRequires: valgrind
%endif %endif
Requires: libpsl >= %{libpsl_version} Requires: libpsl >= %{libpsl_version} libssh >= %{libssh_version}
Requires: libssh >= %{libssh_version} openssl-libs >= 1:%{openssl_version} Requires: openssl-libs >= 1:%{openssl_version}
Provides: curl-full = %{version}-%{release} libcurl-full = %{version}-%{release}
Provides: webclient libcurl = %{version}-%{release}
Obsoletes: libcurl < %{version}-%{release}
%description %description
cURL is a computer software project providing a library (libcurl) and cURL is a computer software project providing a library (libcurl) and
@ -101,12 +48,12 @@ Summary: Files needed for building applications with libcurl
Requires: curl = %{version}-%{release} Requires: curl = %{version}-%{release}
Provides: curl-devel = %{version}-%{release} Provides: curl-devel = %{version}-%{release}
Provides: libcurl-devel = %{version}-%{release} Provides: libcurl-devel = %{version}-%{release}
Obsoletes: curl-devel < %{version}-%{release} libcurl-devel Obsoletes: curl-devel < %{version}-%{release}
Obsoletes: libcurl-devel < %{version}-%{release}
%description devel %description devel
The curl-devel package includes header files and libraries necessary for developing programs. The curl-devel package includes header files and libraries necessary for developing programs.
%package help %package help
Summary: Documents for autogen Summary: Documents for autogen
Buildarch: noarch Buildarch: noarch
@ -130,7 +77,7 @@ printf "1112\n1455\n1801\n1900\n" >> tests/data/DISABLED
sed -e 's/^35$/35,52/' -i tests/data/test323 sed -e 's/^35$/35,52/' -i tests/data/test323
%build %build
install -d build-{full,minimal} install -d build-full
export common_configure_opts=" \ export common_configure_opts=" \
--cache-file=../config.cache \ --cache-file=../config.cache \
--disable-static \ --disable-static \
@ -141,20 +88,6 @@ export common_configure_opts=" \
--with-nghttp2 \ --with-nghttp2 \
--with-ssl --with-ca-bundle=%{_sysconfdir}/pki/tls/certs/ca-bundle.crt" --with-ssl --with-ca-bundle=%{_sysconfdir}/pki/tls/certs/ca-bundle.crt"
# configure minimal build
(
cd build-minimal
%configure $common_configure_opts \
--disable-ldap \
--disable-ldaps \
--disable-manual \
--without-brotli \
--without-libidn2 \
--without-libmetalink \
--without-libpsl \
--without-libssh
)
# configure full build # configure full build
( (
cd build-full cd build-full
@ -171,20 +104,12 @@ export common_configure_opts=" \
sed -e 's/^runpath_var=.*/runpath_var=/' \ sed -e 's/^runpath_var=.*/runpath_var=/' \
-e 's/^hardcode_libdir_flag_spec=".*"$/hardcode_libdir_flag_spec=""/' \ -e 's/^hardcode_libdir_flag_spec=".*"$/hardcode_libdir_flag_spec=""/' \
-i build-{full,minimal}/libtool -i build-full/libtool
%make_build V=1 -C build-minimal
%make_build V=1 -C build-full %make_build V=1 -C build-full
%check
%install %install
# curl-minimal files install rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.{la,so}
%make_install -C build-minimal
for i in ${RPM_BUILD_ROOT}%{_libdir}/*; do
mv -v $i $i.minimal
done
mv -v ${RPM_BUILD_ROOT}%{_bindir}/curl{,.minimal}
# install libcurl.m4 for devel # install libcurl.m4 for devel
install -D -m 644 docs/libcurl/libcurl.m4 $RPM_BUILD_ROOT%{_datadir}/aclocal/libcurl.m4 install -D -m 644 docs/libcurl/libcurl.m4 $RPM_BUILD_ROOT%{_datadir}/aclocal/libcurl.m4
@ -196,37 +121,24 @@ cd build-full
# install zsh completion for curl # install zsh completion for curl
LD_LIBRARY_PATH="$RPM_BUILD_ROOT%{_libdir}:$LD_LIBRARY_PATH" %make_install -C scripts LD_LIBRARY_PATH="$RPM_BUILD_ROOT%{_libdir}:$LD_LIBRARY_PATH" %make_install -C scripts
%pre # do not install /usr/share/fish/completions/curl.fish which is also installed
# by fish-3.0.2-1.module_f31+3716+57207597 and would trigger a conflict
rm -rf ${RPM_BUILD_ROOT}%{_datadir}/fish
%preun rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
%post
/sbin/ldconfig
%postun
/sbin/ldconfig
%ldconfig_scriptlets
%files %files
%defattr(-,root,root) %defattr(-,root,root)
%license COPYING %license COPYING
%{_bindir}/curl %{_bindir}/curl
%{_datadir}/zsh/site-functions %{_datadir}/zsh
%{_libdir}/libcurl.so.4 %{_libdir}/libcurl.so.4
%{_libdir}/libcurl.so.4.[0-9].[0-9] %{_libdir}/libcurl.so.4.[0-9].[0-9]
%exclude %{_libdir}/libcurl.la
%exclude %{_bindir}/curl.minimal
%exclude %{_libdir}/libcurl.so.4.minimal
%exclude %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
%exclude %{_libdir}/pkgconfig.minimal
%exclude %{_libdir}/libcurl.la.minimal
%exclude %{_libdir}/libcurl.so.minimal
%files devel %files devel
%defattr(-,root,root)
%doc docs/examples/*.c docs/examples/Makefile.example docs/INTERNALS.md %doc docs/examples/*.c docs/examples/Makefile.example docs/INTERNALS.md
%doc docs/CONTRIBUTE.md docs/libcurl/ABI %doc docs/CONTRIBUTE.md docs/libcurl/ABI
%{_bindir}/curl-config* %{_bindir}/curl-config*
@ -236,16 +148,18 @@ LD_LIBRARY_PATH="$RPM_BUILD_ROOT%{_libdir}:$LD_LIBRARY_PATH" %make_install -C sc
%{_datadir}/aclocal/libcurl.m4 %{_datadir}/aclocal/libcurl.m4
%files help %files help
%defattr(-,root,root)
%doc CHANGES README*
%doc docs/BUGS docs/FAQ docs/FEATURES docs/RESOURCES
%doc docs/TheArtOfHttpScripting docs/TODO
%{_mandir}/man1/curl.1* %{_mandir}/man1/curl.1*
%{_mandir}/man1/curl-config.1* %{_mandir}/man1/curl-config.1*
%{_mandir}/man3/* %{_mandir}/man3/*
%doc CHANGES README*
%doc docs/BUGS docs/FAQ docs/FEATURES
%doc docs/MANUAL docs/RESOURCES
%doc docs/TheArtOfHttpScripting docs/TODO
%changelog %changelog
* Sat Jan 11 2020 openEuler Buildteam <buildteam@openeuler.org> - 7.66.0-1
- update to 7.66.0
* Sat Dec 21 2019 openEuler Buildteam <buildteam@openeuler.org> - 7.61.1-4 * Sat Dec 21 2019 openEuler Buildteam <buildteam@openeuler.org> - 7.61.1-4
- Type:cves - Type:cves
- ID:CVE-2019-5481 CVE-2019-5482 - ID:CVE-2019-5481 CVE-2019-5482

