1
0
forked from rpms/curl

import curl-7.61.1-22.el8

This commit is contained in:
CentOS Sources 2021-11-09 04:56:18 -05:00 committed by Stepan Oksanichenko
parent 94fbfae7ed
commit 4615b7a994
5 changed files with 915 additions and 3 deletions

View File

@ -0,0 +1,116 @@
From 239f8d93866605b05f4e6b551f4327dc7fcb922b Mon Sep 17 00:00:00 2001
From: Viktor Szakats <commit@vsz.me>
Date: Tue, 23 Feb 2021 14:54:46 +0100
Subject: [PATCH 1/2] transfer: strip credentials from the auto-referer header
field
Added test 2081 to verify.
CVE-2021-22876
Bug: https://curl.se/docs/CVE-2021-22876.html
Upstream-commit: 7214288898f5625a6cc196e22a74232eada7861c
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
lib/transfer.c | 25 +++++++++++++++++++++++--
1 file changed, 23 insertions(+), 2 deletions(-)
diff --git a/lib/transfer.c b/lib/transfer.c
index ecd1063..263b178 100644
--- a/lib/transfer.c
+++ b/lib/transfer.c
@@ -1473,6 +1473,7 @@ CURLcode Curl_follow(struct Curl_easy *data,
/* Location: redirect */
bool disallowport = FALSE;
bool reachedmax = FALSE;
+ CURLUcode uc;
if(type == FOLLOW_REDIR) {
if((data->set.maxredirs != -1) &&
@@ -1488,6 +1489,9 @@ CURLcode Curl_follow(struct Curl_easy *data,
data->set.followlocation++; /* count location-followers */
if(data->set.http_auto_referer) {
+ CURLU *u;
+ char *referer;
+
/* We are asked to automatically set the previous URL as the referer
when we get the next URL. We pick the ->url field, which may or may
not be 100% correct */
@@ -1497,9 +1501,26 @@ CURLcode Curl_follow(struct Curl_easy *data,
data->change.referer_alloc = FALSE;
}
- data->change.referer = strdup(data->change.url);
- if(!data->change.referer)
+ /* Make a copy of the URL without crenditals and fragment */
+ u = curl_url();
+ if(!u)
+ return CURLE_OUT_OF_MEMORY;
+
+ uc = curl_url_set(u, CURLUPART_URL, data->change.url, 0);
+ if(!uc)
+ uc = curl_url_set(u, CURLUPART_FRAGMENT, NULL, 0);
+ if(!uc)
+ uc = curl_url_set(u, CURLUPART_USER, NULL, 0);
+ if(!uc)
+ uc = curl_url_set(u, CURLUPART_PASSWORD, NULL, 0);
+ if(!uc)
+ uc = curl_url_get(u, CURLUPART_URL, &referer, 0);
+
+ curl_url_cleanup(u);
+
+ if(uc || referer == NULL)
return CURLE_OUT_OF_MEMORY;
+ data->change.referer = referer;
data->change.referer_alloc = TRUE; /* yes, free this later */
}
}
--
2.30.2
From f7d1d478b87499ce31d6aa3251830b78447ad952 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 29 Mar 2021 09:32:14 +0200
Subject: [PATCH 2/2] transfer: clear 'referer' in declaration
To silence (false positive) compiler warnings about it.
Follow-up to 7214288898f5625
Reviewed-by: Marcel Raad
Closes #6810
Upstream-commit: 6bb028dbda6cbfe83f66de773544f71e4813160f
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
lib/transfer.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/transfer.c b/lib/transfer.c
index 263b178..ad5a7ba 100644
--- a/lib/transfer.c
+++ b/lib/transfer.c
@@ -1490,7 +1490,7 @@ CURLcode Curl_follow(struct Curl_easy *data,
if(data->set.http_auto_referer) {
CURLU *u;
- char *referer;
+ char *referer = NULL;
/* We are asked to automatically set the previous URL as the referer
when we get the next URL. We pick the ->url field, which may or may
@@ -1518,7 +1518,7 @@ CURLcode Curl_follow(struct Curl_easy *data,
curl_url_cleanup(u);
- if(uc || referer == NULL)
+ if(uc || !referer)
return CURLE_OUT_OF_MEMORY;
data->change.referer = referer;
data->change.referer_alloc = TRUE; /* yes, free this later */
--
2.30.2

View File

@ -0,0 +1,693 @@
From 87e3d094e0dc00efc1abeb2b142d453024cbca69 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 4 Oct 2018 23:53:32 +0200
Subject: [PATCH] FILE: fix CURLOPT_NOBODY and CURLOPT_HEADER output
Now FILE transfers send headers to the header callback like HTTP and
other protocols. Also made curl_easy_getinfo(...CURLINFO_PROTOCOL...)
work for FILE in the callbacks.
