Resolves: CVE-2022-27775 - fix bad local IPv6 connection reuse

This commit is contained in:
Kamil Dudka 2022-04-28 09:54:37 +02:00
parent 7c695ff325
commit ebff9aa2cc
2 changed files with 45 additions and 0 deletions

View File

@ -0,0 +1,40 @@
From 187d0795030ccb4f410eb6089e265ac3571e56dd Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 25 Apr 2022 11:48:00 +0200
Subject: [PATCH] conncache: include the zone id in the "bundle" hashkey
Make connections to two separate IPv6 zone ids create separate
connections.
Reported-by: Harry Sintonen
Bug: https://curl.se/docs/CVE-2022-27775.html
Closes #8747
Upstream-commit: 058f98dc3fe595f21dc26a5b9b1699e519ba5705
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
lib/conncache.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/lib/conncache.c b/lib/conncache.c
index cd5756a..9b9f683 100644
--- a/lib/conncache.c
+++ b/lib/conncache.c
@@ -159,8 +159,12 @@ static void hashkey(struct connectdata *conn, char *buf,
/* report back which name we used */
*hostp = hostname;
- /* put the number first so that the hostname gets cut off if too long */
- msnprintf(buf, len, "%ld%s", port, hostname);
+ /* put the numbers first so that the hostname gets cut off if too long */
+#ifdef ENABLE_IPV6
+ msnprintf(buf, len, "%u/%ld/%s", conn->scope_id, port, hostname);
+#else
+ msnprintf(buf, len, "%ld/%s", port, hostname);
+#endif
}
/* Returns number of connections currently held in the connection cache.
--
2.34.1

View File

@ -35,6 +35,9 @@ Patch9: 0009-curl-7.76.1-CVE-2021-22947.patch
# fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576) # fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)
Patch10: 0010-curl-7.76.1-CVE-2022-22576.patch Patch10: 0010-curl-7.76.1-CVE-2022-22576.patch
# fix bad local IPv6 connection reuse (CVE-2022-27775)
Patch11: 0011-curl-7.76.1-CVE-2022-27775.patch
# patch making libcurl multilib ready # patch making libcurl multilib ready
Patch101: 0101-curl-7.32.0-multilib.patch Patch101: 0101-curl-7.32.0-multilib.patch
@ -220,6 +223,7 @@ be installed.
%patch8 -p1 %patch8 -p1
%patch9 -p1 %patch9 -p1
%patch10 -p1 %patch10 -p1
%patch11 -p1
# Fedora patches # Fedora patches
%patch101 -p1 %patch101 -p1
@ -441,6 +445,7 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
%changelog %changelog
* Thu Apr 28 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-15 * Thu Apr 28 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-15
- fix bad local IPv6 connection reuse (CVE-2022-27775)
- fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576) - fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)
* Tue Oct 26 2021 Kamil Dudka <kdudka@redhat.com> - 7.76.1-14 * Tue Oct 26 2021 Kamil Dudka <kdudka@redhat.com> - 7.76.1-14