120
curl_easy_perform-fix-timeout-handling.patch
View File

@ -1,120 +0,0 @@
From 34fe0e1622fd87f2945e734787bc29e314d253cc Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Sat, 24 Nov 2018 23:20:19 +0100
Subject: [PATCH 314/557] curl_easy_perform: fix timeout handling
curl_multi_wait() was erroneously used from within
curl_easy_perform(). It could lead to it believing there was no socket
to wait for and then instead sleep for a while instead of monitoring the
socket and then miss acting on that activity as swiftly as it should
(causing an up to 1000 ms delay).
Reported-by: Antoni Villalonga
Fixes #3305
Closes #3306
Closes #3308
---
lib/easy.c | 7 ++++---
lib/multi.c | 20 ++++++++++++++++++--
lib/multiif.h | 8 ++++++++
3 files changed, 30 insertions(+), 5 deletions(-)
diff --git a/lib/easy.c b/lib/easy.c
index d940b5d..e592d7a 100644
--- a/lib/easy.c
+++ b/lib/easy.c
@@ -664,12 +664,12 @@ static CURLcode easy_transfer(struct Curl_multi *multi)
while(!done && !mcode) {
int still_running = 0;
- int rc;
+ bool gotsocket = FALSE;
- mcode = curl_multi_wait(multi, NULL, 0, 1000, &rc);
+ mcode = Curl_multi_wait(multi, NULL, 0, 1000, NULL, &gotsocket);
if(!mcode) {
- if(!rc) {
+ if(!gotsocket) {
long sleep_ms;
/* If it returns without any filedescriptor instantly, we need to
@@ -688,6 +688,7 @@ static CURLcode easy_transfer(struct Curl_multi *multi)
/* only read 'still_running' if curl_multi_perform() return OK */
if(!mcode && !still_running) {
+ int rc;
CURLMsg *msg = curl_multi_info_read(multi, &rc);
if(msg) {
result = msg->data.result;
diff --git a/lib/multi.c b/lib/multi.c
index c2ef6c1..cca1380 100644
--- a/lib/multi.c
+++ b/lib/multi.c
@@ -985,11 +985,12 @@ CURLMcode curl_multi_fdset(struct Curl_multi *multi,
#define NUM_POLLS_ON_STACK 10
-CURLMcode curl_multi_wait(struct Curl_multi *multi,
+CURLMcode Curl_multi_wait(struct Curl_multi *multi,
struct curl_waitfd extra_fds[],
unsigned int extra_nfds,
int timeout_ms,
- int *ret)
+ int *ret,
+ bool *gotsocket) /* if any socket was checked */
{
struct Curl_easy *data;
curl_socket_t sockbunch[MAX_SOCKSPEREASYHANDLE];
@@ -1003,6 +1004,9 @@ CURLMcode curl_multi_wait(struct Curl_multi *multi,
int retcode = 0;
struct pollfd a_few_on_stack[NUM_POLLS_ON_STACK];
+ if(gotsocket)
+ *gotsocket = FALSE;
+
if(!GOOD_MULTI_HANDLE(multi))
return CURLM_BAD_HANDLE;
@@ -1135,9 +1139,21 @@ CURLMcode curl_multi_wait(struct Curl_multi *multi,
free(ufds);
if(ret)
*ret = retcode;
+ if(gotsocket && (extra_fds || curlfds))
+ /* if any socket was checked */
+ *gotsocket = TRUE;
+
return CURLM_OK;
}
+CURLMcode curl_multi_wait(struct Curl_multi *multi,
+ struct curl_waitfd extra_fds[],
+ unsigned int extra_nfds,
+ int timeout_ms,
+ int *ret)
+{
+ return Curl_multi_wait(multi, extra_fds, extra_nfds, timeout_ms, ret, NULL);
+}
/*
* Curl_multi_connchanged() is called to tell that there is a connection in
* this multi handle that has changed state (pipelining become possible, the
diff --git a/lib/multiif.h b/lib/multiif.h
index c50063d..e44646b 100644
--- a/lib/multiif.h
+++ b/lib/multiif.h
@@ -97,4 +97,12 @@ void Curl_multi_closed(struct Curl_easy *data, curl_socket_t s);
CURLMcode Curl_multi_add_perform(struct Curl_multi *multi,
struct Curl_easy *data,
struct connectdata *conn);
+
+CURLMcode Curl_multi_wait(struct Curl_multi *multi,
+ struct curl_waitfd extra_fds[],
+ unsigned int extra_nfds,
+ int timeout_ms,
+ int *ret,
+ bool *gotsocket); /* if any socket was checked */
+
#endif /* HEADER_CURL_MULTIIF_H */
--
1.8.3.1

41
curl_multibyte-fix-a-malloc-overcalculation.patch
View File

@ -1,41 +0,0 @@
From 28429fb1753d63a659f38577b39e0b5747f28939 Mon Sep 17 00:00:00 2001
From: Jay Satiro <raysatiro@yahoo.com>
Date: Thu, 1 Nov 2018 02:53:22 -0400
Subject: [PATCH 261/557] curl_multibyte: fix a malloc overcalculation
Prior to this change twice as many bytes as necessary were malloc'd when
converting wchar to UTF8. To allay confusion in the future I also
changed the variable name for the amount of bytes from len to bytes.
Closes https://github.com/curl/curl/pull/3209
---
lib/curl_multibyte.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/lib/curl_multibyte.c b/lib/curl_multibyte.c
index e78bb50..e48334f 100644
--- a/lib/curl_multibyte.c
+++ b/lib/curl_multibyte.c
@@ -64,13 +64,13 @@ char *Curl_convert_wchar_to_UTF8(const wchar_t *str_w)
char *str_utf8 = NULL;
if(str_w) {
- int str_utf8_len = WideCharToMultiByte(CP_UTF8, 0, str_w, -1, NULL,
- 0, NULL, NULL);
- if(str_utf8_len > 0) {
- str_utf8 = malloc(str_utf8_len * sizeof(wchar_t));
+ int bytes = WideCharToMultiByte(CP_UTF8, 0, str_w, -1,
+ NULL, 0, NULL, NULL);
+ if(bytes > 0) {
+ str_utf8 = malloc(bytes);
if(str_utf8) {
- if(WideCharToMultiByte(CP_UTF8, 0, str_w, -1, str_utf8, str_utf8_len,
- NULL, FALSE) == 0) {
+ if(WideCharToMultiByte(CP_UTF8, 0, str_w, -1, str_utf8, bytes,
+ NULL, NULL) == 0) {
free(str_utf8);
return NULL;
}
--
1.8.3.1

37
darwinssl-Fix-realloc-memleak.patch
View File

@ -1,37 +0,0 @@
From a544df0b095d295e246f7aa5dcc613b80708d203 Mon Sep 17 00:00:00 2001
From: kangenbo <kangenbo@huawei.com>
Date: Fri, 8 Mar 2019 12:29:54 -0500
Subject: [PATCH] darwinssl: Fix realloc memleak
The reallocation was using the input pointer for the return value, which
leads to a memory leak on reallication failure. Fix by instead use the
safe internal API call Curl_saferealloc().
---
lib/vtls/darwinssl.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lib/vtls/darwinssl.c b/lib/vtls/darwinssl.c
index 1aea0dc..e963f27 100644
--- a/lib/vtls/darwinssl.c
+++ b/lib/vtls/darwinssl.c
@@ -116,6 +116,7 @@
#include "vtls.h"
#include "darwinssl.h"
#include "curl_printf.h"
+#include "strdup.h"
#include "curl_memory.h"
/* The last #include file should be: */
@@ -2039,7 +2040,7 @@ static int read_cert(const char *file, unsigned char **out, size_t *outlen)
if(len + n >= cap) {
cap *= 2;
- data = realloc(data, cap);
+ data = Curl_saferealloc(data, cap);
if(!data) {
close(fd);
return -1;
--
1.8.3.1

163
examples-Fix-memory-leaks-from-realloc-errors.patch
View File

@ -1,163 +0,0 @@
From 23524bf85b887adbc513bc015c9530355967bc04 Mon Sep 17 00:00:00 2001
From: Kruzya <CrazyHackGUT@users.noreply.github.com>
Date: Sat, 15 Sep 2018 08:55:11 +0300
Subject: [PATCH 065/557] examples: Fix memory leaks from realloc errors
Make sure to not overwrite the reallocated pointer in realloc() calls
to avoid a memleak on memory errors.
---
docs/examples/crawler.c | 8 +++++++-
docs/examples/curlx.c | 12 ++++++++++--
docs/examples/getinmemory.c | 7 ++++---
docs/examples/postinmemory.c | 7 ++++---
docs/examples/xmlstream.c | 7 ++++---
5 files changed, 29 insertions(+), 12 deletions(-)
diff --git a/docs/examples/crawler.c b/docs/examples/crawler.c
index 0aeb865..d8fa5a4 100644
--- a/docs/examples/crawler.c
+++ b/docs/examples/crawler.c
@@ -52,7 +52,13 @@ size_t grow_buffer(void *contents, size_t sz, size_t nmemb, void *ctx)
{
size_t realsize = sz * nmemb;
memory *mem = (memory*) ctx;
- mem->buf = realloc(mem->buf, mem->size + realsize);
+ char *ptr = realloc(mem->buf, mem->size + realsize);
+ if(!ptr) {
+ /* out of memory */
+ printf("not enough memory (realloc returned NULL)\n");
+ return 0;
+ }
+ mem->buf = ptr;
memcpy(&(mem->buf[mem->size]), contents, realsize);
mem->size += realsize;
return realsize;
diff --git a/docs/examples/curlx.c b/docs/examples/curlx.c
index 141f5a8..49f52e6 100644
--- a/docs/examples/curlx.c
+++ b/docs/examples/curlx.c
@@ -515,12 +515,20 @@ int main(int argc, char **argv)
curl_easy_setopt(p.curl, CURLOPT_SSL_CTX_DATA, &p);
{
+ char *ptr;
int lu; int i = 0;
while((lu = BIO_read(in, &binaryptr[i], tabLength-i)) >0) {
i += lu;
if(i == tabLength) {
tabLength += 100;
- binaryptr = realloc(binaryptr, tabLength); /* should be more careful */
+ ptr = realloc(binaryptr, tabLength); /* should be more careful */
+ if(!ptr) {
+ /* out of memory */
+ BIO_printf(p.errorbio, "out of memory (realloc returned NULL)\n");
+ goto fail;
+ }
+ binaryptr = ptr;
+ ptr = NULL;
}
}
tabLength = i;
@@ -551,7 +559,7 @@ int main(int argc, char **argv)
/*** code d'erreur si accept mime ***, egalement code return HTTP != 200 ***/
/* free the header list*/
-
+fail:
curl_slist_free_all(headers);
/* always cleanup */
diff --git a/docs/examples/getinmemory.c b/docs/examples/getinmemory.c
index f5e8942..a21a2aa 100644
--- a/docs/examples/getinmemory.c
+++ b/docs/examples/getinmemory.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -42,13 +42,14 @@ WriteMemoryCallback(void *contents, size_t size, size_t nmemb, void *userp)
size_t realsize = size * nmemb;
struct MemoryStruct *mem = (struct MemoryStruct *)userp;
- mem->memory = realloc(mem->memory, mem->size + realsize + 1);
- if(mem->memory == NULL) {
+ char *ptr = realloc(mem->memory, mem->size + realsize + 1);
+ if(ptr == NULL) {
/* out of memory! */
printf("not enough memory (realloc returned NULL)\n");
return 0;
}
+ mem->memory = ptr;
memcpy(&(mem->memory[mem->size]), contents, realsize);
mem->size += realsize;
mem->memory[mem->size] = 0;
diff --git a/docs/examples/postinmemory.c b/docs/examples/postinmemory.c
index 488d227..176f24a 100644
--- a/docs/examples/postinmemory.c
+++ b/docs/examples/postinmemory.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -39,13 +39,14 @@ WriteMemoryCallback(void *contents, size_t size, size_t nmemb, void *userp)
size_t realsize = size * nmemb;
struct MemoryStruct *mem = (struct MemoryStruct *)userp;
- mem->memory = realloc(mem->memory, mem->size + realsize + 1);
- if(mem->memory == NULL) {
+ char *ptr = realloc(mem->memory, mem->size + realsize + 1);
+ if(!ptr) {
/* out of memory! */
printf("not enough memory (realloc returned NULL)\n");
return 0;
}
+ mem->memory = ptr;
memcpy(&(mem->memory[mem->size]), contents, realsize);
mem->size += realsize;
mem->memory[mem->size] = 0;
diff --git a/docs/examples/xmlstream.c b/docs/examples/xmlstream.c
index 9ee4a2e..296ae3b 100644
--- a/docs/examples/xmlstream.c
+++ b/docs/examples/xmlstream.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -69,14 +69,15 @@ static void characterDataHandler(void *userData, const XML_Char *s, int len)
struct ParserStruct *state = (struct ParserStruct *) userData;
struct MemoryStruct *mem = &state->characters;
- mem->memory = realloc(mem->memory, mem->size + len + 1);
- if(mem->memory == NULL) {
+ char *ptr = realloc(mem->memory, mem->size + len + 1);
+ if(!ptr) {
/* Out of memory. */
fprintf(stderr, "Not enough memory (realloc returned NULL).\n");
state->ok = 0;
return;
}
+ mem->memory = ptr;
memcpy(&(mem->memory[mem->size]), s, len);
mem->size += len;
mem->memory[mem->size] = 0;
--
1.8.3.1

