1
0
forked from rpms/curl

Resolves: CVE-2021-22945 - fix use-after-free and double-free in MQTT sending

This commit is contained in:
Kamil Dudka 2021-09-17 09:10:21 +02:00
parent e32e427920
commit f58185cd40
2 changed files with 41 additions and 1 deletions

View File

@ -0,0 +1,33 @@
From bb7619897e53ed424e0712ca5a4c93d5fae99715 Mon Sep 17 00:00:00 2001
From: z2_ on hackerone <>
Date: Tue, 24 Aug 2021 09:50:33 +0200
Subject: [PATCH] mqtt: clear the leftovers pointer when sending succeeds
CVE-2021-22945
Bug: https://curl.se/docs/CVE-2021-22945.html
Upstream-commit: 43157490a5054bd24256fe12876931e8abc9df49
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
lib/mqtt.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/lib/mqtt.c b/lib/mqtt.c
index d88fa73..f3fc045 100644
--- a/lib/mqtt.c
+++ b/lib/mqtt.c
@@ -128,6 +128,10 @@ static CURLcode mqtt_send(struct Curl_easy *data,
mq->sendleftovers = sendleftovers;
mq->nsend = nsend;
}
+ else {
+ mq->sendleftovers = NULL;
+ mq->nsend = 0;
+ }
return result;
}
--
2.31.1

View File

@ -1,7 +1,7 @@
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
Name: curl
Version: 7.76.1
Release: 11%{?dist}
Release: 12%{?dist}
License: MIT
Source: https://curl.se/download/%{name}-%{version}.tar.xz
@ -23,6 +23,9 @@ Patch5: 0005-curl-7.76.1-CVE-2021-22924.patch
# fix TELNET stack contents disclosure again (CVE-2021-22925)
Patch6: 0006-curl-7.76.1-CVE-2021-22925.patch
# fix use-after-free and double-free in MQTT sending (CVE-2021-22945)
Patch7: 0007-curl-7.76.1-CVE-2021-22945.patch
# patch making libcurl multilib ready
Patch101: 0101-curl-7.32.0-multilib.patch
@ -204,6 +207,7 @@ be installed.
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
# Fedora patches
%patch101 -p1
@ -383,6 +387,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
%changelog
* Fri Sep 17 2021 Kamil Dudka <kdudka@redhat.com> - 7.76.1-12
- fix use-after-free and double-free in MQTT sending (CVE-2021-22945)
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 7.76.1-11
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688