Makes "curl -i file://.." and "curl -I file://.." work like before
again. Applied the bold header logic to them too.
Regression from c1c2762 (7.61.0)
Reported-by: Shaun Jackman
Fixes #3083
Closes #3101
Upstream-commit: e50a2002bd450a4800a165d2874ed79c95b33a07
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
lib/file.c | 27 +++++++++++++--------------
lib/getinfo.c | 1 -
lib/url.c | 1 +
src/tool_cb_hdr.c | 5 +++--
tests/data/test1016 | 2 +-
tests/data/test1017 | 2 +-
tests/data/test1018 | 2 +-
tests/data/test1019 | 2 +-
tests/data/test1020 | 2 +-
tests/data/test1029 | 2 +-
tests/data/test1146 | 2 +-
tests/data/test1220 | 2 +-
tests/data/test200 | 2 +-
tests/data/test2000 | 2 +-
tests/data/test2001 | 13 +------------
tests/data/test2002 | 13 +------------
tests/data/test2003 | 26 ++------------------------
tests/data/test2004 | 2 +-
tests/data/test2006 | 8 ++++++++
tests/data/test2007 | 8 ++++++++
tests/data/test2008 | 8 ++++++++
tests/data/test2009 | 8 ++++++++
tests/data/test2010 | 8 ++++++++
tests/data/test202 | 2 +-
tests/data/test203 | 2 +-
tests/data/test204 | 2 +-
tests/data/test205 | 2 +-
tests/data/test2070 | 2 +-
tests/data/test2071 | 2 +-
tests/data/test2072 | 2 +-
tests/data/test210 | 2 +-
tests/data/test231 | 2 +-
tests/data/test288 | 2 +-
33 files changed, 82 insertions(+), 86 deletions(-)
diff --git a/lib/file.c b/lib/file.c
index e50e988..f780658 100644
--- a/lib/file.c
+++ b/lib/file.c
@@ -386,7 +386,6 @@ static CURLcode file_do(struct connectdata *conn, bool *done)
*done = TRUE; /* unconditionally */
- Curl_initinfo(data);
Curl_pgrsStartNow(data);
if(data->set.upload)
@@ -413,21 +412,18 @@ static CURLcode file_do(struct connectdata *conn, bool *done)
}
}
- /* If we have selected NOBODY and HEADER, it means that we only want file
- information. Which for FILE can't be much more than the file size and
- date. */
- if(data->set.opt_no_body && data->set.include_header && fstated) {
+ if(fstated) {
time_t filetime;
struct tm buffer;
const struct tm *tm = &buffer;
char header[80];
snprintf(header, sizeof(header),
"Content-Length: %" CURL_FORMAT_CURL_OFF_T "\r\n", expected_size);
- result = Curl_client_write(conn, CLIENTWRITE_BOTH, header, 0);
+ result = Curl_client_write(conn, CLIENTWRITE_HEADER, header, 0);
if(result)
return result;
- result = Curl_client_write(conn, CLIENTWRITE_BOTH,
+ result = Curl_client_write(conn, CLIENTWRITE_HEADER,
(char *)"Accept-ranges: bytes\r\n", 0);
if(result)
return result;
@@ -439,19 +435,22 @@ static CURLcode file_do(struct connectdata *conn, bool *done)
/* format: "Tue, 15 Nov 1994 12:45:26 GMT" */
snprintf(header, sizeof(header),
- "Last-Modified: %s, %02d %s %4d %02d:%02d:%02d GMT\r\n",
+ "Last-Modified: %s, %02d %s %4d %02d:%02d:%02d GMT\r\n%s",
Curl_wkday[tm->tm_wday?tm->tm_wday-1:6],
tm->tm_mday,
Curl_month[tm->tm_mon],
tm->tm_year + 1900,
tm->tm_hour,
tm->tm_min,
- tm->tm_sec);
- result = Curl_client_write(conn, CLIENTWRITE_BOTH, header, 0);
- if(!result)
- /* set the file size to make it available post transfer */
- Curl_pgrsSetDownloadSize(data, expected_size);
- return result;
+ tm->tm_sec,
+ data->set.opt_no_body ? "": "\r\n");
+ result = Curl_client_write(conn, CLIENTWRITE_HEADER, header, 0);
+ if(result)
+ return result;
+ /* set the file size to make it available post transfer */
+ Curl_pgrsSetDownloadSize(data, expected_size);
+ if(data->set.opt_no_body)
+ return result;
}
/* Check whether file range has been specified */
diff --git a/lib/getinfo.c b/lib/getinfo.c
index 14b4562..54c2c2f 100644
--- a/lib/getinfo.c
+++ b/lib/getinfo.c
@@ -85,7 +85,6 @@ CURLcode Curl_initinfo(struct Curl_easy *data)
#ifdef USE_SSL
Curl_ssl_free_certinfo(data);
#endif
-
return CURLE_OK;
}
diff --git a/lib/url.c b/lib/url.c
index b18db25..bb9d107 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -4290,6 +4290,7 @@ static CURLcode create_conn(struct Curl_easy *data,
/* this is supposed to be the connect function so we better at least check
that the file is present here! */
DEBUGASSERT(conn->handler->connect_it);
+ Curl_persistconninfo(conn);
result = conn->handler->connect_it(conn, &done);
/* Setup a "faked" transfer that'll do nothing */
diff --git a/src/tool_cb_hdr.c b/src/tool_cb_hdr.c
index e91e8ac..4f21221 100644
--- a/src/tool_cb_hdr.c
+++ b/src/tool_cb_hdr.c
@@ -153,8 +153,9 @@ size_t tool_header_cb(char *ptr, size_t size, size_t nmemb, void *userdata)
}
if(hdrcbdata->config->show_headers &&
- (protocol & (CURLPROTO_HTTP|CURLPROTO_HTTPS|CURLPROTO_RTSP))) {
- /* bold headers only happen for HTTP(S) and RTSP */
+ (protocol &
+ (CURLPROTO_HTTP|CURLPROTO_HTTPS|CURLPROTO_RTSP|CURLPROTO_FILE))) {
+ /* bold headers only for selected protocols */
char *value = NULL;
if(!outs->stream && !tool_create_output_file(outs))
diff --git a/tests/data/test1016 b/tests/data/test1016
index b404cac..4927f9e 100644
--- a/tests/data/test1016
+++ b/tests/data/test1016
@@ -22,7 +22,7 @@ file
<name>
X-Y range on a file:// URL to stdout
</name>
- <command>
+<command option="no-include">
-r 1-4 file://localhost/%PWD/log/test1016.txt
</command>
<file name="log/test1016.txt">
diff --git a/tests/data/test1017 b/tests/data/test1017
index 6fbc38a..cfdd80f 100644
--- a/tests/data/test1017
+++ b/tests/data/test1017
@@ -23,7 +23,7 @@ file
<name>
0-Y range on a file:// URL to stdout
</name>
- <command>
+<command option="no-include">
-r 0-3 file://localhost/%PWD/log/test1017.txt
</command>
<file name="log/test1017.txt">
diff --git a/tests/data/test1018 b/tests/data/test1018
index 28a7027..5748701 100644
--- a/tests/data/test1018
+++ b/tests/data/test1018
@@ -22,7 +22,7 @@ file
<name>
X-X range on a file:// URL to stdout
</name>
- <command>
+<command option="no-include">
-r 4-4 file://localhost/%PWD/log/test1018.txt
</command>
<file name="log/test1018.txt">
diff --git a/tests/data/test1019 b/tests/data/test1019
index 4d9872a..054e38d 100644
--- a/tests/data/test1019
+++ b/tests/data/test1019
@@ -23,7 +23,7 @@ file
<name>
X- range on a file:// URL to stdout
</name>
- <command>
+<command option="no-include">
-r 7- file://localhost/%PWD/log/test1019.txt
</command>
<file name="log/test1019.txt">
diff --git a/tests/data/test1020 b/tests/data/test1020
index 735871d..e924529 100644
--- a/tests/data/test1020
+++ b/tests/data/test1020
@@ -23,7 +23,7 @@ file
<name>
-Y range on a file:// URL to stdout
