hemu312/curl
1
0
Fork 0
forked from rpms/curl
Code Pull Requests Activity

Resolves: CVE-2022-32208 - fix FTP-KRB bad message verification

Browse Source
This commit is contained in:
Kamil Dudka 2022-06-29 10:56:13 +02:00
parent d613827bea
commit 0d71fe9a40
2 changed files with 78 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
0016-curl-7.76.1-CVE-2022-32208.patch Normal file
View File

@ -0,0 +1,70 @@
From d36661703e16bd740a3a928041b1e697a6617b98 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 9 Jun 2022 09:27:24 +0200
Subject: [PATCH] krb5: return error properly on decode errors
Bug: https://curl.se/docs/CVE-2022-32208.html
CVE-2022-32208
Reported-by: Harry Sintonen
Closes #9051
Upstream-commit: 6ecdf5136b52af747e7bda08db9a748256b1cd09
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
lib/krb5.c | 18 +++++++++++-------
1 file changed, 11 insertions(+), 7 deletions(-)
diff --git a/lib/krb5.c b/lib/krb5.c
index 787137c..6f9e1f7 100644
--- a/lib/krb5.c
+++ b/lib/krb5.c
@@ -146,11 +146,8 @@ krb5_decode(void *app_data, void *buf, int len,
enc.value = buf;
enc.length = len;
maj = gss_unwrap(&min, *context, &enc, &dec, NULL, NULL);
- if(maj != GSS_S_COMPLETE) {
- if(len >= 4)
- strcpy(buf, "599 ");
+ if(maj != GSS_S_COMPLETE)
return -1;
- }
memcpy(buf, dec.value, dec.length);
len = curlx_uztosi(dec.length);
@@ -523,6 +520,7 @@ static CURLcode read_data(struct connectdata *conn,
{
int len;
CURLcode result;
+ int nread;
result = socket_read(fd, &len, sizeof(len));
if(result)
@@ -531,7 +529,10 @@ static CURLcode read_data(struct connectdata *conn,
if(len) {
/* only realloc if there was a length */
len = ntohl(len);
- buf->data = Curl_saferealloc(buf->data, len);
+ if(len > CURL_MAX_INPUT_LENGTH)
+ len = 0;
+ else
+ buf->data = Curl_saferealloc(buf->data, len);
}
if(!len || !buf->data)
return CURLE_OUT_OF_MEMORY;
@@ -539,8 +540,11 @@ static CURLcode read_data(struct connectdata *conn,
result = socket_read(fd, buf->data, len);
if(result)
return result;
- buf->size = conn->mech->decode(conn->app_data, buf->data, len,
- conn->data_prot, conn);
+ nread = conn->mech->decode(conn->app_data, buf->data, len,
+ conn->data_prot, conn);
+ if(nread < 0)
+ return CURLE_RECV_ERROR;
+ buf->size = (size_t)nread;
buf->index = 0;
return CURLE_OK;
}
--
2.35.3

9
curl.spec
View File

@ -1,7 +1,7 @@
Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
Name: curl Name: curl
Version: 7.76.1 Version: 7.76.1
Release: 18%{?dist} Release: 19%{?dist}
License: MIT License: MIT
Source: https://curl.se/download/%{name}-%{version}.tar.xz Source: https://curl.se/download/%{name}-%{version}.tar.xz
@ -50,6 +50,9 @@ Patch14: 0014-curl-7.76.1-CVE-2022-27782.patch
# make upstream tests work with openssh-8.7p1 # make upstream tests work with openssh-8.7p1
Patch15: 0015-curl-7.76.1-tests-openssh.patch Patch15: 0015-curl-7.76.1-tests-openssh.patch
# fix FTP-KRB bad message verification (CVE-2022-32208)
Patch16: 0016-curl-7.76.1-CVE-2022-32208.patch
# patch making libcurl multilib ready # patch making libcurl multilib ready
Patch101: 0101-curl-7.32.0-multilib.patch Patch101: 0101-curl-7.32.0-multilib.patch
@ -240,6 +243,7 @@ be installed.
%patch13 -p1 %patch13 -p1
%patch14 -p1 %patch14 -p1
%patch15 -p1 %patch15 -p1
%patch16 -p1
# Fedora patches # Fedora patches
%patch101 -p1 %patch101 -p1
@ -460,6 +464,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
%changelog %changelog
* Wed Jun 29 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-19
- fix FTP-KRB bad message verification (CVE-2022-32208)
* Wed May 11 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-18 * Wed May 11 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-18
- fix too eager reuse of TLS and SSH connections (CVE-2022-27782) - fix too eager reuse of TLS and SSH connections (CVE-2022-27782)