packages/curl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!220 update to curl 8.1.2

Browse Source 
From: @eaglegai 
Reviewed-by: @kircher 
Signed-off-by: @kircher
This commit is contained in:
openeuler-ci-bot 2023-07-17 07:41:14 +00:00 committed by Gitee
commit 59b0169f42
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
17 changed files with 37 additions and 1404 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
backport-0001-CVE-2023-28320.patch
View File

@ -1,82 +0,0 @@
From 13718030ad4b3209a7583b4f27f683cd3a6fa5f2 Mon Sep 17 00:00:00 2001
From: Harry Sintonen <sintonen@iki.fi>
Date: Tue, 25 Apr 2023 09:22:26 +0200
Subject: [PATCH] hostip: add locks around use of global buffer for alarm()
When building with the sync name resolver and timeout ability we now
require thread-safety to be present to enable it.
Closes #11030
Conflict:NA
Reference:https://github.com/curl/curl/commit/13718030ad4b3209a7583b
---
lib/hostip.c | 19 +++++++++++++++----
1 file changed, 15 insertions(+), 4 deletions(-)
diff --git a/lib/hostip.c b/lib/hostip.c
index 2381290fdd43e..e410cda69ae6e 100644
--- a/lib/hostip.c
+++ b/lib/hostip.c
@@ -70,12 +70,19 @@
#include <SystemConfiguration/SCDynamicStoreCopySpecific.h>
#endif
-#if defined(CURLRES_SYNCH) && \
- defined(HAVE_ALARM) && defined(SIGALRM) && defined(HAVE_SIGSETJMP)
+#if defined(CURLRES_SYNCH) && \
+ defined(HAVE_ALARM) && \
+ defined(SIGALRM) && \
+ defined(HAVE_SIGSETJMP) && \
+ defined(GLOBAL_INIT_IS_THREADSAFE)
/* alarm-based timeouts can only be used with all the dependencies satisfied */
#define USE_ALARM_TIMEOUT
#endif
+#ifdef USE_ALARM_TIMEOUT
+#include "easy_lock.h"
+#endif
+
#define MAX_HOSTCACHE_LEN (255 + 7) /* max FQDN + colon + port number + zero */
/*
@@ -254,11 +261,12 @@ void Curl_hostcache_prune(struct Curl_easy *data)
Curl_share_unlock(data, CURL_LOCK_DATA_DNS);
}
-#ifdef HAVE_SIGSETJMP
+#ifdef USE_ALARM_TIMEOUT
/* Beware this is a global and unique instance. This is used to store the
return address that we can jump back to from inside a signal handler. This
is not thread-safe stuff. */
sigjmp_buf curl_jmpenv;
+curl_simple_lock curl_jmpenv_lock;
#endif
/* lookup address, returns entry if found and not stale */
@@ -832,7 +840,6 @@ enum resolve_t Curl_resolv(struct Curl_easy *data,
static
void alarmfunc(int sig)
{
- /* this is for "-ansi -Wall -pedantic" to stop complaining! (rabe) */
(void)sig;
siglongjmp(curl_jmpenv, 1);
}
@@ -912,6 +919,8 @@ enum resolve_t Curl_resolv_timeout(struct Curl_easy *data,
This should be the last thing we do before calling Curl_resolv(),
as otherwise we'd have to worry about variables that get modified
before we invoke Curl_resolv() (and thus use "volatile"). */
+ curl_simple_lock_lock(&curl_jmpenv_lock);
+
if(sigsetjmp(curl_jmpenv, 1)) {
/* this is coming from a siglongjmp() after an alarm signal */
failf(data, "name lookup timed out");
@@ -980,6 +989,8 @@ enum resolve_t Curl_resolv_timeout(struct Curl_easy *data,
#endif
#endif /* HAVE_SIGACTION */
+ curl_simple_lock_unlock(&curl_jmpenv_lock);
+
/* switch back the alarm() to either zero or to what it was before minus
the time we spent until now! */
if(prev_alarm) {

79
backport-0002-CVE-2023-28320.patch
View File

@ -1,79 +0,0 @@
From f446258f0269a62289cca0210157cb8558d0edc3 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 16 May 2023 23:40:42 +0200
Subject: [PATCH 1/1] hostip: include easy_lock.h before using
GLOBAL_INIT_IS_THREADSAFE
Since that header file is the only place that define can be defined.
Reported-by: Marc Deslauriers
Follow-up to 13718030ad4b3209
Closes #11121
Conflict:context adapt
Reference:https://github.com/curl/curl/commit/f446258f0269a62289cca0210157cb8558d0edc3
---
lib/hostip.c | 10 ++++------
lib/hostip.h | 9 ---------
2 files changed, 4 insertions(+), 15 deletions(-)
diff --git a/lib/hostip.c b/lib/hostip.c
index 615f36c16..4ff348436 100644
--- a/lib/hostip.c
+++ b/lib/hostip.c
@@ -70,6 +70,8 @@
#include <SystemConfiguration/SCDynamicStoreCopySpecific.h>
#endif
+#include "easy_lock.h"
+
#if defined(CURLRES_SYNCH) && \
defined(HAVE_ALARM) && \
defined(SIGALRM) && \
@@ -79,10 +81,6 @@
#define USE_ALARM_TIMEOUT
#endif
-#ifdef USE_ALARM_TIMEOUT
-#include "easy_lock.h"
-#endif
-
#define MAX_HOSTCACHE_LEN (255 + 7) /* max FQDN + colon + port number + zero */
/*
@@ -289,8 +287,8 @@ void Curl_hostcache_prune(struct Curl_easy *data)
/* Beware this is a global and unique instance. This is used to store the
return address that we can jump back to from inside a signal handler. This
is not thread-safe stuff. */
-sigjmp_buf curl_jmpenv;
-curl_simple_lock curl_jmpenv_lock;
+static sigjmp_buf curl_jmpenv;
+static curl_simple_lock curl_jmpenv_lock;
#endif
/* lookup address, returns entry if found and not stale */
diff --git a/lib/hostip.h b/lib/hostip.h
index 4b5481f65..0dd19e87c 100644
--- a/lib/hostip.h
+++ b/lib/hostip.h
@@ -186,15 +186,6 @@ Curl_cache_addr(struct Curl_easy *data, struct Curl_addrinfo *addr,
#define CURL_INADDR_NONE INADDR_NONE
#endif
-#ifdef HAVE_SIGSETJMP
-/* Forward-declaration of variable defined in hostip.c. Beware this
- * is a global and unique instance. This is used to store the return
- * address that we can jump back to from inside a signal handler.
- * This is not thread-safe stuff.
- */
-extern sigjmp_buf curl_jmpenv;
-#endif
-
/*
* Function provided by the resolver backend to set DNS servers to use.
*/
--
2.33.0

20
backport-0101-curl-7.32.0-multilib.patch
View File

@ -4,16 +4,16 @@ Date: Fri, 12 Apr 2013 12:04:05 +0200
Subject: [PATCH] prevent multilib conflicts on the curl-config script
---
curl-config.in | 21 +++------------------
docs/curl-config.1 | 4 +++-
libcurl.pc.in | 1 +
3 files changed, 7 insertions(+), 19 deletions(-)
curl-config.in | 23 +++++------------------
docs/curl-config.1 | 4 +++-
libcurl.pc.in | 1 +
3 files changed, 9 insertions(+), 19 deletions(-)
diff --git a/curl-config.in b/curl-config.in
index 150004d..95d0759 100644
--- a/curl-config.in
+++ b/curl-config.in
@@ -76,7 +76,7 @@ while test $# -gt 0; do
@@ -78,7 +78,7 @@ while test $# -gt 0; do
;;
--cc)
@ -22,7 +22,7 @@ index 150004d..95d0759 100644
;;
--prefix)
@@ -155,32 +155,17 @@ while test $# -gt 0; do
@@ -157,32 +157,19 @@ while test $# -gt 0; do
;;
--libs)
@ -49,6 +49,8 @@ index 150004d..95d0759 100644
- echo "curl was built with static libraries disabled" >&2
- exit 1
- fi
+ echo "curl was built with static libraries disabled" >&2
+ exit 1
;;
--configure)
@ -61,7 +63,7 @@ diff --git a/docs/curl-config.1 b/docs/curl-config.1
index 14a9d2b..ffcc004 100644
--- a/docs/curl-config.1
+++ b/docs/curl-config.1
@@ -70,7 +70,9 @@ no, one or several names. If more than one name, they will appear
@@ -72,7 +72,9 @@ no, one or several names. If more than one name, they will appear
comma-separated. (Added in 7.58.0)
.IP "--static-libs"
Shows the complete set of libs and other linker options you will need in order
@ -76,7 +78,7 @@ diff --git a/libcurl.pc.in b/libcurl.pc.in
index 2ba9c39..f8f8b00 100644
--- a/libcurl.pc.in
+++ b/libcurl.pc.in
@@ -29,6 +29,7 @@ libdir=@libdir@
@@ -31,6 +31,7 @@ libdir=@libdir@
includedir=@includedir@
supported_protocols="@SUPPORT_PROTOCOLS@"
supported_features="@SUPPORT_FEATURES@"
@ -85,5 +87,5 @@ index 2ba9c39..f8f8b00 100644
Name: libcurl
URL: https://curl.se/
--
2.5.0
2.26.2

52
backport-CVE-2023-27533.patch
View File

@ -1,52 +0,0 @@
From 538b1e79a6e7b0bb829ab4cecc828d32105d0684 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 6 Mar 2023 12:07:33 +0100
Subject: [PATCH] telnet: only accept option arguments in ascii
To avoid embedded telnet negotiation commands etc.
Reported-by: Harry Sintonen
Closes #10728
---
lib/telnet.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
--- a/lib/telnet.c
+++ b/lib/telnet.c
@@ -770,6 +770,17 @@ static void printsub(struct Curl_easy *d
}
}
+static bool str_is_nonascii(const char *str)
+{
+ size_t len = strlen(str);
+ while(len--) {
+ if(*str & 0x80)
+ return TRUE;
+ str++;
+ }
+ return FALSE;
+}
+
static CURLcode check_telnet_options(struct Curl_easy *data)
{
struct curl_slist *head;
@@ -784,6 +795,8 @@ static CURLcode check_telnet_options(str
/* Add the user name as an environment variable if it
was given on the command line */
if(data->state.aptr.user) {
+ if(str_is_nonascii(data->conn->user))
+ return CURLE_BAD_FUNCTION_ARGUMENT;
msnprintf(option_arg, sizeof(option_arg), "USER,%s", conn->user);
beg = curl_slist_append(tn->telnet_vars, option_arg);
if(!beg) {
@@ -799,6 +812,9 @@ static CURLcode check_telnet_options(str
if(sscanf(head->data, "%127[^= ]%*[ =]%255s",
option_keyword, option_arg) == 2) {
+ if(str_is_nonascii(option_arg))
+ continue;
+
/* Terminal type */
if(strcasecompare(option_keyword, "TTYPE")) {
strncpy(tn->subopt_ttype, option_arg, 31);

120
backport-CVE-2023-27534.patch
View File

@ -1,120 +0,0 @@
From 4e2b52b5f7a3bf50a0f1494155717b02cc1df6d6 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 9 Mar 2023 16:22:11 +0100
Subject: [PATCH] curl_path: create the new path with dynbuf
Closes #10729
---
lib/curl_path.c | 75 +++++++++++++++++++++++--------------------------
1 file changed, 35 insertions(+), 40 deletions(-)
diff --git a/lib/curl_path.c b/lib/curl_path.c
index 2df8687a557ba..977e5336f552c 100644
--- a/lib/curl_path.c
+++ b/lib/curl_path.c
@@ -32,70 +32,65 @@
#include "escape.h"
#include "memdebug.h"
+#define MAX_SSHPATH_LEN 100000 /* arbitrary */
+
/* figure out the path to work with in this particular request */
CURLcode Curl_getworkingpath(struct Curl_easy *data,
char *homedir, /* when SFTP is used */
char **path) /* returns the allocated
real path to work with */
{
- char *real_path = NULL;
char *working_path;
size_t working_path_len;
+ struct dynbuf npath;
CURLcode result =
Curl_urldecode(data->state.up.path, 0, &working_path,
&working_path_len, REJECT_ZERO);
if(result)
return result;
+ /* new path to switch to in case we need to */
+ Curl_dyn_init(&npath, MAX_SSHPATH_LEN);
+
/* Check for /~/, indicating relative to the user's home directory */
- if(data->conn->handler->protocol & CURLPROTO_SCP) {
- real_path = malloc(working_path_len + 1);
- if(!real_path) {
+ if((data->conn->handler->protocol & CURLPROTO_SCP) &&
+ (working_path_len > 3) && (!memcmp(working_path, "/~/", 3))) {
+ /* It is referenced to the home directory, so strip the leading '/~/' */
+ if(Curl_dyn_addn(&npath, &working_path[3], working_path_len - 3)) {
free(working_path);
return CURLE_OUT_OF_MEMORY;
}
- if((working_path_len > 3) && (!memcmp(working_path, "/~/", 3)))
- /* It is referenced to the home directory, so strip the leading '/~/' */
- memcpy(real_path, working_path + 3, working_path_len - 2);
- else
- memcpy(real_path, working_path, 1 + working_path_len);
}
- else if(data->conn->handler->protocol & CURLPROTO_SFTP) {
- if((working_path_len > 1) && (working_path[1] == '~')) {
- size_t homelen = strlen(homedir);
- real_path = malloc(homelen + working_path_len + 1);
- if(!real_path) {
- free(working_path);
- return CURLE_OUT_OF_MEMORY;
- }
- /* It is referenced to the home directory, so strip the
- leading '/' */
- memcpy(real_path, homedir, homelen);
- /* Only add a trailing '/' if homedir does not end with one */
- if(homelen == 0 || real_path[homelen - 1] != '/') {
- real_path[homelen] = '/';
- homelen++;
- real_path[homelen] = '\0';
- }
- if(working_path_len > 3) {
- memcpy(real_path + homelen, working_path + 3,
- 1 + working_path_len -3);
- }
+ else if((data->conn->handler->protocol & CURLPROTO_SFTP) &&
+ (working_path_len > 2) && !memcmp(working_path, "/~/", 3)) {
+ size_t len;
+ const char *p;
+ int copyfrom = 3;
+ if(Curl_dyn_add(&npath, homedir)) {
+ free(working_path);
+ return CURLE_OUT_OF_MEMORY;
}
- else {
- real_path = malloc(working_path_len + 1);
- if(!real_path) {
- free(working_path);
- return CURLE_OUT_OF_MEMORY;
- }
- memcpy(real_path, working_path, 1 + working_path_len);
+ /* Copy a separating '/' if homedir does not end with one */
+ len = Curl_dyn_len(&npath);
+ p = Curl_dyn_ptr(&npath);
+ if(len && (p[len-1] != '/'))
+ copyfrom = 2;
+
+ if(Curl_dyn_addn(&npath,
+ &working_path[copyfrom], working_path_len - copyfrom)) {
+ free(working_path);
+ return CURLE_OUT_OF_MEMORY;
}
}
- free(working_path);
+ if(Curl_dyn_len(&npath)) {
+ free(working_path);
- /* store the pointer for the caller to receive */
- *path = real_path;
+ /* store the pointer for the caller to receive */
+ *path = Curl_dyn_ptr(&npath);
+ }
+ else
+ *path = working_path;
return CURLE_OK;
}

151
backport-CVE-2023-27535.patch
View File

@ -1,151 +0,0 @@
From 8f4608468b890dce2dad9f91d5607ee7e9c1aba1 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 9 Mar 2023 17:47:06 +0100
Subject: [PATCH] ftp: add more conditions for connection reuse
Reported-by: Harry Sintonen
Closes #10730
---
lib/ftp.c | 28 ++++++++++++++++++++++++++--
lib/ftp.h | 5 +++++
lib/setopt.c | 2 +-
lib/url.c | 17 +++++++++++++++--
lib/urldata.h | 4 ++--
5 files changed, 49 insertions(+), 7 deletions(-)
--- a/lib/ftp.c
+++ b/lib/ftp.c
@@ -4052,6 +4052,8 @@ static CURLcode ftp_disconnect(struct Cu
}
freedirs(ftpc);
+ Curl_safefree(ftpc->account);
+ Curl_safefree(ftpc->alternative_to_user);
Curl_safefree(ftpc->prevpath);
Curl_safefree(ftpc->server_os);
Curl_pp_disconnect(pp);
@@ -4321,11 +4323,31 @@ static CURLcode ftp_setup_connection(str
char *type;
struct FTP *ftp;
CURLcode result = CURLE_OK;
+ struct ftp_conn *ftpc = &conn->proto.ftpc;
- data->req.p.ftp = ftp = calloc(sizeof(struct FTP), 1);
+ ftp = calloc(sizeof(struct FTP), 1);
if(!ftp)
return CURLE_OUT_OF_MEMORY;
+ /* clone connection related data that is FTP specific */
+ if(data->set.str[STRING_FTP_ACCOUNT]) {
+ ftpc->account = strdup(data->set.str[STRING_FTP_ACCOUNT]);
+ if(!ftpc->account) {
+ free(ftp);
+ return CURLE_OUT_OF_MEMORY;
+ }
+ }
+ if(data->set.str[STRING_FTP_ALTERNATIVE_TO_USER]) {
+ ftpc->alternative_to_user =
+ strdup(data->set.str[STRING_FTP_ALTERNATIVE_TO_USER]);
+ if(!ftpc->alternative_to_user) {
+ Curl_safefree(ftpc->account);
+ free(ftp);
+ return CURLE_OUT_OF_MEMORY;
+ }
+ }
+ data->req.p.ftp = ftp;
+
ftp->path = &data->state.up.path[1]; /* don't include the initial slash */
/* FTP URLs support an extension like ";type=<typecode>" that
@@ -4360,7 +4382,9 @@ static CURLcode ftp_setup_connection(str
/* get some initial data into the ftp struct */
ftp->transfer = PPTRANSFER_BODY;
ftp->downloadsize = 0;
- conn->proto.ftpc.known_filesize = -1; /* unknown size for now */
+ ftpc->known_filesize = -1; /* unknown size for now */
+ ftpc->use_ssl = data->set.use_ssl;
+ ftpc->ccc = data->set.ftp_ccc;
return result;
}
--- a/lib/ftp.h
+++ b/lib/ftp.h
@@ -120,6 +120,8 @@ struct FTP {
struct */
struct ftp_conn {
struct pingpong pp;
+ char *account;
+ char *alternative_to_user;
char *entrypath; /* the PWD reply when we logged on */
char *file; /* url-decoded file name (or path) */
char **dirs; /* realloc()ed array for path components */
@@ -143,6 +145,9 @@ struct ftp_conn {
ftpstate state; /* always use ftp.c:state() to change state! */
ftpstate state_saved; /* transfer type saved to be reloaded after data
connection is established */
+ unsigned char use_ssl; /* if AUTH TLS is to be attempted etc, for FTP or
+ IMAP or POP3 or others! (type: curl_usessl)*/
+ unsigned char ccc; /* ccc level for this connection */
BIT(ftp_trying_alternative);
BIT(dont_check); /* Set to TRUE to prevent the final (post-transfer)
file size and 226/250 status check. It should still
--- a/lib/setopt.c
+++ b/lib/setopt.c
@@ -2369,7 +2369,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *
arg = va_arg(param, long);
if((arg < CURLUSESSL_NONE) || (arg >= CURLUSESSL_LAST))
return CURLE_BAD_FUNCTION_ARGUMENT;
- data->set.use_ssl = (curl_usessl)arg;
+ data->set.use_ssl = (unsigned char)arg;
break;
case CURLOPT_SSL_OPTIONS:
--- a/lib/url.c
+++ b/lib/url.c
@@ -1299,11 +1299,24 @@ ConnectionExists(struct Curl_easy *data,
|| ((check->httpversion >= 30) &&
(data->state.httpwant < CURL_HTTP_VERSION_3))))
continue;
-
- if(get_protocol_family(needle->handler) & PROTO_FAMILY_SSH) {
+#ifdef USE_SSH
+ else if(get_protocol_family(needle->handler) & PROTO_FAMILY_SSH) {
if(!ssh_config_matches(needle, check))
continue;
}
+#endif
+#ifndef CURL_DISABLE_FTP
+ else if(get_protocol_family(needle->handler) & PROTO_FAMILY_FTP) {
+ /* Also match ACCOUNT, ALTERNATIVE-TO-USER, USE_SSL and CCC options */
+ if(Curl_timestrcmp(needle->proto.ftpc.account,
+ check->proto.ftpc.account) ||
+ Curl_timestrcmp(needle->proto.ftpc.alternative_to_user,
+ check->proto.ftpc.alternative_to_user) ||
+ (needle->proto.ftpc.use_ssl != check->proto.ftpc.use_ssl) ||
+ (needle->proto.ftpc.ccc != check->proto.ftpc.ccc))
+ continue;
+ }
+#endif
if((needle->handler->flags&PROTOPT_SSL)
#ifndef CURL_DISABLE_PROXY
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -1713,8 +1713,6 @@ struct UserDefined {
#ifndef CURL_DISABLE_NETRC
unsigned char use_netrc; /* enum CURL_NETRC_OPTION values */
#endif
- curl_usessl use_ssl; /* if AUTH TLS is to be attempted etc, for FTP or
- IMAP or POP3 or others! */
unsigned int new_file_perms; /* when creating remote files */
char *str[STRING_LAST]; /* array of strings, pointing to allocated memory */
struct curl_blob *blobs[BLOB_LAST];
@@ -1773,6 +1771,8 @@ struct UserDefined {
BIT(mail_rcpt_allowfails); /* allow RCPT TO command to fail for some
recipients */
#endif
+ unsigned char use_ssl; /* if AUTH TLS is to be attempted etc, for FTP or
+ IMAP or POP3 or others! (type: curl_usessl)*/
unsigned char connect_only; /* make connection/request, then let
application use the socket */
BIT(is_fread_set); /* has read callback been set to non-NULL? */

44
backport-CVE-2023-27536.patch
View File

@ -1,44 +0,0 @@
From cb49e67303dbafbab1cebf4086e3ec15b7d56ee5 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 10 Mar 2023 09:22:43 +0100
Subject: [PATCH] url: only reuse connections with same GSS delegation
Reported-by: Harry Sintonen
Closes #10731
---
lib/url.c | 6 ++++++
lib/urldata.h | 1 +
2 files changed, 7 insertions(+)
--- a/lib/url.c
+++ b/lib/url.c
@@ -1291,6 +1291,11 @@ ConnectionExists(struct Curl_easy *data,
}
}
+ /* GSS delegation differences do not actually affect every connection
+ and auth method, but this check takes precaution before efficiency */
+ if(needle->gssapi_delegation != check->gssapi_delegation)
+ continue;
+
/* If multiplexing isn't enabled on the h2 connection and h1 is
explicitly requested, handle it: */
if((needle->handler->protocol & PROTO_FAMILY_HTTP) &&
@@ -1602,6 +1607,7 @@ static struct connectdata *allocate_conn
conn->fclosesocket = data->set.fclosesocket;
conn->closesocket_client = data->set.closesocket_client;
conn->lastused = Curl_now(); /* used now */
+ conn->gssapi_delegation = data->set.gssapi_delegation;
return conn;
error:
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -1057,6 +1057,7 @@ struct connectdata {
unsigned char ip_version; /* copied from the Curl_easy at creation time */
unsigned char httpversion; /* the HTTP version*10 reported by the server */
unsigned char connect_only;
+ unsigned char gssapi_delegation; /* inherited from set.gssapi_delegation */
};
/* The end of connectdata. */

32
backport-CVE-2023-27537.patch
View File

@ -1,32 +0,0 @@
From dca4cdf071be095bcdc7126eaa77a8946ea4790b Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 9 Mar 2023 18:01:34 +0100
Subject: [PATCH] CURLSHOPT_SHARE.3: HSTS sharing is not thread-safe
Reported-by: Hiroki Kurosawa
Closes #10732
---
docs/libcurl/opts/CURLSHOPT_SHARE.3 | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/docs/libcurl/opts/CURLSHOPT_SHARE.3
+++ b/docs/libcurl/opts/CURLSHOPT_SHARE.3
@@ -57,8 +57,7 @@ implemented until 7.23.0.
Put the connection cache in the share object and make all easy handles using
this share object share the connection cache.
-Note that due to a known bug, it is not safe to share connections this way
-between multiple concurrent threads.
+It is not supported to share connections between multiple concurrent threads.
Connections that are used for HTTP/1.1 Pipelining or HTTP/2 multiplexing only
get additional transfers added to them if the existing connection is held by
@@ -82,6 +81,8 @@ multi handle will share PSL cache by def
.IP CURL_LOCK_DATA_HSTS
The in-memory HSTS cache.
+It is not supported to share the HSTS between multiple concurrent threads.
+
Added in 7.88.0
.SH PROTOCOLS
All

22
backport-CVE-2023-27538.patch
View File

@ -1,22 +0,0 @@
From af369db4d3833272b8ed443f7fcc2e757a0872eb Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 10 Mar 2023 08:22:51 +0100
Subject: [PATCH] url: fix the SSH connection reuse check
Reported-by: Harry Sintonen
Closes #10735
---
lib/url.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/lib/url.c
+++ b/lib/url.c
@@ -1300,7 +1300,7 @@ ConnectionExists(struct Curl_easy *data,
(data->state.httpwant < CURL_HTTP_VERSION_3))))
continue;
- if(get_protocol_family(needle->handler) == PROTO_FAMILY_SSH) {
+ if(get_protocol_family(needle->handler) & PROTO_FAMILY_SSH) {
if(!ssh_config_matches(needle, check))
continue;
}

297
backport-CVE-2023-28321.patch
View File

@ -1,297 +0,0 @@
From 199f2d440d8659b42670c1b796220792b01a97bf Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 24 Apr 2023 21:07:02 +0200
Subject: [PATCH] hostcheck: fix host name wildcard checking
The leftmost "label" of the host name can now only match against single
'*'. Like the browsers have worked for a long time.
- extended unit test 1397 for this
- move some SOURCE variables from unit/Makefile.am to unit/Makefile.inc
Reported-by: Hiroki Kurosawa
Closes #11018
---
lib/vtls/hostcheck.c | 50 +++++++--------
tests/data/test1397 | 10 ++-
tests/unit/Makefile.am | 94 ----------------------------
tests/unit/Makefile.inc | 94 ++++++++++++++++++++++++++++
tests/unit/unit1397.c | 134 ++++++++++++++++++++++++----------------
5 files changed, 202 insertions(+), 180 deletions(-)
diff --git a/lib/vtls/hostcheck.c b/lib/vtls/hostcheck.c
index e827dc5..d061c63 100644
--- a/lib/vtls/hostcheck.c
+++ b/lib/vtls/hostcheck.c
@@ -71,7 +71,12 @@ static bool pmatch(const char *hostname, size_t hostlen,
* apparent distinction between a name and an IP. We need to detect the use of
* an IP address and not wildcard match on such names.
*
+ * Only match on "*" being used for the leftmost label, not "a*", "a*b" nor
+ * "*b".
+ *
* Return TRUE on a match. FALSE if not.
+ *
+ * @unittest: 1397
*/
static bool hostmatch(const char *hostname,
@@ -79,53 +84,42 @@ static bool hostmatch(const char *hostname,
const char *pattern,
size_t patternlen)
{
- const char *pattern_label_end, *wildcard, *hostname_label_end;
- size_t prefixlen, suffixlen;
+ const char *pattern_label_end;
- /* normalize pattern and hostname by stripping off trailing dots */
+ DEBUGASSERT(pattern);
DEBUGASSERT(patternlen);
+ DEBUGASSERT(hostname);
+ DEBUGASSERT(hostlen);
+
+ /* normalize pattern and hostname by stripping off trailing dots */
if(hostname[hostlen-1]=='.')
hostlen--;
if(pattern[patternlen-1]=='.')
patternlen--;
- wildcard = memchr(pattern, '*', patternlen);
- if(!wildcard)
+ if(strncmp(pattern, "*.", 2))
return pmatch(hostname, hostlen, pattern, patternlen);
/* detect IP address as hostname and fail the match if so */
- if(Curl_host_is_ipnum(hostname))
+ else if(Curl_host_is_ipnum(hostname))
return FALSE;
/* We require at least 2 dots in the pattern to avoid too wide wildcard
match. */
pattern_label_end = memchr(pattern, '.', patternlen);
if(!pattern_label_end ||
- (memrchr(pattern, '.', patternlen) == pattern_label_end) ||
- strncasecompare(pattern, "xn--", 4))
+ (memrchr(pattern, '.', patternlen) == pattern_label_end))
return pmatch(hostname, hostlen, pattern, patternlen);
-
- hostname_label_end = memchr(hostname, '.', hostlen);
- if(!hostname_label_end)
- return FALSE;
else {
- size_t skiphost = hostname_label_end - hostname;
- size_t skiplen = pattern_label_end - pattern;
- if(!pmatch(hostname_label_end, hostlen - skiphost,
- pattern_label_end, patternlen - skiplen))
- return FALSE;
+ const char *hostname_label_end = memchr(hostname, '.', hostlen);
+ if(hostname_label_end) {
+ size_t skiphost = hostname_label_end - hostname;
+ size_t skiplen = pattern_label_end - pattern;
+ return pmatch(hostname_label_end, hostlen - skiphost,
+ pattern_label_end, patternlen - skiplen);
+ }
}
- /* The wildcard must match at least one character, so the left-most
- label of the hostname is at least as large as the left-most label
- of the pattern. */
- if(hostname_label_end - hostname < pattern_label_end - pattern)
- return FALSE;
-
- prefixlen = wildcard - pattern;
- suffixlen = pattern_label_end - (wildcard + 1);
- return strncasecompare(pattern, hostname, prefixlen) &&
- strncasecompare(wildcard + 1, hostname_label_end - suffixlen,
- suffixlen) ? TRUE : FALSE;
+ return FALSE;
}
/*
diff --git a/tests/data/test1397 b/tests/data/test1397
index 84f962a..f31b2c2 100644
--- a/tests/data/test1397
+++ b/tests/data/test1397
@@ -2,8 +2,7 @@
<info>
<keywords>
unittest
-ssl
-wildcard
+Curl_cert_hostcheck
</keywords>
</info>
@@ -16,9 +15,8 @@ none
<features>
unittest
</features>
- <name>
-Check wildcard certificate matching function Curl_cert_hostcheck
- </name>
+<name>
+Curl_cert_hostcheck unit tests
+</name>
</client>
-
</testcase>
diff --git a/tests/unit/unit1397.c b/tests/unit/unit1397.c
index 2f3d3aa..3ae7561 100644
--- a/tests/unit/unit1397.c
+++ b/tests/unit/unit1397.c
@@ -23,7 +23,6 @@
***************************************************************************/
#include "curlcheck.h"
-#include "vtls/hostcheck.h" /* from the lib dir */
static CURLcode unit_setup(void)
{
@@ -32,63 +31,94 @@ static CURLcode unit_setup(void)
static void unit_stop(void)
{
- /* done before shutting down and exiting */
}
-UNITTEST_START
-
/* only these backends define the tested functions */
-#if defined(USE_OPENSSL) || defined(USE_GSKIT)
-
- /* here you start doing things and checking that the results are good */
+#if defined(USE_OPENSSL) || defined(USE_GSKIT) || defined(USE_SCHANNEL)
+#include "vtls/hostcheck.h"
+struct testcase {
+ const char *host;
+ const char *pattern;
+ bool match;
+};
-fail_unless(Curl_cert_hostcheck(STRCONST("www.example.com"),
- STRCONST("www.example.com")), "good 1");
-fail_unless(Curl_cert_hostcheck(STRCONST("*.example.com"),
- STRCONST("www.example.com")),
- "good 2");
-fail_unless(Curl_cert_hostcheck(STRCONST("xxx*.example.com"),
- STRCONST("xxxwww.example.com")), "good 3");
-fail_unless(Curl_cert_hostcheck(STRCONST("f*.example.com"),
- STRCONST("foo.example.com")), "good 4");
-fail_unless(Curl_cert_hostcheck(STRCONST("192.168.0.0"),
- STRCONST("192.168.0.0")), "good 5");
+static struct testcase tests[] = {
+ {"", "", FALSE},
+ {"a", "", FALSE},
+ {"", "b", FALSE},
+ {"a", "b", FALSE},
+ {"aa", "bb", FALSE},
+ {"\xff", "\xff", TRUE},
+ {"aa.aa.aa", "aa.aa.bb", FALSE},
+ {"aa.aa.aa", "aa.aa.aa", TRUE},
+ {"aa.aa.aa", "*.aa.bb", FALSE},
+ {"aa.aa.aa", "*.aa.aa", TRUE},
+ {"192.168.0.1", "192.168.0.1", TRUE},
+ {"192.168.0.1", "*.168.0.1", FALSE},
+ {"192.168.0.1", "*.0.1", FALSE},
+ {"h.ello", "*.ello", FALSE},
+ {"h.ello.", "*.ello", FALSE},
+ {"h.ello", "*.ello.", FALSE},
+ {"h.e.llo", "*.e.llo", TRUE},
+ {"h.e.llo", " *.e.llo", FALSE},
+ {" h.e.llo", "*.e.llo", TRUE},
+ {"h.e.llo.", "*.e.llo", TRUE},
+ {"*.e.llo.", "*.e.llo", TRUE},
+ {"************.e.llo.", "*.e.llo", TRUE},
+ {"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
+ "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB"
+ "CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC"
+ "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD"
+ "EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE"
+ ".e.llo.", "*.e.llo", TRUE},
+ {"\xfe\xfe.e.llo.", "*.e.llo", TRUE},
+ {"h.e.llo.", "*.e.llo.", TRUE},
+ {"h.e.llo", "*.e.llo.", TRUE},
+ {".h.e.llo", "*.e.llo.", FALSE},
+ {"h.e.llo", "*.*.llo.", FALSE},
+ {"h.e.llo", "h.*.llo", FALSE},
+ {"h.e.llo", "h.e.*", FALSE},
+ {"hello", "*.ello", FALSE},
+ {"hello", "**llo", FALSE},
+ {"bar.foo.example.com", "*.example.com", FALSE},
+ {"foo.example.com", "*.example.com", TRUE},
+ {"baz.example.net", "b*z.example.net", FALSE},
+ {"foobaz.example.net", "*baz.example.net", FALSE},
+ {"xn--l8j.example.local", "x*.example.local", FALSE},
+ {"xn--l8j.example.net", "*.example.net", TRUE},
+ {"xn--l8j.example.net", "*j.example.net", FALSE},
+ {"xn--l8j.example.net", "xn--l8j.example.net", TRUE},
+ {"xn--l8j.example.net", "xn--l8j.*.net", FALSE},
+ {"xl8j.example.net", "*.example.net", TRUE},
+ {"fe80::3285:a9ff:fe46:b619", "*::3285:a9ff:fe46:b619", FALSE},
+ {"fe80::3285:a9ff:fe46:b619", "fe80::3285:a9ff:fe46:b619", TRUE},
+ {NULL, NULL, FALSE}
+};
-fail_if(Curl_cert_hostcheck(STRCONST("xxx.example.com"),
- STRCONST("www.example.com")), "bad 1");
-fail_if(Curl_cert_hostcheck(STRCONST("*"),
- STRCONST("www.example.com")),"bad 2");
-fail_if(Curl_cert_hostcheck(STRCONST("*.*.com"),
- STRCONST("www.example.com")), "bad 3");
-fail_if(Curl_cert_hostcheck(STRCONST("*.example.com"),
- STRCONST("baa.foo.example.com")), "bad 4");
-fail_if(Curl_cert_hostcheck(STRCONST("f*.example.com"),
- STRCONST("baa.example.com")), "bad 5");
-fail_if(Curl_cert_hostcheck(STRCONST("*.com"),
- STRCONST("example.com")), "bad 6");
-fail_if(Curl_cert_hostcheck(STRCONST("*fail.com"),
- STRCONST("example.com")), "bad 7");
-fail_if(Curl_cert_hostcheck(STRCONST("*.example."),
- STRCONST("www.example.")), "bad 8");
-fail_if(Curl_cert_hostcheck(STRCONST("*.example."),
- STRCONST("www.example")), "bad 9");
-fail_if(Curl_cert_hostcheck(STRCONST(""), STRCONST("www")), "bad 10");
-fail_if(Curl_cert_hostcheck(STRCONST("*"), STRCONST("www")), "bad 11");
-fail_if(Curl_cert_hostcheck(STRCONST("*.168.0.0"),
- STRCONST("192.168.0.0")), "bad 12");
-fail_if(Curl_cert_hostcheck(STRCONST("www.example.com"),
- STRCONST("192.168.0.0")), "bad 13");
-
-#ifdef ENABLE_IPV6
-fail_if(Curl_cert_hostcheck(STRCONST("*::3285:a9ff:fe46:b619"),
- STRCONST("fe80::3285:a9ff:fe46:b619")), "bad 14");
-fail_unless(Curl_cert_hostcheck(STRCONST("fe80::3285:a9ff:fe46:b619"),
- STRCONST("fe80::3285:a9ff:fe46:b619")),
- "good 6");
-#endif
+UNITTEST_START
+{
+ int i;
+ for(i = 0; tests[i].host; i++) {
+ if(tests[i].match != Curl_cert_hostcheck(tests[i].pattern,
+ strlen(tests[i].pattern),
+ tests[i].host,
+ strlen(tests[i].host))) {
+ fprintf(stderr,
+ "HOST: %s\n"
+ "PTRN: %s\n"
+ "did %sMATCH\n",
+ tests[i].host,
+ tests[i].pattern,
+ tests[i].match ? "NOT ": "");
+ unitfail++;
+ }
+ }
+}
-#endif
+UNITTEST_STOP
+#else
- /* you end the test code like this: */
+UNITTEST_START
UNITTEST_STOP
+#endif
--
2.33.0

434
backport-CVE-2023-28322.patch
View File

@ -1,434 +0,0 @@
From 7815647d6582c0a4900be2e1de6c5e61272c496b Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 25 Apr 2023 08:28:01 +0200
Subject: [PATCH] lib: unify the upload/method handling
By making sure we set state.upload based on the set.method value and not
independently as set.upload, we reduce confusion and mixup risks, both
internally and externally.
Closes #11017
---
lib/curl_rtmp.c | 4 ++--
lib/file.c | 4 ++--
lib/ftp.c | 8 ++++----
lib/http.c | 4 ++--
lib/imap.c | 6 +++---
lib/rtsp.c | 4 ++--
lib/setopt.c | 6 ++----
lib/smb.c | 6 +++---
lib/smtp.c | 4 ++--
lib/tftp.c | 8 ++++----
lib/transfer.c | 4 ++--
lib/urldata.h | 2 +-
lib/vssh/libssh.c | 6 +++---
lib/vssh/libssh2.c | 6 +++---
lib/vssh/wolfssh.c | 2 +-
15 files changed, 36 insertions(+), 38 deletions(-)
diff --git a/lib/curl_rtmp.c b/lib/curl_rtmp.c
index 2679a2c..406fb42 100644
--- a/lib/curl_rtmp.c
+++ b/lib/curl_rtmp.c
@@ -231,7 +231,7 @@ static CURLcode rtmp_connect(struct Curl_easy *data, bool *done)
/* We have to know if it's a write before we send the
* connect request packet
*/
- if(data->set.upload)
+ if(data->state.upload)
r->Link.protocol |= RTMP_FEATURE_WRITE;
/* For plain streams, use the buffer toggle trick to keep data flowing */
@@ -263,7 +263,7 @@ static CURLcode rtmp_do(struct Curl_easy *data, bool *done)
if(!RTMP_ConnectStream(r, 0))
return CURLE_FAILED_INIT;
- if(data->set.upload) {
+ if(data->state.upload) {
Curl_pgrsSetUploadSize(data, data->state.infilesize);
Curl_setup_transfer(data, -1, -1, FALSE, FIRSTSOCKET);
}
diff --git a/lib/file.c b/lib/file.c
index 51c5d07..c751e88 100644
--- a/lib/file.c
+++ b/lib/file.c
@@ -240,7 +240,7 @@ static CURLcode file_connect(struct Curl_easy *data, bool *done)
file->freepath = real_path; /* free this when done */
file->fd = fd;
- if(!data->set.upload && (fd == -1)) {
+ if(!data->state.upload && (fd == -1)) {
failf(data, "Couldn't open file %s", data->state.up.path);
file_done(data, CURLE_FILE_COULDNT_READ_FILE, FALSE);
return CURLE_FILE_COULDNT_READ_FILE;
@@ -422,7 +422,7 @@ static CURLcode file_do(struct Curl_easy *data, bool *done)
Curl_pgrsStartNow(data);
- if(data->set.upload)
+ if(data->state.upload)
return file_upload(data);
file = data->req.p.file;
diff --git a/lib/ftp.c b/lib/ftp.c
index 601f603..6e8be09 100644
--- a/lib/ftp.c
+++ b/lib/ftp.c
@@ -1344,7 +1344,7 @@ static CURLcode ftp_state_prepare_transfer(struct Curl_easy *data)
data->set.str[STRING_CUSTOMREQUEST]?
data->set.str[STRING_CUSTOMREQUEST]:
(data->state.list_only?"NLST":"LIST"));
- else if(data->set.upload)
+ else if(data->state.upload)
result = Curl_pp_sendf(data, &ftpc->pp, "PRET STOR %s",
conn->proto.ftpc.file);
else
@@ -3346,7 +3346,7 @@ static CURLcode ftp_done(struct Curl_easy *data, CURLcode status,
/* the response code from the transfer showed an error already so no
use checking further */
;
- else if(data->set.upload) {
+ else if(data->state.upload) {
if((-1 != data->state.infilesize) &&
(data->state.infilesize != data->req.writebytecount) &&
!data->set.crlf &&
@@ -3602,7 +3602,7 @@ static CURLcode ftp_do_more(struct Curl_easy *data, int *completep)
connected back to us */
}
}
- else if(data->set.upload) {
+ else if(data->state.upload) {
result = ftp_nb_type(data, conn, data->state.prefer_ascii,
FTP_STOR_TYPE);
if(result)
@@ -4191,7 +4191,7 @@ CURLcode ftp_parse_url_path(struct Curl_easy *data)
ftpc->file = NULL; /* instead of point to a zero byte,
we make it a NULL pointer */
- if(data->set.upload && !ftpc->file && (ftp->transfer == PPTRANSFER_BODY)) {
+ if(data->state.upload && !ftpc->file && (ftp->transfer == PPTRANSFER_BODY)) {
/* We need a file name when uploading. Return error! */
failf(data, "Uploading to a URL without a file name");
free(rawPath);
diff --git a/lib/http.c b/lib/http.c
index cb585e7..b9a441e 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -1962,7 +1962,7 @@ void Curl_http_method(struct Curl_easy *data, struct connectdata *conn,
Curl_HttpReq httpreq = (Curl_HttpReq)data->state.httpreq;
const char *request;
if((conn->handler->protocol&(PROTO_FAMILY_HTTP|CURLPROTO_FTP)) &&
- data->set.upload)
+ data->state.upload)
httpreq = HTTPREQ_PUT;
/* Now set the 'request' pointer to the proper request string */
@@ -2279,7 +2279,7 @@ CURLcode Curl_http_body(struct Curl_easy *data, struct connectdata *conn,
if((conn->handler->protocol & PROTO_FAMILY_HTTP) &&
(((httpreq == HTTPREQ_POST_MIME || httpreq == HTTPREQ_POST_FORM) &&
http->postsize < 0) ||
- ((data->set.upload || httpreq == HTTPREQ_POST) &&
+ ((data->state.upload || httpreq == HTTPREQ_POST) &&
data->state.infilesize == -1))) {
if(conn->bits.authneg)
/* don't enable chunked during auth neg */
diff --git a/lib/imap.c b/lib/imap.c
index c2f675d..1952e66 100644
--- a/lib/imap.c
+++ b/lib/imap.c
@@ -1511,11 +1511,11 @@ static CURLcode imap_done(struct Curl_easy *data, CURLcode status,
result = status; /* use the already set error code */
}
else if(!data->set.connect_only && !imap->custom &&
- (imap->uid || imap->mindex || data->set.upload ||
+ (imap->uid || imap->mindex || data->state.upload ||
data->set.mimepost.kind != MIMEKIND_NONE)) {
/* Handle responses after FETCH or APPEND transfer has finished */
- if(!data->set.upload && data->set.mimepost.kind == MIMEKIND_NONE)
+ if(!data->state.upload && data->set.mimepost.kind == MIMEKIND_NONE)
state(data, IMAP_FETCH_FINAL);
else {
/* End the APPEND command first by sending an empty line */
@@ -1581,7 +1581,7 @@ static CURLcode imap_perform(struct Curl_easy *data, bool *connected,
selected = TRUE;
/* Start the first command in the DO phase */
- if(data->set.upload || data->set.mimepost.kind != MIMEKIND_NONE)
+ if(data->state.upload || data->set.mimepost.kind != MIMEKIND_NONE)
/* APPEND can be executed directly */
result = imap_perform_append(data);
else if(imap->custom && (selected || !imap->mailbox))
diff --git a/lib/rtsp.c b/lib/rtsp.c
index 9d27929..9639d93 100644
--- a/lib/rtsp.c
+++ b/lib/rtsp.c
@@ -494,7 +494,7 @@ static CURLcode rtsp_do(struct Curl_easy *data, bool *done)
rtspreq == RTSPREQ_SET_PARAMETER ||
rtspreq == RTSPREQ_GET_PARAMETER) {
- if(data->set.upload) {
+ if(data->state.upload) {
putsize = data->state.infilesize;
data->state.httpreq = HTTPREQ_PUT;
@@ -513,7 +513,7 @@ static CURLcode rtsp_do(struct Curl_easy *data, bool *done)
result =
Curl_dyn_addf(&req_buffer,
"Content-Length: %" CURL_FORMAT_CURL_OFF_T"\r\n",
- (data->set.upload ? putsize : postsize));
+ (data->state.upload ? putsize : postsize));
if(result)
return result;
}
diff --git a/lib/setopt.c b/lib/setopt.c
index eae6a4c..d757220 100644
--- a/lib/setopt.c
+++ b/lib/setopt.c
@@ -329,8 +329,8 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
* We want to sent data to the remote host. If this is HTTP, that equals
* using the PUT request.
*/
- data->set.upload = (0 != va_arg(param, long)) ? TRUE : FALSE;
- if(data->set.upload) {
+ arg = va_arg(param, long);
+ if(arg) {
/* If this is HTTP, PUT is what's needed to "upload" */
data->set.method = HTTPREQ_PUT;
data->set.opt_no_body = FALSE; /* this is implied */
@@ -660,7 +660,6 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
}
else
data->set.method = HTTPREQ_GET;
- data->set.upload = FALSE;
break;
#ifndef CURL_DISABLE_MIME
@@ -884,7 +883,6 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
*/
if(va_arg(param, long)) {
data->set.method = HTTPREQ_GET;
- data->set.upload = FALSE; /* switch off upload */
data->set.opt_no_body = FALSE; /* this is implied */
}
break;
diff --git a/lib/smb.c b/lib/smb.c
index dc0abe7..097874b 100644
--- a/lib/smb.c
+++ b/lib/smb.c
@@ -531,7 +531,7 @@ static CURLcode smb_send_open(struct Curl_easy *data)
byte_count = strlen(req->path);
msg.name_length = smb_swap16((unsigned short)byte_count);
msg.share_access = smb_swap32(SMB_FILE_SHARE_ALL);
- if(data->set.upload) {
+ if(data->state.upload) {
msg.access = smb_swap32(SMB_GENERIC_READ | SMB_GENERIC_WRITE);
msg.create_disposition = smb_swap32(SMB_FILE_OVERWRITE_IF);
}
@@ -763,7 +763,7 @@ static CURLcode smb_request_state(struct Curl_easy *data, bool *done)
void *msg = NULL;
const struct smb_nt_create_response *smb_m;
- if(data->set.upload && (data->state.infilesize < 0)) {
+ if(data->state.upload && (data->state.infilesize < 0)) {
failf(data, "SMB upload needs to know the size up front");
return CURLE_SEND_ERROR;
}
@@ -814,7 +814,7 @@ static CURLcode smb_request_state(struct Curl_easy *data, bool *done)
smb_m = (const struct smb_nt_create_response*) msg;
req->fid = smb_swap16(smb_m->fid);
data->req.offset = 0;
- if(data->set.upload) {
+ if(data->state.upload) {
data->req.size = data->state.infilesize;
Curl_pgrsSetUploadSize(data, data->req.size);
next_state = SMB_UPLOAD;
diff --git a/lib/smtp.c b/lib/smtp.c
index 7a03030..c182cac 100644
--- a/lib/smtp.c
+++ b/lib/smtp.c
@@ -1419,7 +1419,7 @@ static CURLcode smtp_done(struct Curl_easy *data, CURLcode status,
result = status; /* use the already set error code */
}
else if(!data->set.connect_only && data->set.mail_rcpt &&
- (data->set.upload || data->set.mimepost.kind)) {
+ (data->state.upload || data->set.mimepost.kind)) {
/* Calculate the EOB taking into account any terminating CRLF from the
previous line of the email or the CRLF of the DATA command when there
is "no mail data". RFC-5321, sect. 4.1.1.4.
@@ -1511,7 +1511,7 @@ static CURLcode smtp_perform(struct Curl_easy *data, bool *connected,
smtp->eob = 2;
/* Start the first command in the DO phase */
- if((data->set.upload || data->set.mimepost.kind) && data->set.mail_rcpt)
+ if((data->state.upload || data->set.mimepost.kind) && data->set.mail_rcpt)
/* MAIL transfer */
result = smtp_perform_mail(data);
else
diff --git a/lib/tftp.c b/lib/tftp.c
index 164d3c7..8ed1b88 100644
--- a/lib/tftp.c
+++ b/lib/tftp.c
@@ -370,7 +370,7 @@ static CURLcode tftp_parse_option_ack(struct tftp_state_data *state,
/* tsize should be ignored on upload: Who cares about the size of the
remote file? */
- if(!data->set.upload) {
+ if(!data->state.upload) {
if(!tsize) {
failf(data, "invalid tsize -:%s:- value in OACK packet", value);
return CURLE_TFTP_ILLEGAL;
@@ -451,7 +451,7 @@ static CURLcode tftp_send_first(struct tftp_state_data *state,
return result;
}
- if(data->set.upload) {
+ if(data->state.upload) {
/* If we are uploading, send an WRQ */
setpacketevent(&state->spacket, TFTP_EVENT_WRQ);
state->data->req.upload_fromhere =
@@ -486,7 +486,7 @@ static CURLcode tftp_send_first(struct tftp_state_data *state,
if(!data->set.tftp_no_options) {
char buf[64];
/* add tsize option */
- if(data->set.upload && (data->state.infilesize != -1))
+ if(data->state.upload && (data->state.infilesize != -1))
msnprintf(buf, sizeof(buf), "%" CURL_FORMAT_CURL_OFF_T,
data->state.infilesize);
else
@@ -540,7 +540,7 @@ static CURLcode tftp_send_first(struct tftp_state_data *state,
break;
case TFTP_EVENT_OACK:
- if(data->set.upload) {
+ if(data->state.upload) {
result = tftp_connect_for_tx(state, event);
}
else {
diff --git a/lib/transfer.c b/lib/transfer.c
index 69df214..6da96a0 100644
--- a/lib/transfer.c
+++ b/lib/transfer.c
@@ -1287,6 +1287,7 @@ void Curl_init_CONNECT(struct Curl_easy *data)
{
data->state.fread_func = data->set.fread_func_set;
data->state.in = data->set.in_set;
+ data->state.upload = (data->state.httpreq == HTTPREQ_PUT);
}
/*
@@ -1715,7 +1716,6 @@ CURLcode Curl_follow(struct Curl_easy *data,
data->state.httpreq != HTTPREQ_POST_MIME) ||
!(data->set.keep_post & CURL_REDIR_POST_303))) {
data->state.httpreq = HTTPREQ_GET;
- data->set.upload = false;
infof(data, "Switch to %s",
data->req.no_body?"HEAD":"GET");
}
@@ -1753,7 +1753,7 @@ CURLcode Curl_retry_request(struct Curl_easy *data, char **url)
/* if we're talking upload, we can't do the checks below, unless the protocol
is HTTP as when uploading over HTTP we will still get a response */
- if(data->set.upload &&
+ if(data->state.upload &&
!(conn->handler->protocol&(PROTO_FAMILY_HTTP|CURLPROTO_RTSP)))
return CURLE_OK;
diff --git a/lib/urldata.h b/lib/urldata.h
index 6a63947..069ffb2 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -1442,6 +1442,7 @@ struct UrlState {
BIT(rewindbeforesend);/* TRUE when the sending couldn't be stopped even
though it will be discarded. We must call the data
rewind callback before trying to send again. */
+ BIT(upload); /* upload request */
};
/*
@@ -1817,7 +1818,6 @@ struct UserDefined {
BIT(http_auto_referer); /* set "correct" referer when following
location: */
BIT(opt_no_body); /* as set with CURLOPT_NOBODY */
- BIT(upload); /* upload request */
BIT(verbose); /* output verbosity */
BIT(krb); /* Kerberos connection requested */
BIT(reuse_forbid); /* forbidden to be reused, close after use */
diff --git a/lib/vssh/libssh.c b/lib/vssh/libssh.c
index 1115318..19804c2 100644
--- a/lib/vssh/libssh.c
+++ b/lib/vssh/libssh.c
@@ -1210,7 +1210,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block)
}
case SSH_SFTP_TRANS_INIT:
- if(data->set.upload)
+ if(data->state.upload)
state(data, SSH_SFTP_UPLOAD_INIT);
else {
if(protop->path[strlen(protop->path)-1] == '/')
@@ -1823,7 +1823,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block)
/* Functions from the SCP subsystem cannot handle/return SSH_AGAIN */
ssh_set_blocking(sshc->ssh_session, 1);
- if(data->set.upload) {
+ if(data->state.upload) {
if(data->state.infilesize < 0) {
failf(data, "SCP requires a known file size for upload");
sshc->actualcode = CURLE_UPLOAD_FAILED;
@@ -1928,7 +1928,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block)
break;
}
case SSH_SCP_DONE:
- if(data->set.upload)
+ if(data->state.upload)
state(data, SSH_SCP_SEND_EOF);
else
state(data, SSH_SCP_CHANNEL_FREE);
diff --git a/lib/vssh/libssh2.c b/lib/vssh/libssh2.c
index 4703eb5..48ff4de 100644
--- a/lib/vssh/libssh2.c
+++ b/lib/vssh/libssh2.c
@@ -2014,7 +2014,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block)
}
case SSH_SFTP_TRANS_INIT:
- if(data->set.upload)
+ if(data->state.upload)
state(data, SSH_SFTP_UPLOAD_INIT);
else {
if(sshp->path[strlen(sshp->path)-1] == '/')
@@ -2687,7 +2687,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block)
break;
}
- if(data->set.upload) {
+ if(data->state.upload) {
if(data->state.infilesize < 0) {
failf(data, "SCP requires a known file size for upload");
sshc->actualcode = CURLE_UPLOAD_FAILED;
@@ -2827,7 +2827,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block)
break;
case SSH_SCP_DONE:
- if(data->set.upload)
+ if(data->state.upload)
state(data, SSH_SCP_SEND_EOF);
else
state(data, SSH_SCP_CHANNEL_FREE);
diff --git a/lib/vssh/wolfssh.c b/lib/vssh/wolfssh.c
index 17d59ec..2ca91b7 100644
--- a/lib/vssh/wolfssh.c
+++ b/lib/vssh/wolfssh.c
@@ -557,7 +557,7 @@ static CURLcode wssh_statemach_act(struct Curl_easy *data, bool *block)
}
break;
case SSH_SFTP_TRANS_INIT:
- if(data->set.upload)
+ if(data->state.upload)
state(data, SSH_SFTP_UPLOAD_INIT);
else {
if(sftp_scp->path[strlen(sftp_scp->path)-1] == '/')
--
2.33.0

9
backport-curl-7.84.0-test3026.patch
View File

@ -2,7 +2,7 @@ From 279b990727a1fd3e2828fbbd80581777e4200b67 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Mon, 27 Jun 2022 16:50:57 +0200
Subject: [PATCH] test3026: disable valgrind
It fails on x86_64 with:
```
Use --max-threads=INT to specify a larger number of threads
@ -33,13 +33,11 @@ It fails on x86_64 with:
valgrind stack range: [0x1002BAA000 0x1002CA9FFF] top usage: 11728 of 1048576
[...]
```
Conflict: NA
Reference: https://src.fedoraproject.org/rpms/curl/blob/rawhide/f/0102-curl-7.84.0-test3026.patch
---
tests/data/test3026 | 3 +++
tests/libtest/lib3026.c | 4 ++--
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/tests/data/test3026 b/tests/data/test3026
index fb80cc8..01f2ba5 100644
--- a/tests/data/test3026
@ -57,7 +55,7 @@ diff --git a/tests/libtest/lib3026.c b/tests/libtest/lib3026.c
index 43fe335..70cd7a4 100644
--- a/tests/libtest/lib3026.c
+++ b/tests/libtest/lib3026.c
@@ -139,8 +139,8 @@ int test(char *URL)
@@ -147,8 +147,8 @@ int test(char *URL)
results[i] = CURL_LAST; /* initialize with invalid value */
res = pthread_create(&tids[i], NULL, run_thread, &results[i]);
if(res) {
@ -70,3 +68,4 @@ index 43fe335..70cd7a4 100644
goto cleanup;
--
2.37.1

51
backport-curl-7.87.0-test3012.patch
View File

@ -1,51 +0,0 @@
From 0d0a256c8e7f6261d49e1bdd583c04c0e5dfe706 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Wed, 11 Jan 2023 08:53:05 +0100
Subject: [PATCH] test3012: disable valgrind
valgrind reports a call to memcpy() with overlapping blocks by mistake:
```
test 3012...[--output-dir with -J]
../libtool --mode=execute /usr/bin/valgrind --tool=memcheck --quiet --leak-check=yes --suppressions=../../tests/valgrind.supp --num-callers=16 --log-file=log/valgrind3012 ../src/curl --trace-ascii log/trace3012 --trace-time http://127.0.0.1:35981/this/is/the/3012 -OJ --output-dir /root/rpmbuild/BUILD/curl-7.86.0/build-minimal/tests/log >log/stdout3012 2>log/stderr3012
CMD (0): ../libtool --mode=execute /usr/bin/valgrind --tool=memcheck --quiet --leak-check=yes --suppressions=../../tests/valgrind.supp --num-callers=16 --log-file=log/valgrind3012 ../src/curl --trace-ascii log/trace3012 --trace-time http://127.0.0.1:35981/this/is/the/3012 -OJ --output-dir /root/rpmbuild/BUILD/curl-7.86.0/build-minimal/tests/log >log/stdout3012 2>log/stderr3012
valgrind ERROR ==496584== Source and destination overlap in memcpy_chk(0x54ad1a0, 0x54ad1a1, 11)
==496584== at 0x484C332: __memcpy_chk (vg_replace_strmem.c:1741)
==496584== by 0x118FDB: UnknownInlinedFun (string_fortified.h:36)
==496584== by 0x118FDB: UnknownInlinedFun (tool_cb_hdr.c:301)
==496584== by 0x118FDB: tool_header_cb (tool_cb_hdr.c:173)
==496584== by 0x489907B: chop_write.lto_priv.0 (sendf.c:620)
==496584== by 0x489CDD1: UnknownInlinedFun (http.c:4449)
==496584== by 0x489CDD1: UnknownInlinedFun (transfer.c:633)
==496584== by 0x489CDD1: Curl_readwrite (transfer.c:1219)
==496584== by 0x488C116: multi_runsingle (multi.c:2404)
==496584== by 0x488F491: curl_multi_perform (multi.c:2682)
==496584== by 0x486A9DA: UnknownInlinedFun (easy.c:663)
==496584== by 0x486A9DA: UnknownInlinedFun (easy.c:753)
==496584== by 0x486A9DA: curl_easy_perform (easy.c:772)
==496584== by 0x114B28: UnknownInlinedFun (tool_operate.c:2406)
==496584== by 0x114B28: UnknownInlinedFun (tool_operate.c:2594)
==496584== by 0x114B28: UnknownInlinedFun (tool_operate.c:2706)
==496584== by 0x114B28: main (tool_main.c:284)
```
Bug: https://bugzilla.redhat.com/2143040
---
tests/data/test3012 | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/tests/data/test3012 b/tests/data/test3012
index 1889c93..ea43a49 100644
--- a/tests/data/test3012
+++ b/tests/data/test3012
@@ -56,5 +56,9 @@ Accept: */*
<file name="log/MMM%TESTNUMBERMMM">
-foo-
</file>
+
+<valgrind>
+disable
+</valgrind>
</verify>
</testcase>
--
2.39.0

19
backport-curl-7.88.0-tests-warnings.patch
View File

@ -2,28 +2,29 @@ From d506d885aa16b4a87acbac082eea41dccdc7b69f Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Wed, 15 Feb 2023 10:42:38 +0100
Subject: [PATCH] Revert "runtests: consider warnings fatal and error on them"
While it might be useful for upstream developers, it is not so useful
for downstream consumers.
This reverts upstream commit 22f795c834cfdbacbb1b55426028a581e3cf67a8.
---
tests/runtests.pl | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/tests/runtests.pl b/tests/runtests.pl
index 71644ad18..0cf85c3fe 100755
--- a/tests/runtests.pl
+++ b/tests/runtests.pl
@@ -75,8 +75,7 @@ BEGIN {
}
@@ -55,8 +55,7 @@
# given, this won't be a problem.
use strict;
-# Promote all warnings to fatal
-use warnings FATAL => 'all';
+use warnings;
use Cwd;
use Digest::MD5 qw(md5);
use MIME::Base64;
use 5.006;
# These should be the only variables that might be needed to get edited:
--
2.39.1
2.39.1

BIN
curl-7.88.1.tar.xz
View File

Binary file not shown.

BIN
curl-8.1.2.tar.xz Normal file
View File

Binary file not shown.

29
curl.spec
View File

@ -5,27 +5,16 @@
%global _configure ../configure
Name: curl
Version: 7.88.1
Release: 4
Version: 8.1.2
Release: 1
Summary: Curl is used in command lines or scripts to transfer data
License: MIT
URL: https://curl.haxx.se/
Source: https://curl.haxx.se/download/curl-%{version}.tar.xz
License: curl
URL: https://curl.se/
Source: https://curl.se/download/curl-%{version}.tar.xz
Patch1: backport-0101-curl-7.32.0-multilib.patch
Patch2: backport-curl-7.84.0-test3026.patch
Patch3: backport-curl-7.87.0-test3012.patch
Patch4: backport-curl-7.88.0-tests-warnings.patch
Patch5: backport-CVE-2023-27533.patch
Patch6: backport-CVE-2023-27534.patch
Patch7: backport-CVE-2023-27538.patch
Patch8: backport-CVE-2023-27535.patch
Patch9: backport-CVE-2023-27536.patch
Patch10: backport-CVE-2023-27537.patch
Patch11: backport-0001-CVE-2023-28320.patch
Patch12: backport-0002-CVE-2023-28320.patch
Patch13: backport-CVE-2023-28321.patch
Patch14: backport-CVE-2023-28322.patch
BuildRequires: automake brotli-devel coreutils gcc groff krb5-devel
BuildRequires: libidn2-devel libnghttp2-devel libpsl-devel
@ -72,7 +61,7 @@ Header files for libcurl.
%prep
%autosetup -n %{name}-%{version} -p1
printf "1112\n1455\n1184\n1801\n1592\n3000\n3001\n" >> tests/data/DISABLED
echo "1801" >> tests/data/DISABLED
# adapt test 323 for updated OpenSSL
sed -e 's/^35$/35,52/' -i tests/data/test323
@ -210,6 +199,12 @@ rm -rf ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
%{_mandir}/man3/*
%changelog
* Sat Jul 15 2023 gaihuiying <eaglegai@163.com> - 8.1.2-1
- Type:requirement
- CVE:NA
- SUG:NA
- DESC:update to curl 8.1.2
* Sat Jun 10 2023 zhouyihang <zhouyihang3@h-partners.com> - 7.88.1-4
- Type:bugfix
- CVE:NA