multi: check that the multi handle is valid in curl_multi_assign

2024-11-30 09:24:02 +00:00 · 2024-11-30 09:24:02 +00:00 · be63e5cab4
commit be63e5cab4
parent 8602edff59
2 changed files with 45 additions and 1 deletions
--- a/backport-multi-check-that-the-multi-handle-is-valid-in-curl_m.patch
+++ b/backport-multi-check-that-the-multi-handle-is-valid-in-curl_m.patch
@ -0,0 +1,37 @@
+From 48f61e781a01e6a8dbc4a347e280644b1c68ab6a Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Wed, 11 Sep 2024 14:12:41 +0200
+Subject: [PATCH] multi: check that the multi handle is valid in
+ curl_multi_assign
+
+By requiring that the multi handle is fine, it can detect bad usage
+better and by that avoid crashes. Like in the #14860 case, which is an
+application calling curl_multi_assign() with a NULL pointer multi
+handle.
+
+Reported-by: Carlo Cabrera
+Fixes #14860
+Closes #14862
+
+Conflict:NA
+Reference:https://github.com/curl/curl/commit/48f61e781a01e6a8dbc4a347e280644b1c68ab6a
+---
+ lib/multi.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/lib/multi.c b/lib/multi.c
+index 062d09cc0..78e5c0a1e 100644
+--- a/lib/multi.c
+++ b/lib/multi.c
+@@ -3688,6 +3688,8 @@ CURLMcode curl_multi_assign(struct Curl_multi *multi, curl_socket_t s,
+                             void *hashp)
+ {
+   struct Curl_sh_entry *there = NULL;
+  if(!GOOD_MULTI_HANDLE(multi))
+    return CURLM_BAD_HANDLE;
+ 
+   there = sh_getentry(&multi->sockhash, s);
+ 
+-- 
+2.33.0
+
--- a/curl.spec
+++ b/curl.spec
@ -7,7 +7,7 @@

 Name:           curl
 Version:        8.4.0
-Release:        11
+Release:        12
 Summary:        Curl is used in command lines or scripts to transfer data
 License:        curl
 URL:            https://curl.se/
@ -36,6 +36,7 @@ Patch27:        backport-CVE-2024-8096-gtls-fix-OCSP-stapling-management.patch
 Patch28:        backport-url-allow-DoH-transfers-to-override-max-connection-limit.patch
 Patch29:        backport-pre-CVE-2024-9681.patch
 Patch30:        backport-CVE-2024-9681.patch
+Patch31:        backport-multi-check-that-the-multi-handle-is-valid-in-curl_m.patch

 BuildRequires:  automake brotli-devel coreutils gcc groff krb5-devel
 BuildRequires:  libidn2-devel libnghttp2-devel libpsl-devel
@ -221,6 +222,12 @@ rm -rf ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %{_mandir}/man3/*

 %changelog
+* Sat Nov 30 2024 zhouyihang <zhouyihang3@h-partners.com> - 8.4.0-12
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:multi: check that the multi handle is valid in curl_multi_assign
+
 * Mon Nov 11 2024 yanglu <yanglu72@h-partners.com> - 8.4.0-11
 - Type:CVE
 - CVE:CVE-2024-9681