hemu312/curl
1
0
Fork 0
forked from rpms/curl
Code Pull Requests Activity

Resolves: CVE-2023-27535 - adapt the fix for RHEL 9 curl

Browse Source 
... where USE_SSH is not defined.  The problem with the backport was
detected by OpenScanHub:

https://cov01.lab.eng.brq2.redhat.com/covscanhub/task/279249//log/added.html
This commit is contained in:
Kamil Dudka 2023-04-12 16:34:17 +02:00
parent d35c512f12
commit 40387c061f
4 changed files with 14 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
0027-curl-7.76.1-CVE-2023-27535.patch
View File

@ -83,9 +83,9 @@ Signed-off-by: Kamil Dudka <kdudka@redhat.com>
lib/ftp.c | 28 ++++++++++++++++++++++++++--
lib/ftp.h | 5 +++++
lib/setopt.c | 2 +-
lib/url.c | 16 +++++++++++++++-
lib/url.c | 12 ++++++++++++
lib/urldata.h | 4 ++--
5 files changed, 49 insertions(+), 6 deletions(-)
5 files changed, 46 insertions(+), 5 deletions(-)
diff --git a/lib/ftp.c b/lib/ftp.c
index 9442832..df15bc0 100644
@ -184,17 +184,10 @@ diff --git a/lib/url.c b/lib/url.c
index 61ba832..4e21838 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -1325,10 +1325,24 @@ ConnectionExists(struct Curl_easy *data,
}
}
- if(get_protocol_family(needle->handler) == PROTO_FAMILY_SSH) {
+#ifdef USE_SSH
+ else if(get_protocol_family(needle->handler) == PROTO_FAMILY_SSH) {
@@ -1329,6 +1329,18 @@ ConnectionExists(struct Curl_easy *data,
if(!ssh_config_matches(needle, check))
continue;
}
+#endif
+#ifndef CURL_DISABLE_FTP
+ else if(get_protocol_family(needle->handler) & PROTO_FAMILY_FTP) {
+ /* Also match ACCOUNT, ALTERNATIVE-TO-USER, USE_SSL and CCC options */

6
0028-curl-7.76.1-CVE-2023-27536.patch
View File

@ -26,10 +26,10 @@ index 3b11b7e..cbbc7f3 100644
+ if(needle->gssapi_delegation != check->gssapi_delegation)
+ continue;
+
#ifdef USE_SSH
else if(get_protocol_family(needle->handler) == PROTO_FAMILY_SSH) {
if(get_protocol_family(needle->handler) == PROTO_FAMILY_SSH) {
if(!ssh_config_matches(needle, check))
@@ -1787,6 +1792,7 @@ static struct connectdata *allocate_conn(struct Curl_easy *data)
continue;
@@ -1785,6 +1790,7 @@ static struct connectdata *allocate_conn(struct Curl_easy *data)
conn->fclosesocket = data->set.fclosesocket;
conn->closesocket_client = data->set.closesocket_client;
conn->lastused = Curl_now(); /* used now */

8
0029-curl-7.76.1-CVE-2023-27538.patch
View File

@ -16,12 +16,12 @@ diff --git a/lib/url.c b/lib/url.c
index 0c31486..3b11b7e 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -1331,7 +1331,7 @@ ConnectionExists(struct Curl_easy *data,
@@ -1330,7 +1330,7 @@ ConnectionExists(struct Curl_easy *data,
if(needle->gssapi_delegation != check->gssapi_delegation)
continue;
#ifdef USE_SSH
- else if(get_protocol_family(needle->handler) == PROTO_FAMILY_SSH) {
+ else if(get_protocol_family(needle->handler) & PROTO_FAMILY_SSH) {
- if(get_protocol_family(needle->handler) == PROTO_FAMILY_SSH) {
+ if(get_protocol_family(needle->handler) & PROTO_FAMILY_SSH) {
if(!ssh_config_matches(needle, check))
continue;
}

5
curl.spec
View File

@ -1,7 +1,7 @@
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
Name: curl
Version: 7.76.1
Release: 24%{?dist}
Release: 25%{?dist}
License: MIT
Source: https://curl.se/download/%{name}-%{version}.tar.xz
@ -517,6 +517,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
%changelog
* Wed Apr 12 2023 Kamil Dudka <kdudka@redhat.com> - 7.76.1-25
- adapt the fix of CVE-2023-27535 for RHEL 9 curl
* Fri Mar 24 2023 Kamil Dudka <kdudka@redhat.com> - 7.76.1-24
- fix SSH connection too eager reuse still (CVE-2023-27538)
- fix GSS delegation too eager connection re-use (CVE-2023-27536)