</name>
- <command>
+<command option="no-include">
-r -9 file://localhost/%PWD/log/test1020.txt
</command>
<file name="log/test1020.txt">
diff --git a/tests/data/test1029 b/tests/data/test1029
index 2ffc7c6..c77209c 100644
--- a/tests/data/test1029
+++ b/tests/data/test1029
@@ -29,7 +29,7 @@ http
<name>
HTTP Location: and 'redirect_url' check
</name>
- <command>
+<command>
http://%HOSTIP:%HTTPPORT/we/want/our/1029 -w '%{redirect_url}\n'
</command>
</client>
diff --git a/tests/data/test1146 b/tests/data/test1146
index 43f33b7..636748e 100644
--- a/tests/data/test1146
+++ b/tests/data/test1146
@@ -24,7 +24,7 @@ file
<name>
--proto-default file
</name>
-<command>
+<command option="no-include">
--proto-default file %PWD/log/test1146.txt
</command>
<file name="log/test1146.txt">
diff --git a/tests/data/test1220 b/tests/data/test1220
index 959abbf..6752eb5 100644
--- a/tests/data/test1220
+++ b/tests/data/test1220
@@ -20,7 +20,7 @@ file
<name>
file:// URLs with query string
</name>
- <command>
+<command option="no-include">
file://localhost/%PWD/log/test1220.txt?a_query=foobar#afragment
</command>
<file name="log/test1220.txt">
diff --git a/tests/data/test200 b/tests/data/test200
index 8be1de0..c27f7c0 100644
--- a/tests/data/test200
+++ b/tests/data/test200
@@ -23,7 +23,7 @@ file
<name>
basic file:// file
</name>
- <command>
+<command option="no-include">
file://localhost/%PWD/log/test200.txt
</command>
<file name="log/test200.txt">
diff --git a/tests/data/test2000 b/tests/data/test2000
index d3edb16..db1ba13 100644
--- a/tests/data/test2000
+++ b/tests/data/test2000
@@ -31,7 +31,7 @@ file
<name>
FTP RETR followed by FILE
</name>
- <command>
+<command option="no-include">
ftp://%HOSTIP:%FTPPORT/2000 file://localhost/%PWD/log/test2000.txt
</command>
<file name="log/test2000.txt">
diff --git a/tests/data/test2001 b/tests/data/test2001
index 68c0df7..88a258e 100644
--- a/tests/data/test2001
+++ b/tests/data/test2001
@@ -48,7 +48,7 @@ file
<name>
HTTP GET followed by FTP RETR followed by FILE
</name>
- <command>
+<command option="no-include">
http://%HOSTIP:%HTTPPORT/20010001 ftp://%HOSTIP:%FTPPORT/20010002 file://localhost/%PWD/log/test2001.txt
</command>
<file name="log/test2001.txt">
@@ -81,17 +81,6 @@ RETR 20010002
QUIT
</protocol>
<stdout>
-HTTP/1.1 200 OK
-Date: Thu, 09 Nov 2010 14:49:00 GMT
-Server: test-server/fake
-Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
-ETag: "21025-dc7-39462498"
-Accept-Ranges: bytes
-Content-Length: 6
-Connection: close
-Content-Type: text/html
-Funny-head: yesyes
-
-foo-
data
to
diff --git a/tests/data/test2002 b/tests/data/test2002
index db96bfe..6dd2f93 100644
--- a/tests/data/test2002
+++ b/tests/data/test2002
@@ -57,7 +57,7 @@ tftp
<name>
HTTP GET followed by FTP RETR followed by FILE followed by TFTP RRQ
</name>
- <command>
+<command option="no-include">
http://%HOSTIP:%HTTPPORT/20020001 ftp://%HOSTIP:%FTPPORT/20020002 file://localhost/%PWD/log/test2002.txt tftp://%HOSTIP:%TFTPPORT//20020003
</command>
<file name="log/test2002.txt">
@@ -96,17 +96,6 @@ filename: /20020003
QUIT
</protocol>
<stdout>
-HTTP/1.1 200 OK
-Date: Thu, 09 Nov 2010 14:49:00 GMT
