ftp: fix typo in recursive callback detection for seeking

This commit is contained in:
Kamil Dudka 2018-03-14 14:42:24 +01:00
parent bdef0a1bf6
commit 6402b496fc
2 changed files with 37 additions and 1 deletions

View File

@ -0,0 +1,29 @@
From 1b02cb2b51148915b2ba025bb262ef34f369fa4b Mon Sep 17 00:00:00 2001
From: dasimx <g9264140@trbvm.com>
Date: Wed, 14 Mar 2018 11:02:05 +0100
Subject: [PATCH] FTP: fix typo in recursive callback detection for seeking
Fixes #2380
Upstream-commit: 920f73a6906dce87c6ee87c32b109a287189965d
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
lib/ftp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/ftp.c b/lib/ftp.c
index e2cc38b..0cc583b 100644
--- a/lib/ftp.c
+++ b/lib/ftp.c
@@ -1621,7 +1621,7 @@ static CURLcode ftp_state_ul_setup(struct connectdata *conn,
Curl_set_in_callback(data, true);
seekerr = conn->seek_func(conn->seek_client, data->state.resume_from,
SEEK_SET);
- Curl_set_in_callback(data, true);
+ Curl_set_in_callback(data, false);
}
if(seekerr != CURL_SEEKFUNC_OK) {
--
2.14.3

View File

@ -1,10 +1,13 @@
Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
Name: curl Name: curl
Version: 7.59.0 Version: 7.59.0
Release: 1%{?dist} Release: 2%{?dist}
License: MIT License: MIT
Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz
# ftp: fix typo in recursive callback detection for seeking
Patch1: 0001-curl-7.58.0-ftp-typo-in-recursive-callback-detection.patch
# patch making libcurl multilib ready # patch making libcurl multilib ready
Patch101: 0101-curl-7.32.0-multilib.patch Patch101: 0101-curl-7.32.0-multilib.patch
@ -151,6 +154,7 @@ be installed.
%setup -q %setup -q
# upstream patches # upstream patches
%patch1 -p1
# Fedora patches # Fedora patches
%patch101 -p1 %patch101 -p1
@ -296,6 +300,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
%changelog %changelog
* Wed Mar 14 2018 Kamil Dudka <kdudka@redhat.com> - 7.59.0-2
- ftp: fix typo in recursive callback detection for seeking
* Wed Mar 14 2018 Kamil Dudka <kdudka@redhat.com> - 7.59.0-1 * Wed Mar 14 2018 Kamil Dudka <kdudka@redhat.com> - 7.59.0-1
- new upstream release, which fixes the following vulnerabilities - new upstream release, which fixes the following vulnerabilities
CVE-2018-1000120 - FTP path trickery leads to NIL byte out of bounds write CVE-2018-1000120 - FTP path trickery leads to NIL byte out of bounds write