rpms/curl
7
0
Fork 1
Code Issues Pull Requests Releases Activity

Make up incomplete patch for host name wildcard checking

Browse Source 
Resolves: RHEL-5680
This commit is contained in:
Jacek Migacz 2025-01-08 14:32:12 +01:00
parent a29ff5a08e
commit 63449f1e91
2 changed files with 12 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
0051-curl-7.61.1-CVE-2023-28321.patch
View File

@ -41,7 +41,7 @@ index e827dc58f378c..d061c6356f97f 100644
/* /*
* Match a hostname against a wildcard pattern. * Match a hostname against a wildcard pattern.
* E.g. * E.g.
@@ -65,26 +76,27 @@ @@ -65,26 +76,31 @@
static int hostmatch(char *hostname, char *pattern) static int hostmatch(char *hostname, char *pattern)
{ {
@ -73,10 +73,14 @@ index e827dc58f378c..d061c6356f97f 100644
- if(pattern_wildcard == NULL) - if(pattern_wildcard == NULL)
- return strcasecompare(pattern, hostname) ? - return strcasecompare(pattern, hostname) ?
- CURL_HOST_MATCH : CURL_HOST_NOMATCH; - CURL_HOST_MATCH : CURL_HOST_NOMATCH;
+ if(hostname[hostlen-1]=='.') + if(hostname[hostlen-1]=='.') {
+ hostname[hostlen-1] = 0; + hostname[hostlen-1] = 0;
+ if(pattern[patternlen-1]=='.') + hostlen--;
+ }
+ if(pattern[patternlen-1]=='.') {
+ pattern[patternlen-1] = 0; + pattern[patternlen-1] = 0;
+ patternlen--;
+ }
+ +
+ if(strncmp(pattern, "*.", 2)) + if(strncmp(pattern, "*.", 2))
+ return pmatch(hostname, hostlen, pattern, patternlen); + return pmatch(hostname, hostlen, pattern, patternlen);
@ -170,7 +174,7 @@ index 2f3d3aa4d09e1..3ae75618d5d10 100644
static CURLcode unit_setup(void) static CURLcode unit_setup(void)
{ {
return CURLE_OK; return CURLE_OK;
@@ -30,50 +28,93 @@ static CURLcode unit_setup(void) @@ -30,50 +28,91 @@ static CURLcode unit_setup(void)
static void unit_stop(void) static void unit_stop(void)
{ {
@ -281,9 +285,7 @@ index 2f3d3aa4d09e1..3ae75618d5d10 100644
+ int i; + int i;
+ for(i = 0; tests[i].host; i++) { + for(i = 0; tests[i].host; i++) {
+ if(tests[i].match != Curl_cert_hostcheck(tests[i].pattern, + if(tests[i].match != Curl_cert_hostcheck(tests[i].pattern,
+ strlen(tests[i].pattern), + tests[i].host)) {
+ tests[i].host,
+ strlen(tests[i].host))) {
+ fprintf(stderr, + fprintf(stderr,
+ "HOST: %s\n" + "HOST: %s\n"
+ "PTRN: %s\n" + "PTRN: %s\n"

3
curl.spec
View File

@ -582,6 +582,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
%changelog %changelog
* Wed Jan 08 2025 Jacek Migacz <jmigacz@redhat.com> - 7.61.1-34.el8_10.4
- make up incomplete patch for host name wildcard checking (RHEL-5680)
* Wed Oct 30 2024 Jacek Migacz <jmigacz@redhat.com> - 7.61.1-34.el8_10.3 * Wed Oct 30 2024 Jacek Migacz <jmigacz@redhat.com> - 7.61.1-34.el8_10.3
- asyn-thread: create a socketpair to wait on (RHEL-34906) - asyn-thread: create a socketpair to wait on (RHEL-34906)
- fix crash, when talking to a NTLM proxy in FIPS mode (RHEL-32641) - fix crash, when talking to a NTLM proxy in FIPS mode (RHEL-32641)