-Server: test-server/fake
-Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
-ETag: "21025-dc7-39462498"
-Accept-Ranges: bytes
-Content-Length: 6
-Connection: close
-Content-Type: text/html
-Funny-head: yesyes
-
-foo-
data
to
diff --git a/tests/data/test2003 b/tests/data/test2003
index 59a743f..09bee8e 100644
--- a/tests/data/test2003
+++ b/tests/data/test2003
@@ -57,8 +57,8 @@ tftp
<name>
HTTP GET followed by FTP RETR followed by FILE followed by TFTP RRQ then again in reverse order
</name>
- <command>
-http://%HOSTIP:%HTTPPORT/20030001 ftp://%HOSTIP:%FTPPORT/20030002 file://localhost/%PWD/log/test2003.txt tftp://%HOSTIP:%TFTPPORT//20030003 tftp://%HOSTIP:%TFTPPORT//20030003 file://localhost/%PWD/log/test2003.txt ftp://%HOSTIP:%FTPPORT/20030002 http://%HOSTIP:%HTTPPORT/20030001
+<command option="no-include">
+http://%HOSTIP:%HTTPPORT/20030001 ftp://%HOSTIP:%FTPPORT/20030002 file://localhost/%PWD/log/test2003.txt tftp://%HOSTIP:%TFTPPORT//20030003 tftp://%HOSTIP:%TFTPPORT//20030003 file://localhost/%PWD/log/test2003.txt ftp://%HOSTIP:%FTPPORT/20030002 http://%HOSTIP:%HTTPPORT/20030001
</command>
<file name="log/test2003.txt">
foo
@@ -109,17 +109,6 @@ Accept: */*
QUIT
</protocol>
<stdout>
-HTTP/1.1 200 OK
-Date: Thu, 09 Nov 2010 14:49:00 GMT
-Server: test-server/fake
-Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
-ETag: "21025-dc7-39462498"
-Accept-Ranges: bytes
-Content-Length: 6
-Connection: close
-Content-Type: text/html
-Funny-head: yesyes
-
-foo-
data
to
@@ -151,17 +140,6 @@ data
that FTP
works
so does it?
-HTTP/1.1 200 OK
-Date: Thu, 09 Nov 2010 14:49:00 GMT
-Server: test-server/fake
-Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
-ETag: "21025-dc7-39462498"
-Accept-Ranges: bytes
-Content-Length: 6
-Connection: close
-Content-Type: text/html
-Funny-head: yesyes
-
-foo-
</stdout>
</verify>
diff --git a/tests/data/test2004 b/tests/data/test2004
index 4773f69..b17890b 100644
--- a/tests/data/test2004
+++ b/tests/data/test2004
@@ -29,7 +29,7 @@ sftp
<name>
TFTP RRQ followed by SFTP retrieval followed by FILE followed by SCP retrieval then again in reverse order
</name>
- <command>
+<command option="no-include">
--key curl_client_key --pubkey curl_client_key.pub -u %USER: tftp://%HOSTIP:%TFTPPORT//2004 sftp://%HOSTIP:%SSHPORT%POSIX_PWD/log/test2004.txt file://localhost/%PWD/log/test2004.txt scp://%HOSTIP:%SSHPORT%POSIX_PWD/log/test2004.txt file://localhost/%PWD/log/test2004.txt sftp://%HOSTIP:%SSHPORT%POSIX_PWD/log/test2004.txt tftp://%HOSTIP:%TFTPPORT//2004 --insecure
</command>
<file name="log/test2004.txt">
diff --git a/tests/data/test2006 b/tests/data/test2006
index e25556f..3acbdae 100644
--- a/tests/data/test2006
+++ b/tests/data/test2006
@@ -4,6 +4,7 @@
Metalink
HTTP
HTTP GET
+FILE
</keywords>
</info>
@@ -85,6 +86,10 @@ Accept: */*
Some data delivered from an HTTP resource
</file1>
<file2 name="log/heads2006">
+Content-Length: 496
+Accept-ranges: bytes
+
+
HTTP/1.1 200 OK
Date: Thu, 21 Jun 2012 14:49:01 GMT
Server: test-server/fake
@@ -105,6 +110,9 @@ Metalink: fetching (log/download2006) from (http://%HOSTIP:%HTTPPORT/2006) OK
Metalink: validating (log/download2006)...
Metalink: validating (log/download2006) [sha-256] OK
</file4>
+<stripfile2>
+s/Last-Modified:.*//
+</stripfile2>
<stripfile4>
$_ = '' if (($_ !~ /^Metalink: /) && ($_ !~ /error/i) && ($_ !~ /warn/i))
</stripfile4>
diff --git a/tests/data/test2007 b/tests/data/test2007
index cc4bd8c..b169c49 100644
--- a/tests/data/test2007
+++ b/tests/data/test2007
@@ -5,6 +5,7 @@ Metalink
HTTP
HTTP GET
-J
+FILE
</keywords>
</info>
@@ -85,7 +86,14 @@ Accept: */*
<file1 name="log/download2007">
Something delivered from an HTTP resource
</file1>
+<stripfile2>
+s/Last-Modified:.*//
+</stripfile2>
<file2 name="log/heads2007">
+Content-Length: 496
+Accept-ranges: bytes
+
+
HTTP/1.1 200 OK
Date: Thu, 21 Jun 2012 14:50:02 GMT
Server: test-server/fake
diff --git a/tests/data/test2008 b/tests/data/test2008
index 5843792..012f221 100644
--- a/tests/data/test2008
+++ b/tests/data/test2008
@@ -4,6 +4,7 @@
Metalink
HTTP
HTTP GET
+FILE
</keywords>
</info>
@@ -77,7 +78,14 @@ Accept: */*
<file1 name="log/download2008">
Some stuff delivered from an HTTP resource
</file1>
+<stripfile2>
+s/Last-Modified:.*//
+</stripfile2>
<file2 name="log/heads2008">
+Content-Length: 496
+Accept-ranges: bytes
+
+
HTTP/1.1 200 OK
Date: Thu, 21 Jun 2012 15:23:48 GMT
Server: test-server/fake
diff --git a/tests/data/test2009 b/tests/data/test2009
index 84482ce..b0e5c6c 100644
--- a/tests/data/test2009
+++ b/tests/data/test2009
@@ -5,6 +5,7 @@ Metalink
HTTP
HTTP GET
-J
+FILE
</keywords>
</info>
@@ -78,7 +79,14 @@ Accept: */*
<file1 name="log/download2009">
Some contents delivered from an HTTP resource
</file1>
+<stripfile2>
+s/Last-Modified:.*//
+</stripfile2>
<file2 name="log/heads2009">
+Content-Length: 496
+Accept-ranges: bytes
+
+
HTTP/1.1 200 OK
Date: Thu, 21 Jun 2012 16:27:17 GMT
Server: test-server/fake
diff --git a/tests/data/test2010 b/tests/data/test2010
index 91a83f4..33bb309 100644
--- a/tests/data/test2010
+++ b/tests/data/test2010
@@ -4,6 +4,7 @@
Metalink
HTTP
HTTP GET
+FILE
</keywords>
</info>
@@ -77,7 +78,14 @@ Accept: */*
<file1 name="log/download2010">
Contents delivered from an HTTP resource
</file1>
+<stripfile2>
+s/Last-Modified:.*//
+</stripfile2>
<file2 name="log/heads2010">
+Content-Length: 496
+Accept-ranges: bytes
+
+
HTTP/1.1 200 OK
Date: Thu, 21 Jun 2012 17:37:27 GMT
Server: test-server/fake
diff --git a/tests/data/test202 b/tests/data/test202
index f863ec5..0b324b1 100644
--- a/tests/data/test202
+++ b/tests/data/test202
@@ -19,7 +19,7 @@ file
<name>
two file:// URLs to stdout
</name>
- <command>
+<command option="no-include">
file://localhost/%PWD/log/test202.txt FILE://localhost/%PWD/log/test202.txt
</command>
<file name="log/test202.txt">
diff --git a/tests/data/test203 b/tests/data/test203
index 366cc2c..3938426 100644
--- a/tests/data/test203
+++ b/tests/data/test203
@@ -24,7 +24,7 @@ file
<name>
file:/path URL with a single slash
</name>
- <command>
+<command option="no-include">
file:%PWD/log/test203.txt
</command>
<file name="log/test203.txt">
diff --git a/tests/data/test204 b/tests/data/test204
index 9cc7b01..0ed9451 100644
--- a/tests/data/test204
+++ b/tests/data/test204
@@ -15,7 +15,7 @@ file
<name>
"upload" with file://
</name>
- <command>
+<command option="no-include">
file://localhost/%PWD/log/result204.txt -T log/upload204.txt
</command>
<file name="log/upload204.txt">
diff --git a/tests/data/test205 b/tests/data/test205
index 4af93f6..f83c531 100644
--- a/tests/data/test205
+++ b/tests/data/test205
@@ -16,7 +16,7 @@ file
<name>
"upload" with file://
</name>
- <command>
+<command option="no-include">
file://localhost/%PWD/log/nonexisting/result205.txt -T log/upload205.txt