30
examples-postinmemory-Potential-leak-of-memory-point.patch
View File

@ -1,30 +0,0 @@
From 52d98194b539605a4bd5bfeddc367bff283ac28f Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 14 Feb 2019 11:53:02 +0100
Subject: [PATCH 541/557] examples/postinmemory: Potential leak of memory
pointed to by 'chunk.memory'
Detected by scan-build
---
docs/examples/postinmemory.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/docs/examples/postinmemory.c b/docs/examples/postinmemory.c
index 25a1e8e..376f334 100644
--- a/docs/examples/postinmemory.c
+++ b/docs/examples/postinmemory.c
@@ -106,10 +105,9 @@ int main(void)
/* always cleanup */
curl_easy_cleanup(curl);
- free(chunk.memory);
-
/* we're done with libcurl, so clean it up */
curl_global_cleanup();
}
+ free(chunk.memory);
return 0;
}
--
1.8.3.1

52
fix-compiler-warning-on-64-bit-Windows.patch
View File

@ -1,52 +0,0 @@
From 621ce8280ff250b67f44b5be667c637c445cd9f3 Mon Sep 17 00:00:00 2001
From: kangenbo <kangenbo@huawei.com>
Date: Fri, 8 Mar 2019 11:35:06 -0500
Subject: [PATCH] anyauthput: fix compiler warning on 64-bit Windows
On Windows, the read function from <io.h> is used, which has its byte
count parameter as unsigned int instead of size_t.
Closes https://github.com/curl/curl/pull/2972
---
docs/examples/anyauthput.c | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/docs/examples/anyauthput.c b/docs/examples/anyauthput.c
index eb91d99..14da10c 100644
--- a/docs/examples/anyauthput.c
+++ b/docs/examples/anyauthput.c
@@ -26,15 +26,18 @@
*/
#include <stdio.h>
#include <fcntl.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+
+#include <curl/curl.h>
+
#ifdef WIN32
# include <io.h>
+# define READ_3RD_ARG unsigned int
#else
# include <unistd.h>
+# define READ_3RD_ARG size_t
#endif
-#include <sys/types.h>
-#include <sys/stat.h>
-
-#include <curl/curl.h>
#if LIBCURL_VERSION_NUM < 0x070c03
#error "upgrade your libcurl to no less than 7.12.3"
@@ -83,7 +86,7 @@ static size_t read_callback(void *ptr, size_t size, size_t nmemb, void *stream)
int *fdp = (int *)stream;
int fd = *fdp;
- retcode = read(fd, ptr, size * nmemb);
+ retcode = read(fd, ptr, (READ_3RD_ARG)(size * nmemb));
nread = (curl_off_t)retcode;
--
1.8.3.1

29
fix-gcc8-warning-on-Windows.patch
View File

@ -1,29 +0,0 @@
From f7734f39b857f56abbd849e06e91fe2b46ed04c3 Mon Sep 17 00:00:00 2001
From: kangenbo <kangenbo@huawei.com>
Date: Fri, 8 Mar 2019 11:28:21 -0500
Subject: [PATCH] lib: fix gcc8 warning on Windows
Closes https://github.com/curl/curl/pull/2979
---
lib/curl_sspi.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/lib/curl_sspi.c b/lib/curl_sspi.c
index 11a7120..7d19342 100644
--- a/lib/curl_sspi.c
+++ b/lib/curl_sspi.c
@@ -90,8 +90,9 @@ CURLcode Curl_sspi_global_init(void)
return CURLE_FAILED_INIT;
/* Get address of the InitSecurityInterfaceA function from the SSPI dll */
- pInitSecurityInterface = (INITSECURITYINTERFACE_FN)
- GetProcAddress(s_hSecDll, SECURITYENTRYPOINT);
+ pInitSecurityInterface =
+ CURLX_FUNCTION_CAST(INITSECURITYINTERFACE_FN,
+ (GetProcAddress(s_hSecDll, SECURITYENTRYPOINT)));
if(!pInitSecurityInterface)
return CURLE_FAILED_INIT;
--
1.8.3.1

29
fix-gcc8-warning.patch
View File

@ -1,29 +0,0 @@
From b504d96674ba3684882fcc1244a23b7439f12b63 Mon Sep 17 00:00:00 2001
From: kangenbo <kangenbo@huawei.com>
Date: Fri, 8 Mar 2019 11:01:34 -0500
Subject: [PATCH] openssl: fix gcc8 warning
Use memcpy instead of strncpy to copy a string without termination,
since gcc8 warns about using strncpy to copy as many bytes from a
string as its length.
Closes https://github.com/curl/curl/issues/2980
---
lib/vtls/openssl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index a487f55..955b661 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -253,7 +253,7 @@ static void ossl_keylog_callback(const SSL *ssl, const char *line)
if(!buf)
return;
}
- strncpy(buf, line, linelen);
+ memcpy(buf, line, linelen);
buf[linelen] = '\n';
buf[linelen + 1] = '\0';
--
1.8.3.1

30
fix-leak-when-writing-cookies-to-file.patch
View File

@ -1,30 +0,0 @@
From 315693699f5786dd8bfecfa25201fa68da1458cc Mon Sep 17 00:00:00 2001
From: kangenbo <kangenbo@huawei.com>
Date: Fri, 8 Mar 2019 10:55:48 -0500
Subject: [PATCH] cookies: fix leak when writing cookies to file
---
lib/cookie.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lib/cookie.c b/lib/cookie.c
index fd7341f..9cf8a36 100644
--- a/lib/cookie.c
+++ b/lib/cookie.c
@@ -1508,10 +1508,10 @@ static int cookie_output(struct CookieInfo *c, const char *dumphere)
format_ptr = get_netscape_format(array[i]);
if(format_ptr == NULL) {
fprintf(out, "#\n# Fatal libcurl error\n");
- if(!use_stdout) {
- free(array);
+ free(array);
+ if(!use_stdout)
fclose(out);
- }
+
return 1;
}
fprintf(out, "%s\n", format_ptr);
--
1.8.3.1

26
hostip-fix-check-on-Curl_shuffle_addr-return-value.patch
View File

@ -1,26 +0,0 @@
From 3349a633b8b181bfd1825b36d8cca51f5a20defd Mon Sep 17 00:00:00 2001
From: Rick Deist <dreckard@users.noreply.github.com>
Date: Sun, 7 Oct 2018 19:18:03 +0300
Subject: [PATCH 160/557] hostip: fix check on Curl_shuffle_addr return value
Closes #3110
---
lib/hostip.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/hostip.c b/lib/hostip.c
index 0dd0cbc..f589a0b 100644
--- a/lib/hostip.c
+++ b/lib/hostip.c
@@ -454,7 +454,7 @@ Curl_cache_addr(struct Curl_easy *data,
/* shuffle addresses if requested */
if(data->set.dns_shuffle_addresses) {
CURLcode result = Curl_shuffle_addr(data, &addr);
- if(!result)
+ if(result)
return NULL;
}
--
1.8.3.1

51
http-fix-memleak-in-rewind-error-path.patch
View File

@ -1,51 +0,0 @@
From 4058cf2a7f7e2590c26588c4eb476ac5c029cb5a Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 25 Sep 2018 07:49:35 +0200
Subject: [PATCH 100/557] http: fix memleak in rewind error path
If the rewind would fail, a strdup() would not get freed.
Detected by OSS-Fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10665
Closes #3044
---
lib/http.c | 15 +++++++--------
1 file changed, 7 insertions(+), 8 deletions(-)
diff --git a/lib/http.c b/lib/http.c
index 02ba133..47e4719 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -537,14 +537,6 @@ CURLcode Curl_http_auth_act(struct connectdata *conn)
}
if(pickhost || pickproxy) {
- /* In case this is GSS auth, the newurl field is already allocated so
- we must make sure to free it before allocating a new one. As figured
- out in bug #2284386 */
- Curl_safefree(data->req.newurl);
- data->req.newurl = strdup(data->change.url); /* clone URL */
- if(!data->req.newurl)
- return CURLE_OUT_OF_MEMORY;
-
if((data->set.httpreq != HTTPREQ_GET) &&
(data->set.httpreq != HTTPREQ_HEAD) &&
!conn->bits.rewindaftersend) {
@@ -552,6 +544,13 @@ CURLcode Curl_http_auth_act(struct connectdata *conn)
if(result)
return result;
}
+ /* In case this is GSS auth, the newurl field is already allocated so
+ we must make sure to free it before allocating a new one. As figured
+ out in bug #2284386 */
+ Curl_safefree(data->req.newurl);
+ data->req.newurl = strdup(data->change.url); /* clone URL */
+ if(!data->req.newurl)
+ return CURLE_OUT_OF_MEMORY;
}
else if((data->req.httpcode < 300) &&
(!data->state.authhost.done) &&
--
1.8.3.1

42
http2-fix-memory-leaks-on-error-path.patch
View File

@ -1,42 +0,0 @@
From 955e575f4e0a20a752e4fe1951f9d1107edd3925 Mon Sep 17 00:00:00 2001
From: kangenbo <kangenbo@huawei.com>
Date: Fri, 8 Mar 2019 12:06:11 -0500
Subject: [PATCH] http2: fix memory leaks on error-path
---
lib/http2.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/lib/http2.c b/lib/http2.c
index d769193..dfc780e 100644
--- a/lib/http2.c
+++ b/lib/http2.c
@@ -2060,8 +2060,11 @@ CURLcode Curl_http2_setup(struct connectdata *conn)
stream->stream_id = -1;
- if(!stream->header_recvbuf)
+ if(!stream->header_recvbuf) {
stream->header_recvbuf = Curl_add_buffer_init();
+ if(!stream->header_recvbuf)
+ return CURLE_OUT_OF_MEMORY;
+ }
if((conn->handler == &Curl_handler_http2_ssl) ||
(conn->handler == &Curl_handler_http2))
@@ -2073,8 +2076,11 @@ CURLcode Curl_http2_setup(struct connectdata *conn)
conn->handler = &Curl_handler_http2;
result = Curl_http2_init(conn);
- if(result)
+ if(result) {
+ Curl_add_buffer_free(stream->header_recvbuf);
+ stream->header_recvbuf = NULL;
return result;
+ }
infof(conn->data, "Using HTTP2, server supports multi-use\n");
stream->upload_left = 0;
--
1.8.3.1

27
krb5-fix-memory-leak-in-krb_auth.patch
View File

@ -1,27 +0,0 @@
From 3c5ee47fc206036283bdbcbe4588464bc9a7a5ae Mon Sep 17 00:00:00 2001
From: Daniel Gustafsson <daniel@yesql.se>
Date: Thu, 13 Sep 2018 10:10:55 +0200
Subject: [PATCH 054/557] krb5: fix memory leak in krb_auth
The FTP command allocated by aprintf() must be freed after usage.
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
---
lib/krb5.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/lib/krb5.c b/lib/krb5.c
index 8b5a247..46c5608 100644
--- a/lib/krb5.c
+++ b/lib/krb5.c
@@ -265,6 +265,7 @@ krb5_auth(void *app_data, struct connectdata *conn)
result = CURLE_OUT_OF_MEMORY;
free(p);
+ free(cmd);
if(result) {
ret = -2;
--
1.8.3.1

68
libssh-free-sftp_canonicalize_path-data-correctly.patch
View File

@ -1,68 +0,0 @@
From d18a5afaf07fdc093c6a6131cc7926a3d5a55407 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 21 Dec 2018 14:22:42 +0100
Subject: [PATCH 386/557] libssh: free sftp_canonicalize_path() data correctly
Assisted-by: Harry Sintonen
Fixes #3402
Closes #3403
---
lib/ssh-libssh.c | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
diff --git a/lib/ssh-libssh.c b/lib/ssh-libssh.c
index e38c01a..2e920f0 100644
--- a/lib/ssh-libssh.c
+++ b/lib/ssh-libssh.c
@@ -95,6 +95,13 @@
#include "memdebug.h"
#include "curl_path.h"
+/* A recent macro provided by libssh. Or make our own. */
+#ifndef SSH_STRING_FREE_CHAR
+/* !checksrc! disable ASSIGNWITHINCONDITION 1 */
+#define SSH_STRING_FREE_CHAR(x) \
+ do { if((x) != NULL) { ssh_string_free_char(x); x = NULL; } } while(0)
+#endif
+
/* Local functions: */
static CURLcode myssh_connect(struct connectdata *conn, bool *done);
static CURLcode myssh_multi_statemach(struct connectdata *conn,
@@ -1661,7 +1668,7 @@ static CURLcode myssh_statemach_act(struct connectdata *conn, bool *block)
sshc->sftp_session = NULL;
}
- Curl_safefree(sshc->homedir);
+ SSH_STRING_FREE_CHAR(sshc->homedir);
conn->data->state.most_recent_ftp_entrypath = NULL;
state(conn, SSH_SESSION_DISCONNECT);
@@ -1829,7 +1836,7 @@ static CURLcode myssh_statemach_act(struct connectdata *conn, bool *block)
ssh_disconnect(sshc->ssh_session);
- Curl_safefree(sshc->homedir);
+ SSH_STRING_FREE_CHAR(sshc->homedir);
conn->data->state.most_recent_ftp_entrypath = NULL;
state(conn, SSH_SESSION_FREE);
@@ -1866,14 +1873,11 @@ static CURLcode myssh_statemach_act(struct connectdata *conn, bool *block)
Curl_safefree(sshc->rsa_pub);
Curl_safefree(sshc->rsa);
-
Curl_safefree(sshc->quote_path1);
Curl_safefree(sshc->quote_path2);
-
- Curl_safefree(sshc->homedir);
-
Curl_safefree(sshc->readdir_line);
Curl_safefree(sshc->readdir_linkPath);
+ SSH_STRING_FREE_CHAR(sshc->homedir);
/* the code we are about to return */
result = sshc->actualcode;
--
1.8.3.1

44
mbedtls-release-sessionid-resources-on-error.patch
View File

@ -1,44 +0,0 @@
From 0299b262cd9c75adab546f4851c03995d98d61e1 Mon Sep 17 00:00:00 2001
From: Daniel Gustafsson <daniel@yesql.se>
Date: Sat, 16 Feb 2019 22:30:31 +0100
Subject: [PATCH 552/557] mbedtls: release sessionid resources on error
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
If mbedtls_ssl_get_session() fails, it may still have allocated
memory that needs to be freed to avoid leaking. Call the library
API function to release session resources on this errorpath as
well as on Curl_ssl_addsessionid() errors.
Closes: #3574
Reported-by: Michał Antoniak <M.Antoniak@posnet.com>
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
---
lib/vtls/mbedtls.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c
index c36c93e..27a9402 100644
--- a/lib/vtls/mbedtls.c
+++ b/lib/vtls/mbedtls.c
@@ -716,6 +716,8 @@ mbed_connect_step3(struct connectdata *conn,
ret = mbedtls_ssl_get_session(&BACKEND->ssl, our_ssl_sessionid);
if(ret) {
+ if(ret != MBEDTLS_ERR_SSL_ALLOC_FAILED)
+ mbedtls_ssl_session_free(our_ssl_sessionid);
free(our_ssl_sessionid);
failf(data, "mbedtls_ssl_get_session returned -0x%x", -ret);
return CURLE_SSL_CONNECT_ERROR;
@@ -729,6 +731,7 @@ mbed_connect_step3(struct connectdata *conn,
retcode = Curl_ssl_addsessionid(conn, our_ssl_sessionid, 0, sockindex);
Curl_ssl_sessionid_unlock(conn);
if(retcode) {
+ mbedtls_ssl_session_free(our_ssl_sessionid);
free(our_ssl_sessionid);
failf(data, "failed to store ssl session");
return retcode;
--
1.8.3.1

33
memory-add-missing-curl_printf-header.patch
View File

@ -1,33 +0,0 @@
From 927cb3708e29fd88dcfadb9444d0dc93dc2aa4b2 Mon Sep 17 00:00:00 2001
From: Daniel Gustafsson <daniel@yesql.se>
Date: Mon, 17 Sep 2018 09:28:10 +0200
Subject: [PATCH 064/557] memory: add missing curl_printf header
ftp_send_command() was using vsnprintf() without including the libcurl
*rintf() replacement header. Fix by including curl_printf.h and also
add curl_memory.h while at it since memdebug.h depends on it.
Closes #2999
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
---
lib/security.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/lib/security.c b/lib/security.c
index 5f52515..6165d0a 100644
--- a/lib/security.c
+++ b/lib/security.c
@@ -61,7 +61,9 @@
#include "strcase.h"
#include "warnless.h"
#include "strdup.h"
-/* The last #include file should be: */
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
+#include "curl_memory.h"
#include "memdebug.h"
static const struct {
--
1.8.3.1

128
memory-ensure-to-check-allocation-results.patch
View File

@ -1,128 +0,0 @@
From 2873971d6251b7c1eb278df1ee2b944d7c3fcdba Mon Sep 17 00:00:00 2001
From: Daniel Gustafsson <daniel@yesql.se>
Date: Wed, 3 Oct 2018 00:56:29 +0200
Subject: [PATCH 129/557] memory: ensure to check allocation results
The result of a memory allocation should always be checked, as we may
run under memory pressure where even a small allocation can fail. This
adds checking and error handling to a few cases where the allocation
wasn't checked for success. In the ftp case, the freeing of the path
variable is moved ahead of the allocation since there is little point
in keeping it around across the strdup, and the separation makes for
more readable code. In nwlib, the lock is aslo freed in the error path.
Also bumps the copyright years on affected files.
Closes #3084
Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
---
lib/ftp.c | 4 +++-
lib/http2.c | 2 ++
lib/nwlib.c | 7 +++++--
lib/vauth/digest.c | 4 +++-
lib/vtls/schannel_verify.c | 4 ++++
5 files changed, 17 insertions(+), 4 deletions(-)
diff --git a/lib/ftp.c b/lib/ftp.c
index a966817..793d991 100644
--- a/lib/ftp.c
+++ b/lib/ftp.c
@@ -3213,9 +3213,11 @@ static CURLcode ftp_done(struct connectdata *conn, CURLcode status,
ftpc->prevpath[dlen] = 0; /* terminate */
}
else {
+ free(path);
/* we never changed dir */
ftpc->prevpath = strdup("");
- free(path);
+ if(!ftpc->prevpath)
+ return CURLE_OUT_OF_MEMORY;
}
if(ftpc->prevpath)
infof(data, "Remembering we are in dir \"%s\"\n", ftpc->prevpath);
diff --git a/lib/http2.c b/lib/http2.c
index 29edfba..ed47b73 100644
--- a/lib/http2.c
+++ b/lib/http2.c
@@ -924,6 +924,8 @@ static int on_header(nghttp2_session *session, const nghttp2_frame *frame,
stream->push_headers_alloc = 10;
stream->push_headers = malloc(stream->push_headers_alloc *
sizeof(char *));
+ if(!stream->push_headers)
+ return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE;
stream->push_headers_used = 0;
}
else if(stream->push_headers_used ==
diff --git a/lib/nwlib.c b/lib/nwlib.c
index 215d933..7bf5f51 100644
--- a/lib/nwlib.c
+++ b/lib/nwlib.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -195,7 +195,7 @@ int GetOrSetUpData(int id, libdata_t **appData,
if(!app_data->tenbytes || !app_data->lock) {
if(app_data->lock)
NXMutexFree(app_data->lock);
-
+ free(app_data->tenbytes);
free(app_data);
app_data = (libdata_t *) NULL;
err = ENOMEM;
@@ -213,6 +213,9 @@ int GetOrSetUpData(int id, libdata_t **appData,
err = set_app_data(gLibId, app_data);
if(err) {
+ if(app_data->lock)
+ NXMutexFree(app_data->lock);
+ free(app_data->tenbytes);
free(app_data);
app_data = (libdata_t *) NULL;
err = ENOMEM;
diff --git a/lib/vauth/digest.c b/lib/vauth/digest.c
index fae5a49..ab5156e 100644
--- a/lib/vauth/digest.c
+++ b/lib/vauth/digest.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -781,6 +781,8 @@ static CURLcode _Curl_auth_create_digest_http_message(
*/
hashthis = (unsigned char *) aprintf("%s:%s", request, uripath);
+ if(!hashthis)
+ return CURLE_OUT_OF_MEMORY;
if(digest->qop && strcasecompare(digest->qop, "auth-int")) {
/* We don't support auth-int for PUT or POST at the moment.
diff --git a/lib/vtls/schannel_verify.c b/lib/vtls/schannel_verify.c
index cfc4adf..2516f56 100644
--- a/lib/vtls/schannel_verify.c
+++ b/lib/vtls/schannel_verify.c
@@ -319,6 +319,10 @@ static CURLcode verify_host(struct Curl_easy *data,
* embedded null bytes. This appears to be undocumented behavior.
*/
cert_hostname_buff = (LPTSTR)malloc(len * sizeof(TCHAR));
+ if(!cert_hostname_buff) {
+ result = CURLE_OUT_OF_MEMORY;
+ goto cleanup;
+ }
actual_len = CertGetNameString(pCertContextServer,
CERT_NAME_DNS_TYPE,
name_flags,
--
1.8.3.1

30
multi-Fix-error-handling-in-the-SENDPROTOCONNECT-sta.patch
View File

@ -1,30 +0,0 @@
From 3793761a3777095d643e9f2da951615e1178782c Mon Sep 17 00:00:00 2001
From: Michael Kaufmann <mail@michael-kaufmann.ch>
Date: Thu, 25 Oct 2018 13:07:03 +0200
Subject: [PATCH 216/557] multi: Fix error handling in the SENDPROTOCONNECT
state
If Curl_protocol_connect() returns an error code,
handle the error instead of switching to the next state.
Closes #3170
---
lib/multi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/multi.c b/lib/multi.c
index 7c691a1..0db2a97 100644
--- a/lib/multi.c
+++ b/lib/multi.c
@@ -1608,7 +1608,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
case CURLM_STATE_SENDPROTOCONNECT:
result = Curl_protocol_connect(data->easy_conn, &protocol_connect);
- if(!protocol_connect)
+ if(!result && !protocol_connect)
/* switch to waiting state */
multistate(data, CURLM_STATE_PROTOCONNECT);
else if(!result) {
--
1.8.3.1

68
multi-avoid-double-free.patch
View File

@ -1,68 +0,0 @@
From 42c2b14aefb9bd580fe5128147bf52840e61c292 Mon Sep 17 00:00:00 2001
From: kangenbo <kangenbo@huawei.com>
Date: Mon, 18 Mar 2019 17:22:21 -0400
Subject: [PATCH] 0191
---
lib/multi.c | 12 ++++--------
1 file changed, 4 insertions(+), 8 deletions(-)
diff --git a/lib/multi.c b/lib/multi.c
index 8e920fc..3b85fee 100644
--- a/lib/multi.c
+++ b/lib/multi.c
@@ -1707,7 +1707,6 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
char *newurl = NULL;
followtype follow = FOLLOW_NONE;
CURLcode drc;
- bool retry = FALSE;
drc = Curl_retry_request(data->easy_conn, &newurl);
if(drc) {
@@ -1715,15 +1714,13 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
result = drc;
stream_error = TRUE;
}
- else
- retry = (newurl)?TRUE:FALSE;
Curl_posttransfer(data);
drc = multi_done(&data->easy_conn, result, FALSE);
/* When set to retry the connection, we must to go back to
* the CONNECT state */
- if(retry) {
+ if(newurl) {
if(!drc || (drc == CURLE_SEND_ERROR)) {
follow = FOLLOW_RETRY;
drc = Curl_follow(data, newurl, follow);
@@ -1986,16 +1983,14 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
else
follow = FOLLOW_RETRY;
result = multi_done(&data->easy_conn, CURLE_OK, FALSE);
- if(result)
- /* Curl_follow() would otherwise free this */
- free(newurl);
- else {
+ if(!result) {
result = Curl_follow(data, newurl, follow);
if(!result) {
multistate(data, CURLM_STATE_CONNECT);
rc = CURLM_CALL_MULTI_PERFORM;
}
}
+ free(newurl);
}
else {
/* after the transfer is done, go DONE */
@@ -2007,6 +2002,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
newurl = data->req.location;
data->req.location = NULL;
result = Curl_follow(data, newurl, FOLLOW_FAKE);
+ free(newurl);
if(result) {
stream_error = TRUE;
result = multi_done(&data->easy_conn, result, TRUE);
--
1.8.3.1

30
multi-fix-location-URL-memleak-in-error-path.patch
View File

@ -1,30 +0,0 @@
From 454fa3fd7be9b4a8d51d19d3515a3a935c3bf400 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 28 Sep 2018 10:58:28 +0200
Subject: [PATCH 108/557] multi: fix location URL memleak in error path
Follow-up to #3044 - fix a leak OSS-Fuzz detected
Closes #3057
---
lib/multi.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/lib/multi.c b/lib/multi.c
index d5e09aa..f202609 100644
--- a/lib/multi.c
+++ b/lib/multi.c
@@ -1984,7 +1984,10 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
else
follow = FOLLOW_RETRY;
result = multi_done(&data->easy_conn, CURLE_OK, FALSE);
- if(!result) {
+ if(result)
+ /* Curl_follow() would otherwise free this */
+ free(newurl);
+ else {
result = Curl_follow(data, newurl, follow);
if(!result) {
multistate(data, CURLM_STATE_CONNECT);
--
1.8.3.1

