From 41dba95570133b25c2b3586eb97a8f127dda99c3 Mon Sep 17 00:00:00 2001 From: Kamil Dudka Date: Wed, 24 Mar 2021 11:04:10 +0100 Subject: [PATCH] Resolves: #1941925 - fix SIGSEGV upon disconnect of a ldaps:// transfer --- 0001-curl-7.75.0-ldaps-segv.patch | 156 ++++++++++++++++++++++++++++++ curl.spec | 9 +- 2 files changed, 164 insertions(+), 1 deletion(-) create mode 100644 0001-curl-7.75.0-ldaps-segv.patch diff --git a/0001-curl-7.75.0-ldaps-segv.patch b/0001-curl-7.75.0-ldaps-segv.patch new file mode 100644 index 0000000..0e96666 --- /dev/null +++ b/0001-curl-7.75.0-ldaps-segv.patch @@ -0,0 +1,156 @@ +From 17686d25019489f43f3d5641db8683932857845e Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Mon, 15 Feb 2021 09:41:22 +0100 +Subject: [PATCH 1/2] openldap: pass 'data' to the callbacks instead of 'conn' + +Upstream-commit: a59c33ceffb8f78b71fa084bbc99c94ecfe82ce6 +Signed-off-by: Kamil Dudka +--- + lib/openldap.c | 16 +++++++++------- + 1 file changed, 9 insertions(+), 7 deletions(-) + +diff --git a/lib/openldap.c b/lib/openldap.c +index 4070bbf..d079822 100644 +--- a/lib/openldap.c ++++ b/lib/openldap.c +@@ -278,7 +278,7 @@ static CURLcode ldap_connecting(struct Curl_easy *data, bool *done) + if(!li->sslinst) { + Sockbuf *sb; + ldap_get_option(li->ld, LDAP_OPT_SOCKBUF, &sb); +- ber_sockbuf_add_io(sb, &ldapsb_tls, LBER_SBIOD_LEVEL_TRANSPORT, conn); ++ ber_sockbuf_add_io(sb, &ldapsb_tls, LBER_SBIOD_LEVEL_TRANSPORT, data); + li->sslinst = TRUE; + li->recv = conn->recv[FIRSTSOCKET]; + li->send = conn->send[FIRSTSOCKET]; +@@ -716,8 +716,8 @@ ldapsb_tls_ctrl(Sockbuf_IO_Desc *sbiod, int opt, void *arg) + { + (void)arg; + if(opt == LBER_SB_OPT_DATA_READY) { +- struct connectdata *conn = sbiod->sbiod_pvt; +- return Curl_ssl_data_pending(conn, FIRSTSOCKET); ++ struct Curl_easy *data = sbiod->sbiod_pvt; ++ return Curl_ssl_data_pending(data->conn, FIRSTSOCKET); + } + return 0; + } +@@ -725,12 +725,13 @@ ldapsb_tls_ctrl(Sockbuf_IO_Desc *sbiod, int opt, void *arg) + static ber_slen_t + ldapsb_tls_read(Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len) + { +- struct connectdata *conn = sbiod->sbiod_pvt; ++ struct Curl_easy *data = sbiod->sbiod_pvt; ++ struct connectdata *conn = data->conn; + struct ldapconninfo *li = conn->proto.ldapc; + ber_slen_t ret; + CURLcode err = CURLE_RECV_ERROR; + +- ret = (li->recv)(conn->data, FIRSTSOCKET, buf, len, &err); ++ ret = (li->recv)(data, FIRSTSOCKET, buf, len, &err); + if(ret < 0 && err == CURLE_AGAIN) { + SET_SOCKERRNO(EWOULDBLOCK); + } +@@ -740,12 +741,13 @@ ldapsb_tls_read(Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len) + static ber_slen_t + ldapsb_tls_write(Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len) + { +- struct connectdata *conn = sbiod->sbiod_pvt; ++ struct Curl_easy *data = sbiod->sbiod_pvt; ++ struct connectdata *conn = data->conn; + struct ldapconninfo *li = conn->proto.ldapc; + ber_slen_t ret; + CURLcode err = CURLE_SEND_ERROR; + +- ret = (li->send)(conn->data, FIRSTSOCKET, buf, len, &err); ++ ret = (li->send)(data, FIRSTSOCKET, buf, len, &err); + if(ret < 0 && err == CURLE_AGAIN) { + SET_SOCKERRNO(EWOULDBLOCK); + } +-- +2.26.3 + + +From a1c1f175e44ef95c47b1e2e91424e193ee7a0d0b Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Tue, 