</command>
<file name="log/upload205.txt">
diff --git a/tests/data/test2070 b/tests/data/test2070
index bc3898a..655cd8a 100644
--- a/tests/data/test2070
+++ b/tests/data/test2070
@@ -23,7 +23,7 @@ file
<name>
basic file:// file with no authority
</name>
- <command>
+<command option="no-include">
file:%PWD/log/test2070.txt
</command>
<file name="log/test2070.txt">
diff --git a/tests/data/test2071 b/tests/data/test2071
index 997dfff..eddfa4d 100644
--- a/tests/data/test2071
+++ b/tests/data/test2071
@@ -23,7 +23,7 @@ file
<name>
basic file:// file with "127.0.0.1" hostname
</name>
- <command>
+<command option="no-include">
file://127.0.0.1/%PWD/log/test2070.txt
</command>
<file name="log/test2070.txt">
diff --git a/tests/data/test2072 b/tests/data/test2072
index cd26f22..1bab158 100644
--- a/tests/data/test2072
+++ b/tests/data/test2072
@@ -23,7 +23,7 @@ file
<name>
file:// with unix path resolution behavior for the case of extra slashes
</name>
-<command>
+<command option="no-include">
file:////%PWD/log/test2072.txt
</command>
<precheck>
diff --git a/tests/data/test210 b/tests/data/test210
index e904567..c6fb703 100644
--- a/tests/data/test210
+++ b/tests/data/test210
@@ -22,7 +22,7 @@ ftp
<name>
Get two FTP files from the same remote dir: no second CWD
</name>
- <command>
+<command option="no-include">
ftp://%HOSTIP:%FTPPORT/a/path/210 ftp://%HOSTIP:%FTPPORT/a/path/210
</command>
<stdout>
diff --git a/tests/data/test231 b/tests/data/test231
index 6994957..3d4bc77 100644
--- a/tests/data/test231
+++ b/tests/data/test231
@@ -22,7 +22,7 @@ file
<name>
file:// with resume
</name>
- <command>
+<command option="no-include">
file://localhost/%PWD/log/test231.txt -C 10
</command>
<file name="log/test231.txt">
diff --git a/tests/data/test288 b/tests/data/test288
index ff4db6a..9f8f6e1 100644
--- a/tests/data/test288
+++ b/tests/data/test288
@@ -30,7 +30,7 @@ file:// with (unsupported) proxy, authentication and range
<setenv>
all_proxy=http://fake:user@%HOSTIP:%HTTPPORT/
</setenv>
- <command>
+<command option="no-include">
file://localhost/%PWD/log/test288.txt
</command>
<file name="log/test288.txt">
--
2.30.2

View File

@ -0,0 +1,31 @@
From ae2dc830fb37e9243dbdaf8b92e41df91f43b3f2 Mon Sep 17 00:00:00 2001
From: Harry Sintonen <sintonen@iki.fi>
Date: Fri, 7 May 2021 13:09:57 +0200
Subject: [PATCH] telnet: check sscanf() for correct number of matches
CVE-2021-22898
Bug: https://curl.se/docs/CVE-2021-22898.html
Upstream-commit: 39ce47f219b09c380b81f89fe54ac586c8db6bde
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
lib/telnet.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/telnet.c b/lib/telnet.c
index 1fc5af1..ea6bc71 100644
--- a/lib/telnet.c
+++ b/lib/telnet.c
@@ -967,7 +967,7 @@ static void suboption(struct connectdata *conn)
size_t tmplen = (strlen(v->data) + 1);
/* Add the variable only if it fits */
if(len + tmplen < (int)sizeof(temp)-6) {
- if(sscanf(v->data, "%127[^,],%127s", varname, varval)) {
+ if(sscanf(v->data, "%127[^,],%127s", varname, varval) == 2) {
snprintf((char *)&temp[len], sizeof(temp) - len,
"%c%s%c%s", CURL_NEW_ENV_VAR, varname,
CURL_NEW_ENV_VALUE, varval);
--
2.31.1

View File

@ -0,0 +1,47 @@
From 2fbbf282e42ae476459f7efe68a88dcb63dcc43b Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Sat, 12 Jun 2021 18:25:15 +0200
Subject: [PATCH] telnet: fix option parser to not send uninitialized contents
CVE-2021-22925
Reported-by: Red Hat Product Security
Bug: https://curl.se/docs/CVE-2021-22925.html
Upstream-commit: 894f6ec730597eb243618d33cc84d71add8d6a8a
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
lib/telnet.c | 17 +++++++++++------
