Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP3:GA
curl
curl-CVE-2020-8231.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File curl-CVE-2020-8231.patch of Package curl
From 8c899c70575126151628b1455429cdb7224894fc Mon Sep 17 00:00:00 2001 From: Daniel Stenberg <daniel@haxx.se> Date: Mon, 3 Aug 2020 14:54:13 +0200 Subject: [PATCH] Curl_easy: remember last connection by id, not by pointer CVE-2020-8231 Bug: https://curl.haxx.se/docs/CVE-2020-8231.html Reported-by: Marc Aldorasi --- lib/connect.c | 19 ++++++++++--------- lib/easy.c | 3 +-- lib/multi.c | 10 ++++++---- lib/url.c | 2 +- lib/urldata.h | 2 +- 5 files changed, 19 insertions(+), 17 deletions(-) Index: curl-7.37.0/lib/connect.c =================================================================== --- curl-7.37.0.orig/lib/connect.c +++ curl-7.37.0/lib/connect.c @@ -1160,15 +1160,15 @@ CURLcode Curl_connecthost(struct connect } struct connfind { - struct connectdata *tofind; - bool found; + long id_tofind; + struct connectdata *found; }; static int conn_is_conn(struct connectdata *conn, void *param) { struct connfind *f = (struct connfind *)param; - if(conn == f->tofind) { - f->found = TRUE; + if(conn->connection_id == f->id_tofind) { + f->found = conn; return 1; } return 0; @@ -1189,19 +1189,20 @@ curl_socket_t Curl_getconnectinfo(struct /* this only works for an easy handle that has been used for curl_easy_perform()! */ - if(data->state.lastconnect && data->multi_easy) { - struct connectdata *c = data->state.lastconnect; + if((data->state.lastconnect_id != -1) && data->multi_easy) { + struct connectdata *c; struct connfind find; - find.tofind = data->state.lastconnect; - find.found = FALSE; + find.id_tofind = data->state.lastconnect_id; + find.found = NULL; Curl_conncache_foreach(data->multi_easy->conn_cache, &find, conn_is_conn); if(!find.found) { - data->state.lastconnect = NULL; + data->state.lastconnect_id = -1; return CURL_SOCKET_BAD; } + c = find.found; if(connp) /* only store this if the caller cares for it */ *connp = c; Index: curl-7.37.0/lib/easy.c =================================================================== --- curl-7.37.0.orig/lib/easy.c +++ curl-7.37.0/lib/easy.c @@ -895,8 +895,7 @@ CURL *curl_easy_duphandle(CURL *incurl) /* the connection cache is setup on demand */ outcurl->state.conn_cache = NULL; - - outcurl->state.lastconnect = NULL; + outcurl->state.lastconnect_id = -1; outcurl->progress.flags = data->progress.flags; outcurl->progress.callback = data->progress.callback; Index: curl-7.37.0/lib/multi.c =================================================================== --- curl-7.37.0.orig/lib/multi.c +++ curl-7.37.0/lib/multi.c @@ -403,7 +403,7 @@ CURLMcode curl_multi_add_handle(CURLM *m /* Point to the multi's connection cache */ data->state.conn_cache = multi->conn_cache; - + data->state.lastconnect_id = -1; data->state.infilesize = data->set.filesize; /* This adds the new entry at the 'end' of the doubly-linked circular Index: curl-7.37.0/lib/url.c =================================================================== --- curl-7.37.0.orig/lib/url.c +++ curl-7.37.0/lib/url.c @@ -632,7 +632,7 @@ CURLcode Curl_open(struct SessionHandle Curl_convert_init(data); /* most recent connection is not yet defined */ - data->state.lastconnect = NULL; + data->state.lastconnect_id = -1; data->progress.flags |= PGRS_HIDE; data->state.current_speed = -1; /* init to negative == impossible */ @@ -5889,14 +5889,14 @@ CURLcode Curl_done(struct connectdata ** /* the connection is no longer in use */ if(ConnectionDone(data, conn)) { /* remember the most recently used connection */ - data->state.lastconnect = conn; + data->state.lastconnect_id = conn->connection_id; infof(data, "Connection #%ld to host %s left intact\n", conn->connection_id, conn->bits.httpproxy?conn->proxy.dispname:conn->host.dispname); } else - data->state.lastconnect = NULL; + data->state.lastconnect_id = -1; } *connp = NULL; /* to make the caller of this function better detect that Index: curl-7.37.0/lib/urldata.h =================================================================== --- curl-7.37.0.orig/lib/urldata.h +++ curl-7.37.0/lib/urldata.h @@ -1210,7 +1210,7 @@ struct UrlState { /* buffers to store authentication data in, as parsed from input options */ struct timeval keeps_speed; /* for the progress meter really */ - struct connectdata *lastconnect; /* The last connection, NULL if undefined */ + long lastconnect_id; /* The last connection, -1 if undefined */ char *headerbuff; /* allocated buffer to store headers in */ size_t headersize; /* size of the allocation */
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor