From d92c2687b6e73d1755f857ba9f38c9d538216b28 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Tue, 3 Nov 2020 06:54:42 -0500
Subject: [PATCH] import openwsman-2.6.5-7.el8

---
 SOURCES/openwsman-2.6.5-CVE-2019-3833.patch | 94 +++++++++++++++++++++
 SPECS/openwsman.spec                        | 16 +++-
 2 files changed, 107 insertions(+), 3 deletions(-)
 create mode 100644 SOURCES/openwsman-2.6.5-CVE-2019-3833.patch

diff --git a/SOURCES/openwsman-2.6.5-CVE-2019-3833.patch b/SOURCES/openwsman-2.6.5-CVE-2019-3833.patch
new file mode 100644
index 0000000..1eb3568
--- /dev/null
+++ b/SOURCES/openwsman-2.6.5-CVE-2019-3833.patch
@@ -0,0 +1,94 @@
+diff -up openwsman-2.6.5/src/server/shttpd/shttpd.c.orig openwsman-2.6.5/src/server/shttpd/shttpd.c
+--- openwsman-2.6.5/src/server/shttpd/shttpd.c.orig	2020-05-11 11:10:04.783971915 +0200
++++ openwsman-2.6.5/src/server/shttpd/shttpd.c	2020-05-11 11:10:04.786971932 +0200
+@@ -705,11 +705,11 @@ parse_http_request(struct conn *c)
+ 		_shttpd_send_server_error(c, 500, "Cannot allocate request");
+ 	}
+ 
++	io_inc_tail(&c->rem.io, req_len);
++
+ 	if (c->loc.flags & FLAG_CLOSED)
+ 		return;
+ 
+-	io_inc_tail(&c->rem.io, req_len);
+-
+ 	DBG(("Conn %d: parsing request: [%.*s]", c->rem.chan.sock, req_len, s));
+ 	c->rem.flags |= FLAG_HEADERS_PARSED;
+ 
+@@ -975,7 +975,7 @@ write_stream(struct stream *from, struct
+ }
+ 
+ 
+-static void
++static int
+ connection_desctructor(struct llhead *lp)
+ {
+ 	struct conn		*c = LL_ENTRY(lp, struct conn, link);
+@@ -999,7 +999,8 @@ connection_desctructor(struct llhead *lp
+ 	 * Check the "Connection: " header before we free c->request
+ 	 * If it its 'keep-alive', then do not close the connection
+ 	 */
+-	do_close = (c->ch.connection.v_vec.len >= vec.len &&
++	do_close = c->rem.flags & FLAG_CLOSED ||
++	    (c->ch.connection.v_vec.len >= vec.len &&
+ 	    !_shttpd_strncasecmp(vec.ptr,c->ch.connection.v_vec.ptr,vec.len)) ||
+ 	    (c->major_version < 1 ||
+ 	    (c->major_version >= 1 && c->minor_version < 1));
+@@ -1021,7 +1022,7 @@ connection_desctructor(struct llhead *lp
+ 		io_clear(&c->loc.io);
+ 		c->birth_time = _shttpd_current_time;
+ 		if (io_data_len(&c->rem.io) > 0)
+-			process_connection(c, 0, 0);
++			return 1;
+ 	} else {
+ 		if (c->rem.io_class != NULL)
+ 			c->rem.io_class->close(&c->rem);
+@@ -1032,6 +1033,8 @@ connection_desctructor(struct llhead *lp
+ 
+ 		free(c);
+ 	}
++
++	return 0;
+ }
+ 
+ static void
+@@ -1039,7 +1042,7 @@ worker_destructor(struct llhead *lp)
+ {
+ 	struct worker	*worker = LL_ENTRY(lp, struct worker, link);
+ 
+-	free_list(&worker->connections, connection_desctructor);
++	free_list(&worker->connections, (void (*)(struct llhead *))connection_desctructor);
+ 	free(worker);
+ }
+ 
+@@ -1072,6 +1075,8 @@ add_to_set(int fd, fd_set *set, int *max
+ static void
+ process_connection(struct conn *c, int remote_ready, int local_ready)
+ {
++again:
++
+ 	/* Read from remote end if it is ready */
+ 	if (remote_ready && io_space_len(&c->rem.io))
+ 		read_stream(&c->rem);
+@@ -1100,7 +1105,11 @@ process_connection(struct conn *c, int r
+ 	if ((_shttpd_current_time > c->expire_time) ||
+ 	    (c->rem.flags & FLAG_CLOSED) ||
+ 	    ((c->loc.flags & FLAG_CLOSED) && !io_data_len(&c->loc.io)))
+-		connection_desctructor(&c->link);
++		if (connection_desctructor(&c->link)) {
++			remote_ready = 0;
++			local_ready = 0;
++			goto again;
++		}
+ }
+ 
+ static int
+@@ -1640,7 +1649,7 @@ worker_function(void *param)
+ 	while (worker->exit_flag == 0)
+ 		poll_worker(worker, 1000 * 10);
+ 
+-	free_list(&worker->connections, connection_desctructor);
++	free_list(&worker->connections, (void (*)(struct llhead *))connection_desctructor);
+ 	free(worker);
+ }
+ 
diff --git a/SPECS/openwsman.spec b/SPECS/openwsman.spec
index 55b1b0b..0b54272 100644
--- a/SPECS/openwsman.spec
+++ b/SPECS/openwsman.spec
@@ -3,7 +3,7 @@
 
 Name:		openwsman
 Version:	2.6.5
-Release:	5%{?dist}
+Release:	7%{?dist}
 Summary:	Open source Implementation of WS-Management
 
 License:	BSD
@@ -21,6 +21,8 @@ Patch3:		openwsman-2.6.2-openssl-1.1-fix.patch
 Patch4:		openwsman-2.6.5-http-status-line.patch
 Patch5:		openwsman-2.6.5-fix-set-cipher-list-retval-check.patch
 Patch6:		openwsman-2.6.5-CVE-2019-3816.patch
+# Patch7: fixes CVE-2019-3833, rhbz#1687865
+Patch7:		openwsman-2.6.5-CVE-2019-3833.patch
 BuildRequires:	swig
 BuildRequires:	libcurl-devel libxml2-devel pam-devel sblim-sfcc-devel
 BuildRequires:	python3 python3-devel ruby ruby-devel rubygems-devel perl-interpreter
@@ -128,6 +130,7 @@ You can use it to send shell commands to a remote Windows hosts.
 %patch4 -p1 -b .http-status-line
 %patch5 -p1 -b .fix-set-cipher-list-retval-check
 %patch6 -p1 -b .CVE-2019-3816
+%patch7 -p1 -b .CVE-2019-3833
 
 %build
 # Removing executable permissions on .c and .h files to fix rpmlint warnings. 
@@ -284,9 +287,16 @@ rm -f /var/log/wsmand.log
 %{_bindir}/winrs
 
 %changelog
-* Mon Apr 01 2019 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.5-5
+* Mon May 11 2020 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.5-7
+- Fix CVE-2019-3833
+  Resolves: #1687865
+
+* Wed Jul 17 2019 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.5-6
+- Fix name of Patch6
+
+* Wed Mar 13 2019 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.5-5
 - Fix CVE-2019-3816
-  Resolves: #1693972
+  Resolves: #1687864
 - Remove Dist Tag from the oldest changelog entry
 
 * Thu Sep 20 2018 Tomas Orsava <torsava@redhat.com> - 2.6.5-4