42
multi-fix-memory-leak-in-content-encoding-related-er.patch
View File

@ -1,42 +0,0 @@
From 2dfc0dd6b59db0816821508418addcf62863c84c Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Sat, 29 Sep 2018 11:32:07 +0200
Subject: [PATCH 111/557] multi: fix memory leak in content encoding related
error path
... a missing multi_done() call.
Credit to OSS-Fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10728
Closes #3063
---
lib/multi.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/lib/multi.c b/lib/multi.c
index f202609..9a98435 100644
--- a/lib/multi.c
+++ b/lib/multi.c
@@ -2005,12 +2005,16 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
newurl = data->req.location;
data->req.location = NULL;
result = Curl_follow(data, newurl, FOLLOW_FAKE);
- if(result)
+ if(result) {
stream_error = TRUE;
+ result = multi_done(&data->easy_conn, result, TRUE);
+ }
}
- multistate(data, CURLM_STATE_DONE);
- rc = CURLM_CALL_MULTI_PERFORM;
+ if(!result) {
+ multistate(data, CURLM_STATE_DONE);
+ rc = CURLM_CALL_MULTI_PERFORM;
+ }
}
}
else if(comeback)
--
1.8.3.1

111
netrc-free-temporary-strings-if-memory-allocation-fa.patch
View File

@ -1,111 +0,0 @@
From d48e6b7f9558ae2a21c74f9054221af8f5c6b607 Mon Sep 17 00:00:00 2001
From: Michael Kaufmann <mail@michael-kaufmann.ch>
Date: Wed, 10 Oct 2018 22:38:50 +0200
Subject: [PATCH 200/557] netrc: free temporary strings if memory allocation
fails
- Change the inout parameters after all needed memory has been
allocated. Do not change them if something goes wrong.
- Free the allocated temporary strings if strdup() fails.
Closes #3122
---
lib/netrc.c | 48 +++++++++++++++++++++++++++++++++++++++---------
1 file changed, 39 insertions(+), 9 deletions(-)
diff --git a/lib/netrc.c b/lib/netrc.c
index a407bda..1724b35 100644
--- a/lib/netrc.c
+++ b/lib/netrc.c
@@ -57,7 +57,11 @@ int Curl_parsenetrc(const char *host,
{
FILE *file;
int retcode = 1;
- int specific_login = (*loginp && **loginp != 0);
+ char *login = *loginp;
+ char *password = *passwordp;
+ bool specific_login = (login && *login != 0);
+ bool login_alloc = FALSE;
+ bool password_alloc = FALSE;
bool netrc_alloc = FALSE;
enum host_lookup_state state = NOTHING;
@@ -125,7 +129,7 @@ int Curl_parsenetrc(const char *host,
continue;
while(!done && tok) {
- if((*loginp && **loginp) && (*passwordp && **passwordp)) {
+ if((login && *login) && (password && *password)) {
done = TRUE;
break;
}
@@ -158,26 +162,34 @@ int Curl_parsenetrc(const char *host,
/* we are now parsing sub-keywords concerning "our" host */
if(state_login) {
if(specific_login) {
- state_our_login = strcasecompare(*loginp, tok);
+ state_our_login = strcasecompare(login, tok);
}
else {
- free(*loginp);
- *loginp = strdup(tok);
- if(!*loginp) {
+ if(login_alloc) {
+ free(login);
+ login_alloc = FALSE;
+ }
+ login = strdup(tok);
+ if(!login) {
retcode = -1; /* allocation failed */
goto out;
}
+ login_alloc = TRUE;
}
state_login = 0;
}
else if(state_password) {
if(state_our_login || !specific_login) {
- free(*passwordp);
- *passwordp = strdup(tok);
- if(!*passwordp) {
+ if(password_alloc) {
+ free(password);
+ password_alloc = FALSE;
+ }
+ password = strdup(tok);
+ if(!password) {
retcode = -1; /* allocation failed */
goto out;
}
+ password_alloc = TRUE;
}
state_password = 0;
}
@@ -198,6 +210,24 @@ int Curl_parsenetrc(const char *host,
} /* while fgets() */
out:
+ if(!retcode) {
+ if(login_alloc) {
+ if(*loginp)
+ free(*loginp);
+ *loginp = login;
+ }
+ if(password_alloc) {
+ if(*passwordp)
+ free(*passwordp);
+ *passwordp = password;
+ }
+ }
+ else {
+ if(login_alloc)
+ free(login);
+ if(password_alloc)
+ free(password);
+ }
fclose(file);
}
--
1.8.3.1

28
nonblock-fix-unused-parameter-warning.patch
View File

@ -1,28 +0,0 @@
From 6c413648ec440230d2988be2d9ed8b70f8dba24b Mon Sep 17 00:00:00 2001
From: Marcel Raad <Marcel.Raad@teamviewer.com>
Date: Sun, 14 Oct 2018 21:07:45 +0200
Subject: [PATCH 181/557] nonblock: fix unused parameter warning
If USE_BLOCKING_SOCKETS is defined, curlx_nonblock's arguments are not
used.
---
lib/nonblock.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lib/nonblock.c b/lib/nonblock.c
index 5959281..4d105c1 100644
--- a/lib/nonblock.c
+++ b/lib/nonblock.c
@@ -48,7 +48,8 @@ int curlx_nonblock(curl_socket_t sockfd, /* operate on this */
int nonblock /* TRUE or FALSE */)
{
#if defined(USE_BLOCKING_SOCKETS)
-
+ (void)sockfd;
+ (void)nonblock;
return 0; /* returns success */
#elif defined(HAVE_FCNTL_O_NONBLOCK)
--
1.8.3.1

35
nss-try-to-connect-even-if-libnssckbi.so-fails-to-lo.patch
View File

@ -1,35 +0,0 @@
From eb0b3acbc1beb08489222ed713ac387ca900fe90 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Wed, 19 Sep 2018 10:05:56 +0200
Subject: [PATCH 073/557] nss: try to connect even if libnssckbi.so fails to
load
One can still use CA certificates stored in NSS database.
Reported-by: Maxime Legros
Bug: https://curl.haxx.se/mail/lib-2018-09/0077.html
Closes #3016
---
lib/vtls/nss.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index 4eb6a77..0c5a806 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -1578,8 +1578,9 @@ static CURLcode nss_load_ca_certificates(struct connectdata *conn,
infof(data, "%s %s\n", (result) ? "failed to load" : "loaded",
trust_library);
if(result == CURLE_FAILED_INIT)
- /* make the error non-fatal if we are not going to verify peer */
- result = CURLE_SSL_CACERT_BADFILE;
+ /* If libnssckbi.so is not available (or fails to load), one can still
+ use CA certificates stored in NSS database. Ignore the failure. */
+ result = CURLE_OK;
}
else if(!use_trust_module && trust_module) {
/* libnssckbi.so not needed but already loaded --> unload it! */
--
1.8.3.1

48
openssl-fix-the-SSL_get_tlsext_status_ocsp_resp-call.patch
View File

@ -1,48 +0,0 @@
From 16a3307e813fa82776dc265201ffc7dac1c842a7 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 15 Jan 2019 23:57:25 +0100
Subject: [PATCH 451/557] openssl: fix the SSL_get_tlsext_status_ocsp_resp call
.... to not pass in a const in the second argument as that's not how it
is supposed to be used and might cause compiler warnings.
Reported-by: Pavel Pavlov
Fixes #3477
Closes #3478
---
lib/vtls/openssl.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 45e72d6..9d11b89 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -1692,6 +1692,7 @@ static CURLcode verifystatus(struct connectdata *conn,
struct ssl_connect_data *connssl)
{
int i, ocsp_status;
+ unsigned char *status;
const unsigned char *p;
CURLcode result = CURLE_OK;
struct Curl_easy *data = conn->data;
@@ -1701,14 +1702,14 @@ static CURLcode verifystatus(struct connectdata *conn,
X509_STORE *st = NULL;
STACK_OF(X509) *ch = NULL;
- long len = SSL_get_tlsext_status_ocsp_resp(BACKEND->handle, &p);
+ long len = SSL_get_tlsext_status_ocsp_resp(BACKEND->handle, &status);
- if(!p) {
+ if(!status) {
failf(data, "No OCSP response received");
result = CURLE_SSL_INVALIDCERTSTATUS;
goto end;
}
-
+ p = status;
rsp = d2i_OCSP_RESPONSE(NULL, &p, len);
if(!rsp) {
failf(data, "Invalid OCSP response");
--
1.8.3.1

30
openvms-fix-OpenSSL-discovery-on-VAX.patch
View File

@ -1,30 +0,0 @@
From 35221ecb14e1bb6c201ddf05d051fd15d8632fb3 Mon Sep 17 00:00:00 2001
From: Daniel Gustafsson <daniel@yesql.se>
Date: Tue, 25 Dec 2018 22:27:29 +0100
Subject: [PATCH 394/557] openvms: fix OpenSSL discovery on VAX
The DCL code had a typo in one of the commands which would make the
OpenSSL discovery on VAX fail. The correct syntax is F$ENVIRONMENT.
Closes #3407
Reviewed-by: Viktor Szakats <commit@vszakats.net>
---
packages/vms/generate_config_vms_h_curl.com | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/packages/vms/generate_config_vms_h_curl.com b/packages/vms/generate_config_vms_h_curl.com
index 6e1b202..ef9efc2 100644
--- a/packages/vms/generate_config_vms_h_curl.com
+++ b/packages/vms/generate_config_vms_h_curl.com
@@ -406,7 +406,7 @@ $ write cvh "#define USE_OPENSSL 1"
$ write cvh "#endif"
$ if arch_name .eqs. "VAX"
$ then
-$ old_mes = f$enviroment("message")
+$ old_mes = f$environment("message")
$ set message/notext/nofaci/noseve/noident
$ search/output=nla0: ssl$include:*.h CONF_MFLAGS_IGNORE_MISSING_FILE
$ status = $severity
--
1.8.3.1

48
schannel-on-connection-close-there-might-not-be-a-tr.patch
View File

@ -1,48 +0,0 @@
From 6ee672970972a40603d8141293ca91c4d4854187 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 18 Jan 2019 11:21:25 +0100
Subject: [PATCH 457/557] schannel: on connection close there might not be a
transfer
Reported-by: Marcel Raad
Fixes #3412
Closes #3483
---
lib/vtls/schannel.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c
index 56fd93e..ab7f83f 100644
--- a/lib/vtls/schannel.c
+++ b/lib/vtls/schannel.c
@@ -7,7 +7,7 @@
*
* Copyright (C) 2012 - 2016, Marc Hoersken, <info@marc-hoersken.de>
* Copyright (C) 2012, Mark Salisbury, <mark.salisbury@hp.com>
- * Copyright (C) 2012 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2012 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -2013,9 +2013,16 @@ static int Curl_schannel_shutdown(struct connectdata *conn, int sockindex)
/* free SSPI Schannel API credential handle */
if(BACKEND->cred) {
- Curl_ssl_sessionid_lock(conn);
+ /*
+ * When this function is called from Curl_schannel_close() the connection
+ * might not have an associated transfer so the check for conn->data is
+ * necessary.
+ */
+ if(conn->data)
+ Curl_ssl_sessionid_lock(conn);
Curl_schannel_session_free(BACKEND->cred);
- Curl_ssl_sessionid_unlock(conn);
+ if(conn->data)
+ Curl_ssl_sessionid_unlock(conn);
BACKEND->cred = NULL;
}
--
1.8.3.1

53
secure-Openwall-URLs.patch
View File

@ -1,53 +0,0 @@
From 420087bb306528530ebdbf7f7806312882b1adba Mon Sep 17 00:00:00 2001
From: Viktor Szakats <commit@vszakats.net>
Date: Fri, 14 Sep 2018 18:48:35 +0000
Subject: [PATCH 059/557] secure Openwall URLs
---
docs/SECURITY-PROCESS.md | 2 +-
lib/md4.c | 2 +-
lib/md5.c | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/docs/SECURITY-PROCESS.md b/docs/SECURITY-PROCESS.md
index 6ef7757..6cae503 100644
--- a/docs/SECURITY-PROCESS.md
+++ b/docs/SECURITY-PROCESS.md
@@ -61,7 +61,7 @@ announcement.
Figure out the CWE (Common Weakness Enumeration) number for the flaw.
- Request a CVE number from
- [distros@openwall](http://oss-security.openwall.org/wiki/mailing-lists/distros)
+ [distros@openwall](https://oss-security.openwall.org/wiki/mailing-lists/distros)
when also informing and preparing them for the upcoming public security
vulnerability announcement - attach the advisory draft for information. Note
that 'distros' won't accept an embargo longer than 14 days and they do not
diff --git a/lib/md4.c b/lib/md4.c
index 2bb7dcc..d350602 100644
--- a/lib/md4.c
+++ b/lib/md4.c
@@ -3,7 +3,7 @@
* MD4 Message-Digest Algorithm (RFC 1320).
*
* Homepage:
- http://openwall.info/wiki/people/solar/software/public-domain-source-code/md4
+ https://openwall.info/wiki/people/solar/software/public-domain-source-code/md4
*
* Author:
* Alexander Peslyak, better known as Solar Designer <solar at openwall.com>
diff --git a/lib/md5.c b/lib/md5.c
index b819d39..45f45bb 100644
--- a/lib/md5.c
+++ b/lib/md5.c
@@ -177,7 +177,7 @@ static void MD5_Final(unsigned char digest[16], MD5_CTX *ctx)
* MD5 Message-Digest Algorithm (RFC 1321).
*
* Homepage:
- http://openwall.info/wiki/people/solar/software/public-domain-source-code/md5
+ https://openwall.info/wiki/people/solar/software/public-domain-source-code/md5
*
* Author:
* Alexander Peslyak, better known as Solar Designer <solar at openwall.com>
--
1.8.3.1

55
smb-fix-incorrect-path-in-request-if-connection-reus.patch
View File

@ -1,55 +0,0 @@
From 462037ad487c0457451e66afd0cb50a9f70c0c28 Mon Sep 17 00:00:00 2001
From: Matus Uzak <matus.uzak@gmail.com>
Date: Tue, 18 Dec 2018 22:28:20 +0100
Subject: [PATCH 377/557] smb: fix incorrect path in request if connection
reused
Follow-up to 09e401e01bf9. If connection gets reused, then data member
will be copied, but not the proto member. As a result, in smb_do(),
path has been set from the original proto.share data.
Closes #3388
---
lib/smb.c | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/lib/smb.c b/lib/smb.c
index e4f266e..76c99a2 100644
--- a/lib/smb.c
+++ b/lib/smb.c
@@ -947,15 +947,10 @@ static int smb_getsock(struct connectdata *conn, curl_socket_t *socks,
static CURLcode smb_do(struct connectdata *conn, bool *done)
{
struct smb_conn *smbc = &conn->proto.smbc;
- struct smb_request *req = conn->data->req.protop;
*done = FALSE;
if(smbc->share) {
- req->path = strchr(smbc->share, '\0');
- if(req->path) {
- req->path++;
- return CURLE_OK;
- }
+ return CURLE_OK;
}
return CURLE_URL_MALFORMAT;
}
@@ -964,6 +959,7 @@ static CURLcode smb_parse_url_path(struct connectdata *conn)
{
CURLcode result = CURLE_OK;
struct Curl_easy *data = conn->data;
+ struct smb_request *req = data->req.protop;
struct smb_conn *smbc = &conn->proto.smbc;
char *path;
char *slash;
@@ -992,6 +988,7 @@ static CURLcode smb_parse_url_path(struct connectdata *conn)
/* Parse the path for the file path converting any forward slashes into
backslashes */
*slash++ = 0;
+ req->path = slash;
for(; *slash; slash++) {
if(*slash == '/')
--
1.8.3.1

35
ssh-free-the-session-on-init-failures.patch
View File

@ -1,35 +0,0 @@
From 5c8c310edb1e5dbf41c5d2d68622b63f7700488e Mon Sep 17 00:00:00 2001
From: Daniel Gustafsson <daniel@yesql.se>
Date: Fri, 26 Oct 2018 15:39:15 +0200
Subject: [PATCH 211/557] ssh: free the session on init failures
Ensure to clear the session object in case the libssh2 initialization
fails.
It could be argued that the libssh2 error function should be called to
get a proper error message in this case. But since the only error path
in libssh2_knownhost_init() is memory a allocation failure it's safest
to avoid since the libssh2 error handling allocates memory.
Closes #3179
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
---
lib/ssh.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/ssh.c b/lib/ssh.c
index a4b2ca4..da89619 100644
--- a/lib/ssh.c
+++ b/lib/ssh.c
@@ -2926,7 +2926,7 @@ static CURLcode ssh_connect(struct connectdata *conn, bool *done)
int rc;
ssh->kh = libssh2_knownhost_init(ssh->ssh_session);
if(!ssh->kh) {
- /* eeek. TODO: free the ssh_session! */
+ libssh2_session_free(ssh->ssh_session);
return CURLE_FAILED_INIT;
}
--
1.8.3.1

36
ssh-log-the-libssh2-error-message-when-ssh-session-s.patch
View File

@ -1,36 +0,0 @@
From b095a1ca63ab4962e7256616ff02607c5a77e089 Mon Sep 17 00:00:00 2001
From: JDepooter <joel.depooter@safe.com>
Date: Wed, 16 Jan 2019 17:18:20 -0800
Subject: [PATCH 456/557] ssh: log the libssh2 error message when ssh session
startup fails
When a ssh session startup fails, it is useful to know why it has
failed. This commit changes the message from:
"Failure establishing ssh session"
to something like this, for example:
"Failure establishing ssh session: -5, Unable to exchange encryption keys"
Closes #3481
---
lib/ssh.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/lib/ssh.c b/lib/ssh.c
index f3b0a58..8c68adc 100644
--- a/lib/ssh.c
+++ b/lib/ssh.c
@@ -667,7 +667,10 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
break;
}
if(rc) {
- failf(data, "Failure establishing ssh session");
+ char *err_msg = NULL;
+ (void)libssh2_session_last_error(sshc->ssh_session, &err_msg, NULL, 0);
+ failf(data, "Failure establishing ssh session: %d, %s", rc, err_msg);
+
state(conn, SSH_SESSION_FREE);
sshc->actualcode = CURLE_FAILED_INIT;
break;
--
1.8.3.1

37
timediff-fix-math-for-unsigned-time_t.patch
View File

@ -1,37 +0,0 @@
From 1a93153783c0ae626acf0b9041eeb2cb2fe7944a Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 8 Jan 2019 17:34:45 +0100
Subject: [PATCH 423/557] timediff: fix math for unsigned time_t
Bug: https://curl.haxx.se/mail/lib-2018-12/0088.html
Closes #3449
---
lib/timeval.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lib/timeval.c b/lib/timeval.c
index 2d7c782..f1cbfe6 100644
--- a/lib/timeval.c
+++ b/lib/timeval.c
@@ -163,7 +163,7 @@ struct curltime Curl_now(void)
*/
timediff_t Curl_timediff(struct curltime newer, struct curltime older)
{
- timediff_t diff = newer.tv_sec-older.tv_sec;
+ timediff_t diff = (timediff_t)newer.tv_sec-older.tv_sec;
if(diff >= (TIME_MAX/1000))
return TIME_MAX;
else if(diff <= (TIME_MIN/1000))
@@ -177,7 +177,7 @@ timediff_t Curl_timediff(struct curltime newer, struct curltime older)
*/
timediff_t Curl_timediff_us(struct curltime newer, struct curltime older)
{
- timediff_t diff = newer.tv_sec-older.tv_sec;
+ timediff_t diff = (timediff_t)newer.tv_sec-older.tv_sec;
if(diff >= (TIME_MAX/1000000))
return TIME_MAX;
else if(diff <= (TIME_MIN/1000000))
--
1.8.3.1

47
tool_cb_hdr-handle-failure-of-rename.patch
View File

@ -1,47 +0,0 @@
From 6b6ba1dc29857f5eb4c31fed3d63619fea99d5f4 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Mon, 15 Oct 2018 16:03:46 +0200
Subject: [PATCH 186/557] tool_cb_hdr: handle failure of rename()
Detected by Coverity.
Closes #3140
Reviewed-by: Jay Satiro
---
src/tool_cb_hdr.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/src/tool_cb_hdr.c b/src/tool_cb_hdr.c
index 983258c..7a7a836 100644
--- a/src/tool_cb_hdr.c
+++ b/src/tool_cb_hdr.c
@@ -132,15 +132,24 @@ size_t tool_header_cb(char *ptr, size_t size, size_t nmemb, void *userdata)
filename = parse_filename(p, len);
if(filename) {
if(outs->stream) {
+ int rc;
/* already opened and possibly written to */
if(outs->fopened)
fclose(outs->stream);
outs->stream = NULL;
/* rename the initial file name to the new file name */
- rename(outs->filename, filename);
+ rc = rename(outs->filename, filename);
+ if(rc != 0) {
+ warnf(outs->config->global, "Failed to rename %s -> %s: %s\n",
+ outs->filename, filename, strerror(errno));
+ }
if(outs->alloc_filename)
- free(outs->filename);
+ Curl_safefree(outs->filename);
+ if(rc != 0) {
+ free(filename);
+ return failure;
+ }
}
outs->is_cd_filename = TRUE;
outs->s_isreg = TRUE;
--
1.8.3.1

63
tool_cb_prg-avoid-integer-overflow.patch
View File

@ -1,63 +0,0 @@
From 61faa0b420c236480bc9ef6fd52b4ecc1e0f8d17 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 11 Jan 2019 00:25:46 +0100
Subject: [PATCH 437/557] tool_cb_prg: avoid integer overflow
When calculating the progress bar width.
Reported-by: Peng Li
Fixes #3456
Closes #3458
---
src/tool_cb_prg.c | 19 ++++++++++++++++---
1 file changed, 16 insertions(+), 3 deletions(-)
diff --git a/src/tool_cb_prg.c b/src/tool_cb_prg.c
index 15ff5b2..0539e98 100644
--- a/src/tool_cb_prg.c
+++ b/src/tool_cb_prg.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -106,6 +106,13 @@ static void fly(struct ProgressData *bar, bool moved)
#define MAX_BARLENGTH 256
+#if (SIZEOF_CURL_OFF_T == 4)
+# define CURL_OFF_T_MAX CURL_OFF_T_C(0x7FFFFFFF)
+#else
+ /* assume CURL_SIZEOF_CURL_OFF_T == 8 */
+# define CURL_OFF_T_MAX CURL_OFF_T_C(0x7FFFFFFFFFFFFFFF)
+#endif
+
int tool_progress_cb(void *clientp,
curl_off_t dltotal, curl_off_t dlnow,
curl_off_t ultotal, curl_off_t ulnow)
@@ -119,10 +126,16 @@ int tool_progress_cb(void *clientp,
curl_off_t point;
/* expected transfer size */
- total = dltotal + ultotal + bar->initial_size;
+ if((CURL_OFF_T_MAX - bar->initial_size) < (dltotal + ultotal))
+ total = CURL_OFF_T_MAX;
+ else
+ total = dltotal + ultotal + bar->initial_size;
/* we've come this far */
- point = dlnow + ulnow + bar->initial_size;
+ if((CURL_OFF_T_MAX - bar->initial_size) < (dlnow + ulnow))
+ point = CURL_OFF_T_MAX;
+ else
+ point = dlnow + ulnow + bar->initial_size;
if(bar->calls) {
/* after first call... */
--
1.8.3.1

71
urlglob-improve-error-message.patch
View File

@ -1,71 +0,0 @@
From ddb06ffc0f680322ce746c6e8d524dee4de84955 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 11 Sep 2018 22:03:47 +0200
Subject: [PATCH 045/557] urlglob: improve error message
to help user understand what the problem is
Reported-by: Daniel Shahaf
Fixes #2763
Closes #2977
---
src/tool_urlglob.c | 11 ++++++-----
tests/data/test75 | 4 +++-
2 files changed, 9 insertions(+), 6 deletions(-)
diff --git a/src/tool_urlglob.c b/src/tool_urlglob.c
index cb87706..e4a5c33 100644
--- a/src/tool_urlglob.c
+++ b/src/tool_urlglob.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -459,18 +459,19 @@ CURLcode glob_url(URLGlob **glob, char *url, unsigned long *urlnum,
*urlnum = amount;
else {
if(error && glob_expand->error) {
- char text[128];
+ char text[512];
const char *t;
if(glob_expand->pos) {
- snprintf(text, sizeof(text), "%s in column %zu", glob_expand->error,
- glob_expand->pos);
+ snprintf(text, sizeof(text), "%s in URL position %zu:\n%s\n%*s^",
+ glob_expand->error,
+ glob_expand->pos, url, glob_expand->pos - 1, " ");
t = text;
}
else
t = glob_expand->error;
/* send error description to the error-stream */
- fprintf(error, "curl: (%d) [globbing] %s\n", res, t);
+ fprintf(error, "curl: (%d) %s\n", res, t);
}
/* it failed, we cleanup */
glob_cleanup(glob_expand);
diff --git a/tests/data/test75 b/tests/data/test75
index d8836b9..115963d 100644
--- a/tests/data/test75
+++ b/tests/data/test75
@@ -44,7 +44,9 @@ perl %SRCDIR/libtest/test75.pl http://%HOSTIP:%HTTPPORT/ 22
3
</errorcode>
<stdout mode="text">
-curl: (3) [globbing] bad range in column 47
+curl: (3) bad range in URL position 47:
+http://a-site-never-accessed.example.org/[2-1]
+ ^
</stdout>
</verify>
</testcase>
--
1.8.3.1

44
wolfssl-Perform-cleanup.patch
View File

@ -1,44 +0,0 @@
From 982a897b4bc22fa49da2501af8242e8c8ce1792c Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Wed, 19 Dec 2018 08:30:44 -0800
Subject: [PATCH 381/557] wolfssl: Perform cleanup
This adds a cleanup callback for cyassl. Resolves possible memory leak
when using ECC fixed point cache.
Closes #3395
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
---
lib/vtls/cyassl.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/lib/vtls/cyassl.c b/lib/vtls/cyassl.c
index 0d45afb..ea96cf6 100644
--- a/lib/vtls/cyassl.c
+++ b/lib/vtls/cyassl.c
@@ -794,6 +794,12 @@ static int Curl_cyassl_init(void)
}
+static void Curl_cyassl_cleanup(void)
+{
+ CyaSSL_Cleanup();
+}
+
+
static bool Curl_cyassl_data_pending(const struct connectdata* conn,
int connindex)
{
@@ -1004,7 +1010,7 @@ const struct Curl_ssl Curl_ssl_cyassl = {
sizeof(struct ssl_backend_data),
Curl_cyassl_init, /* init */
- Curl_none_cleanup, /* cleanup */
+ Curl_cyassl_cleanup, /* cleanup */
Curl_cyassl_version, /* version */
Curl_none_check_cxn, /* check_cxn */
Curl_cyassl_shutdown, /* shutdown */
--
1.8.3.1

38
zsh.pl-escape-character.patch
View File

@ -1,38 +0,0 @@
From b3cc8017b7364f588365be2b2629c49c142efdb7 Mon Sep 17 00:00:00 2001
From: Alessandro Ghedini <alessandro@ghedini.me>
Date: Tue, 5 Feb 2019 21:06:26 +0000
Subject: [PATCH 492/557] zsh.pl: escape ':' character
':' is interpreted as separator by zsh, so if used as part of the argument
or option's description it needs to be escaped.
The problem can be reproduced as follows:
% curl --reso<TAB>
% curl -E <TAB>
Bug: https://bugs.debian.org/921452
---
scripts/zsh.pl | 3 +++
1 file changed, 3 insertions(+)
diff --git a/scripts/zsh.pl b/scripts/zsh.pl
index 941b322..0f9cbec 100755
--- a/scripts/zsh.pl
+++ b/scripts/zsh.pl
@@ -45,9 +45,12 @@ sub parse_main_opts {
my $option = '';
+ $arg =~ s/\:/\\\:/g if defined $arg;
+
$desc =~ s/'/'\\''/g if defined $desc;
$desc =~ s/\[/\\\[/g if defined $desc;
$desc =~ s/\]/\\\]/g if defined $desc;
+ $desc =~ s/\:/\\\:/g if defined $desc;
$option .= '{' . trim($short) . ',' if defined $short;
$option .= trim($long) if defined $long;
--
1.8.3.1