Resolves: CVE-2021-22945 - fix use-after-free and double-free in MQTT sending
This commit is contained in:
Kamil Dudka
parent
e32e427920
commit
f58185cd40
33
0007-curl-7.76.1-CVE-2021-22945.patch
Normal file
33
0007-curl-7.76.1-CVE-2021-22945.patch
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
From bb7619897e53ed424e0712ca5a4c93d5fae99715 Mon Sep 17 00:00:00 2001
|
||||||
|
From: z2_ on hackerone <>
|
||||||
|
Date: Tue, 24 Aug 2021 09:50:33 +0200
|
||||||
|
Subject: [PATCH] mqtt: clear the leftovers pointer when sending succeeds
|
||||||
|
|
||||||
|
CVE-2021-22945
|
||||||
|
|
||||||
|
Bug: https://curl.se/docs/CVE-2021-22945.html
|
||||||
|
|
||||||
|
Upstream-commit: 43157490a5054bd24256fe12876931e8abc9df49
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
lib/mqtt.c | 4 ++++
|
||||||
|
1 file changed, 4 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/lib/mqtt.c b/lib/mqtt.c
|
||||||
|
index d88fa73..f3fc045 100644
|
||||||
|
--- a/lib/mqtt.c
|
||||||
|
+++ b/lib/mqtt.c
|
||||||
|
@@ -128,6 +128,10 @@ static CURLcode mqtt_send(struct Curl_easy *data,
|
||||||
|
mq->sendleftovers = sendleftovers;
|
||||||
|
mq->nsend = nsend;
|
||||||
|
}
|
||||||
|
+ else {
|
||||||
|
+ mq->sendleftovers = NULL;
|
||||||
|
+ mq->nsend = 0;
|
||||||
|
+ }
|
||||||
|
return result;
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
||||||
@ -1,7 +1,7 @@
|
|||||||
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
||||||
Name: curl
|
Name: curl
|
||||||
Version: 7.76.1
|
Version: 7.76.1
|
||||||
Release: 11%{?dist}
|
Release: 12%{?dist}
|
||||||
License: MIT
|
License: MIT
|
||||||
Source: https://curl.se/download/%{name}-%{version}.tar.xz
|
Source: https://curl.se/download/%{name}-%{version}.tar.xz
|
||||||
|
|
||||||
@ -23,6 +23,9 @@ Patch5: 0005-curl-7.76.1-CVE-2021-22924.patch
|
|||||||
# fix TELNET stack contents disclosure again (CVE-2021-22925)
|
# fix TELNET stack contents disclosure again (CVE-2021-22925)
|
||||||
Patch6: 0006-curl-7.76.1-CVE-2021-22925.patch
|
Patch6: 0006-curl-7.76.1-CVE-2021-22925.patch
|
||||||
|
|
||||||
|
# fix use-after-free and double-free in MQTT sending (CVE-2021-22945)
|
||||||
|
Patch7: 0007-curl-7.76.1-CVE-2021-22945.patch
|
||||||
|
|
||||||
# patch making libcurl multilib ready
|
# patch making libcurl multilib ready
|
||||||
Patch101: 0101-curl-7.32.0-multilib.patch
|
Patch101: 0101-curl-7.32.0-multilib.patch
|
||||||
|
|
||||||
@ -204,6 +207,7 @@ be installed.
|
|||||||
%patch4 -p1
|
%patch4 -p1
|
||||||
%patch5 -p1
|
%patch5 -p1
|
||||||
%patch6 -p1
|
%patch6 -p1
|
||||||
|
%patch7 -p1
|
||||||
|
|
||||||
# Fedora patches
|
# Fedora patches
|
||||||
%patch101 -p1
|
%patch101 -p1
|
||||||
@ -383,6 +387,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
|
|||||||
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
|
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Sep 17 2021 Kamil Dudka <kdudka@redhat.com> - 7.76.1-12
|
||||||
|
- fix use-after-free and double-free in MQTT sending (CVE-2021-22945)
|
||||||
|
|
||||||
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 7.76.1-11
|
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 7.76.1-11
|
||||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||||
Related: rhbz#1991688
|
Related: rhbz#1991688
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user