Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
curl
curl-CVE-2023-28320.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File curl-CVE-2023-28320.patch of Package curl
From 13718030ad4b3209a7583b4f27f683cd3a6fa5f2 Mon Sep 17 00:00:00 2001 From: Harry Sintonen <sintonen@iki.fi> Date: Tue, 25 Apr 2023 09:22:26 +0200 Subject: [PATCH] hostip: add locks around use of global buffer for alarm() When building with the sync name resolver and timeout ability we now require thread-safety to be present to enable it. Closes #11030 --- lib/hostip.c | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) Index: curl-7.37.0/lib/hostip.c =================================================================== --- curl-7.37.0.orig/lib/hostip.c +++ curl-7.37.0/lib/hostip.c @@ -64,12 +64,19 @@ /* The last #include file should be: */ #include "memdebug.h" -#if defined(CURLRES_SYNCH) && \ - defined(HAVE_ALARM) && defined(SIGALRM) && defined(HAVE_SIGSETJMP) +#if defined(CURLRES_SYNCH) && \ + defined(HAVE_ALARM) && \ + defined(SIGALRM) && \ + defined(HAVE_SIGSETJMP) && \ + defined(GLOBAL_INIT_IS_THREADSAFE) /* alarm-based timeouts can only be used with all the dependencies satisfied */ #define USE_ALARM_TIMEOUT #endif +#ifdef USE_ALARM_TIMEOUT +#include "easy_lock.h" +#endif + /* * hostip.c explained * ================== @@ -311,11 +318,12 @@ remove_entry_if_stale(struct SessionHand } -#ifdef HAVE_SIGSETJMP +#ifdef USE_ALARM_TIMEOUT /* Beware this is a global and unique instance. This is used to store the return address that we can jump back to from inside a signal handler. This is not thread-safe stuff. */ sigjmp_buf curl_jmpenv; +curl_simple_lock curl_jmpenv_lock; #endif @@ -513,7 +521,6 @@ int Curl_resolv(struct connectdata *conn static RETSIGTYPE alarmfunc(int sig) { - /* this is for "-ansi -Wall -pedantic" to stop complaining! (rabe) */ (void)sig; siglongjmp(curl_jmpenv, 1); return; @@ -618,6 +625,8 @@ int Curl_resolv_timeout(struct connectda This should be the last thing we do before calling Curl_resolv(), as otherwise we'd have to worry about variables that get modified before we invoke Curl_resolv() (and thus use "volatile"). */ + curl_simple_lock_lock(&curl_jmpenv_lock); + if(sigsetjmp(curl_jmpenv, 1)) { /* this is coming from a siglongjmp() after an alarm signal */ failf(data, "name lookup timed out"); @@ -659,6 +668,8 @@ clean_up: #endif #endif /* HAVE_SIGACTION */ + curl_simple_lock_unlock(&curl_jmpenv_lock); + /* switch back the alarm() to either zero or to what it was before minus the time we spent until now! */ if(prev_alarm) {
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor