!221 fix CVE-2023-32001
From: @sherlock2010 Reviewed-by: @robertxw Signed-off-by: @robertxw
This commit is contained in:
openeuler-ci-bot
Gitee
commit
8fb122bf16
37
backport-CVE-2023-32001.patch
Normal file
37
backport-CVE-2023-32001.patch
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
From 0c667188e0c6cda615a036b8a2b4125f2c404dde Mon Sep 17 00:00:00 2001
|
||||||
|
From: SaltyMilk <soufiane.elmelcaoui@gmail.com>
|
||||||
|
Date: Mon, 10 Jul 2023 21:43:28 +0200
|
||||||
|
Subject: [PATCH] fopen: optimize
|
||||||
|
|
||||||
|
Closes #11419
|
||||||
|
---
|
||||||
|
lib/fopen.c | 12 ++++++------
|
||||||
|
1 file changed, 6 insertions(+), 6 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/fopen.c b/lib/fopen.c
|
||||||
|
index c9c9e3d6e..b6e3caddd 100644
|
||||||
|
--- a/lib/fopen.c
|
||||||
|
+++ b/lib/fopen.c
|
||||||
|
@@ -56,13 +56,13 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename,
|
||||||
|
int fd = -1;
|
||||||
|
*tempname = NULL;
|
||||||
|
|
||||||
|
- if(stat(filename, &sb) == -1 || !S_ISREG(sb.st_mode)) {
|
||||||
|
- /* a non-regular file, fallback to direct fopen() */
|
||||||
|
- *fh = fopen(filename, FOPEN_WRITETEXT);
|
||||||
|
- if(*fh)
|
||||||
|
- return CURLE_OK;
|
||||||
|
+ *fh = fopen(filename, FOPEN_WRITETEXT);
|
||||||
|
+ if(!*fh)
|
||||||
|
goto fail;
|
||||||
|
- }
|
||||||
|
+ if(fstat(fileno(*fh), &sb) == -1 || !S_ISREG(sb.st_mode))
|
||||||
|
+ return CURLE_OK;
|
||||||
|
+ fclose(*fh);
|
||||||
|
+ *fh = NULL;
|
||||||
|
|
||||||
|
result = Curl_rand_hex(data, randsuffix, sizeof(randsuffix));
|
||||||
|
if(result)
|
||||||
|
--
|
||||||
|
2.33.0
|
||||||
|
|
||||||
@ -6,7 +6,7 @@
|
|||||||
|
|
||||||
Name: curl
|
Name: curl
|
||||||
Version: 8.1.2
|
Version: 8.1.2
|
||||||
Release: 1
|
Release: 2
|
||||||
Summary: Curl is used in command lines or scripts to transfer data
|
Summary: Curl is used in command lines or scripts to transfer data
|
||||||
License: curl
|
License: curl
|
||||||
URL: https://curl.se/
|
URL: https://curl.se/
|
||||||
@ -15,6 +15,7 @@ Source: https://curl.se/download/curl-%{version}.tar.xz
|
|||||||
Patch1: backport-0101-curl-7.32.0-multilib.patch
|
Patch1: backport-0101-curl-7.32.0-multilib.patch
|
||||||
Patch2: backport-curl-7.84.0-test3026.patch
|
Patch2: backport-curl-7.84.0-test3026.patch
|
||||||
Patch4: backport-curl-7.88.0-tests-warnings.patch
|
Patch4: backport-curl-7.88.0-tests-warnings.patch
|
||||||
|
Patch5: backport-CVE-2023-32001.patch
|
||||||
|
|
||||||
BuildRequires: automake brotli-devel coreutils gcc groff krb5-devel
|
BuildRequires: automake brotli-devel coreutils gcc groff krb5-devel
|
||||||
BuildRequires: libidn2-devel libnghttp2-devel libpsl-devel
|
BuildRequires: libidn2-devel libnghttp2-devel libpsl-devel
|
||||||
@ -199,6 +200,12 @@ rm -rf ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
|
|||||||
%{_mandir}/man3/*
|
%{_mandir}/man3/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Jul 20 2023 zhouyihang <zhouyihang3@h-partners.com> - 8.1.2-2
|
||||||
|
- Type:CVE
|
||||||
|
- CVE:CVE-2023-32001
|
||||||
|
- SUG:NA
|
||||||
|
- DESC:fix CVE-2023-32001
|
||||||
|
|
||||||
* Sat Jul 15 2023 gaihuiying <eaglegai@163.com> - 8.1.2-1
|
* Sat Jul 15 2023 gaihuiying <eaglegai@163.com> - 8.1.2-1
|
||||||
- Type:requirement
|
- Type:requirement
|
||||||
- CVE:NA
|
- CVE:NA
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user