Resolves: CVE-2021-22945 - fix use-after-free and double-free in MQTT sending
This commit is contained in:
Kamil Dudka
parent
e32e427920
commit
f58185cd40
|
|
@ -0,0 +1,33 @@
|
|||
From bb7619897e53ed424e0712ca5a4c93d5fae99715 Mon Sep 17 00:00:00 2001
|
||||
From: z2_ on hackerone <>
|
||||
Date: Tue, 24 Aug 2021 09:50:33 +0200
|
||||
Subject: [PATCH] mqtt: clear the leftovers pointer when sending succeeds
|
||||
|
||||
CVE-2021-22945
|
||||
|
||||
Bug: https://curl.se/docs/CVE-2021-22945.html
|
||||
|
||||
Upstream-commit: 43157490a5054bd24256fe12876931e8abc9df49
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
lib/mqtt.c | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/lib/mqtt.c b/lib/mqtt.c
|
||||
index d88fa73..f3fc045 100644
|
||||
--- a/lib/mqtt.c
|
||||
+++ b/lib/mqtt.c
|
||||
@@ -128,6 +128,10 @@ static CURLcode mqtt_send(struct Curl_easy *data,
|
||||
mq->sendleftovers = sendleftovers;
|
||||
mq->nsend = nsend;
|
||||
}
|
||||
+ else {
|
||||
+ mq->sendleftovers = NULL;
|
||||
+ mq->nsend = 0;
|
||||
+ }
|
||||
return result;
|
||||
}
|
||||
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
||||
Name: curl
|
||||
Version: 7.76.1
|
||||
Release: 11%{?dist}
|
||||
Release: 12%{?dist}
|
||||
License: MIT
|
||||
Source: https://curl.se/download/%{name}-%{version}.tar.xz
|
||||
|
||||
|
|
@ -23,6 +23,9 @@ Patch5: 0005-curl-7.76.1-CVE-2021-22924.patch
|
|||
# fix TELNET stack contents disclosure again (CVE-2021-22925)
|
||||
Patch6: 0006-curl-7.76.1-CVE-2021-22925.patch
|
||||
|
||||
# fix use-after-free and double-free in MQTT sending (CVE-2021-22945)
|
||||
Patch7: 0007-curl-7.76.1-CVE-2021-22945.patch
|
||||
|
||||
# patch making libcurl multilib ready
|
||||
Patch101: 0101-curl-7.32.0-multilib.patch
|
||||
|
||||
|
|
@ -204,6 +207,7 @@ be installed.
|
|||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
%patch7 -p1
|
||||
|
||||
# Fedora patches
|
||||
%patch101 -p1
|
||||
|
|
@ -383,6 +387,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
|
|||
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
|
||||
|
||||
%changelog
|
||||
* Fri Sep 17 2021 Kamil Dudka <kdudka@redhat.com> - 7.76.1-12
|
||||
- fix use-after-free and double-free in MQTT sending (CVE-2021-22945)
|
||||
|
||||
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 7.76.1-11
|
||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||
Related: rhbz#1991688
|
||||
|
|
|
|||
Loading…
Reference in New Issue