23 Mar 2021 09:28:07 +0100 +Subject: [PATCH 2/2] openldap: avoid NULL pointer dereferences + +Follow-up to a59c33ceffb8f78 +Reported-by: Patrick Monnerat +Fixes #6676 +Closes #6780 + +Upstream-commit: e467ea3bd937f38e1d2e070a68ed451303ba1e73 +Signed-off-by: Kamil Dudka +--- + lib/openldap.c | 40 +++++++++++++++++++++++++--------------- + 1 file changed, 25 insertions(+), 15 deletions(-) + +diff --git a/lib/openldap.c b/lib/openldap.c +index d079822..066c0fd 100644 +--- a/lib/openldap.c ++++ b/lib/openldap.c +@@ -369,6 +369,9 @@ static CURLcode ldap_disconnect(struct Curl_easy *data, + + if(li) { + if(li->ld) { ++ Sockbuf *sb; ++ ldap_get_option(li->ld, LDAP_OPT_SOCKBUF, &sb); ++ ber_sockbuf_add_io(sb, &ldapsb_tls, LBER_SBIOD_LEVEL_TRANSPORT, NULL); + ldap_unbind_ext(li->ld, NULL, NULL); + li->ld = NULL; + } +@@ -726,14 +729,18 @@ static ber_slen_t + ldapsb_tls_read(Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len) + { + struct Curl_easy *data = sbiod->sbiod_pvt; +- struct connectdata *conn = data->conn; +- struct ldapconninfo *li = conn->proto.ldapc; +- ber_slen_t ret; +- CURLcode err = CURLE_RECV_ERROR; ++ ber_slen_t ret = 0; ++ if(data) { ++ struct connectdata *conn = data->conn; ++ if(conn) { ++ struct ldapconninfo *li = conn->proto.ldapc; ++ CURLcode err = CURLE_RECV_ERROR; + +- ret = (li->recv)(data, FIRSTSOCKET, buf, len, &err); +- if(ret < 0 && err == CURLE_AGAIN) { +- SET_SOCKERRNO(EWOULDBLOCK); ++ ret = (li->recv)(data, FIRSTSOCKET, buf, len, &err); ++ if(ret < 0 && err == CURLE_AGAIN) { ++ SET_SOCKERRNO(EWOULDBLOCK); ++ } ++ } + } + return ret; + } +@@ -742,14 +749,17 @@ static ber_slen_t + ldapsb_tls_write(Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len) + { + struct Curl_easy *data = sbiod->sbiod_pvt; +- struct connectdata *conn = data->conn; +- struct ldapconninfo *li = conn->proto.ldapc; +- ber_slen_t ret; +- CURLcode err = CURLE_SEND_ERROR; +- +- ret = (li->send)(data, FIRSTSOCKET, buf, len, &err); +- if(ret < 0 && err == CURLE_AGAIN) { +- SET_SOCKERRNO(EWOULDBLOCK); ++ ber_slen_t ret = 0; ++ if(data) { ++ struct connectdata *conn = data->conn; ++ if(conn) { ++ struct ldapconninfo *li = conn->proto.ldapc; ++ CURLcode err = CURLE_SEND_ERROR; ++ ret = (li->send)(data, FIRSTSOCKET, buf, len, &err); ++ if(ret < 0 && err == CURLE_AGAIN) { ++ SET_SOCKERRNO(EWOULDBLOCK); ++ } ++ } + } + return ret; + } +-- +2.26.3 + diff --git a/curl.spec b/curl.spec index 8fb7c0b..f665b55 100644 --- a/curl.spec +++ b/curl.spec @@ -1,10 +1,13 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl Version: 7.75.0 -Release: 2%{?dist} +Release: 3%{?dist} License: MIT Source: https://curl.se/download/%{name}-%{version}.tar.xz +# fix SIGSEGV upon disconnect of a ldaps:// transfer (#1941925) +Patch1: 0001-curl-7.75.0-ldaps-segv.patch + # patch making libcurl multilib ready Patch101: 0101-curl-7.32.0-multilib.patch @@ -183,6 +186,7 @@ be installed. %setup -q # upstream patches +%patch1 -p1 # Fedora patches %patch101 -p1 @@ -355,6 +359,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Wed Mar 24 2021 Kamil Dudka - 7.75.0-3 +- fix SIGSEGV upon disconnect of a ldaps:// transfer (#1941925) + * Tue Feb 23 2021 Kamil Dudka - 7.75.0-2 - build-require python3-impacket only on Fedora