1 file changed, 11 insertions(+), 6 deletions(-)
diff --git a/lib/telnet.c b/lib/telnet.c
index ea6bc71..f8428b8 100644
--- a/lib/telnet.c
+++ b/lib/telnet.c
@@ -967,12 +967,17 @@ static void suboption(struct connectdata *conn)
size_t tmplen = (strlen(v->data) + 1);
/* Add the variable only if it fits */
if(len + tmplen < (int)sizeof(temp)-6) {
- if(sscanf(v->data, "%127[^,],%127s", varname, varval) == 2) {
- snprintf((char *)&temp[len], sizeof(temp) - len,
- "%c%s%c%s", CURL_NEW_ENV_VAR, varname,
- CURL_NEW_ENV_VALUE, varval);
- len += tmplen;
- }
+ int rv;
+ char sep[2] = "";
+ varval[0] = 0;
+ rv = sscanf(v->data, "%127[^,]%1[,]%127s", varname, sep, varval);
+ if(rv == 1)
+ len += snprintf((char *)&temp[len], sizeof(temp) - len,
+ "%c%s", CURL_NEW_ENV_VAR, varname);
+ else if(rv >= 2)
+ len += snprintf((char *)&temp[len], sizeof(temp) - len,
+ "%c%s%c%s", CURL_NEW_ENV_VAR, varname,
+ CURL_NEW_ENV_VALUE, varval);
}
}
snprintf((char *)&temp[len], sizeof(temp) - len,
--
2.31.1

View File

@ -1,7 +1,7 @@
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
Name: curl
Version: 7.61.1
Release: 18%{?dist}.2
Release: 22%{?dist}
License: MIT
Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz
@ -79,9 +79,21 @@ Patch27: 0027-curl-7.61.1-CVE-2020-8286.patch
# http: send payload when (proxy) authentication is done (#1918692)
Patch28: 0028-curl-7.61.1-http-auth-payload.patch
# prevent automatic referer from leaking credentials (CVE-2021-22876)
Patch29: 0029-curl-7.61.1-CVE-2021-22876.patch
# make `curl --head file://` work as expected (#1947493)
Patch30: 0030-curl-7.61.1-file-head.patch
# fix bad connection reuse due to flawed path name checks (CVE-2021-22924)
Patch31: 0031-curl-7.61.1-CVE-2021-22924.patch
# fix TELNET stack contents disclosure (CVE-2021-22898)
Patch32: 0032-curl-7.61.1-CVE-2021-22898.patch
# fix TELNET stack contents disclosure again (CVE-2021-22925)
Patch33: 0033-curl-7.61.1-CVE-2021-22925.patch
# fix protocol downgrade required TLS bypass (CVE-2021-22946)
Patch34: 0034-curl-7.61.1-CVE-2021-22946.patch
@ -286,7 +298,11 @@ sed -e 's|%%HTTPPORT|%{?__isa_bits}90|g' -i tests/data/test1448
%patch26 -p1
%patch27 -p1
%patch28 -p1
%patch29 -p1
%patch30 -p1
%patch31 -p1
%patch32 -p1
%patch33 -p1
%patch34 -p1
%patch35 -p1
@ -451,16 +467,25 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
%changelog
* Fri Sep 17 2021 Kamil Dudka <kdudka@redhat.com> - 7.61.1-18.el8_4.2
* Fri Sep 17 2021 Kamil Dudka <kdudka@redhat.com> - 7.61.1-22
- fix STARTTLS protocol injection via MITM (CVE-2021-22947)
- fix protocol downgrade required TLS bypass (CVE-2021-22946)
* Thu Aug 05 2021 Kamil Dudka <kdudka@redhat.com> - 7.61.1-18.el8_4.1
* Thu Aug 05 2021 Kamil Dudka <kdudka@redhat.com> - 7.61.1-21
- fix TELNET stack contents disclosure again (CVE-2021-22925)
- fix TELNET stack contents disclosure (CVE-2021-22898)
- fix bad connection reuse due to flawed path name checks (CVE-2021-22924)
- disable metalink support to fix the following vulnerabilities
CVE-2021-22923 - metalink download sends credentials
CVE-2021-22922 - wrong content via metalink not discarded
* Fri Apr 23 2021 Kamil Dudka <kdudka@redhat.com> - 7.61.1-20
- fix a cppcheck's false positive in 0029-curl-7.61.1-CVE-2021-22876.patch
* Fri Apr 23 2021 Kamil Dudka <kdudka@redhat.com> - 7.61.1-19
- make `curl --head file://` work as expected (#1947493)
- prevent automatic referer from leaking credentials (CVE-2021-22876)
* Thu Jan 28 2021 Kamil Dudka <kdudka@redhat.com> - 7.61.1-18
- http: send payload when (proxy) authentication is done (#1918692)
- curl: Inferior OCSP verification (CVE-2020-8286)