Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
curl
curl-CVE-2020-19909.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File curl-CVE-2020-19909.patch of Package curl
From db0a0dfb0eb41d39273b0590b992df58f38b9a4d Mon Sep 17 00:00:00 2001 From: Daniel Stenberg <daniel@haxx.se> Date: Mon, 29 Jul 2019 22:10:13 +0200 Subject: [PATCH] curl: cap the maximum allowed values for retry time arguments ... to avoid integer overflows later when multiplying with 1000 to convert seconds to milliseconds. Added test 1269 to verify. Reported-by: Jason Lee Closes #4166 --- src/tool_getparam.c | 4 ++-- src/tool_paramhlp.c | 22 ++++++++++++++++++++++ src/tool_paramhlp.h | 3 ++- tests/data/Makefile.inc | 2 +- tests/data/test1269 | 34 ++++++++++++++++++++++++++++++++++ 5 files changed, 61 insertions(+), 4 deletions(-) create mode 100644 tests/data/test1269 Index: curl-7.37.0/src/tool_getparam.c =================================================================== --- curl-7.37.0.orig/src/tool_getparam.c +++ curl-7.37.0/src/tool_getparam.c @@ -787,12 +787,12 @@ ParameterError getparameter(char *flag, return err; break; case 'h': /* --retry-delay */ - err = str2unum(&config->retry_delay, nextarg); + err = str2unummax(&config->retry_delay, nextarg, LONG_MAX/1000); if(err) return err; break; case 'i': /* --retry-max-time */ - err = str2unum(&config->retry_maxtime, nextarg); + err = str2unummax(&config->retry_maxtime, nextarg, LONG_MAX/1000); if(err) return err; break; Index: curl-7.37.0/src/tool_paramhlp.c =================================================================== --- curl-7.37.0.orig/src/tool_paramhlp.c +++ curl-7.37.0/src/tool_paramhlp.c @@ -189,6 +189,28 @@ ParameterError str2unum(long *val, const } /* + * Parse the string and write the long in the given address if it is below the + * maximum allowed value. Return PARAM_OK on success, otherwise a parameter + * error enum. ONLY ACCEPTS POSITIVE NUMBERS! + * + * Since this function gets called with the 'nextarg' pointer from within the + * getparameter a lot, we must check it for NULL before accessing the str + * data. + */ + +ParameterError str2unummax(long *val, const char *str, long max) +{ + ParameterError result = str2unum(val, str); + if(result != PARAM_OK) + return result; + if(*val > max) + return PARAM_BAD_NUMERIC; + + return PARAM_OK; +} + + +/* * Parse the string and write the double in the given address. Return PARAM_OK * on success, otherwise a parameter specific error enum. * Index: curl-7.37.0/src/tool_paramhlp.h =================================================================== --- curl-7.37.0.orig/src/tool_paramhlp.h +++ curl-7.37.0/src/tool_paramhlp.h @@ -33,6 +33,7 @@ void cleanarg(char *str); ParameterError str2num(long *val, const char *str); ParameterError str2unum(long *val, const char *str); +ParameterError str2unummax(long *val, const char *str, long max); ParameterError str2double(double *val, const char *str); ParameterError str2udouble(double *val, const char *str); Index: curl-7.37.0/tests/data/test1269 =================================================================== --- /dev/null +++ curl-7.37.0/tests/data/test1269 @@ -0,0 +1,34 @@ +<testcase> +<info> +<keywords> +--retry-delay +</keywords> +</info> + +# +# Server-side +<reply> +</reply> + +# +# Client-side +<client> +<server> +none +</server> + <name> +too large --retry-delay value + </name> + <command> +--retry 3 --retry-delay 9223372036854776 http://%HOSTIP:%HTTPPORT/1269 +</command> +</client> + +# +# Verify data after the test has been "shot" +<verify> +<errorcode> +2 +</errorcode> +</verify> +</testcase> Index: curl-7.37.0/tests/data/Makefile.am =================================================================== --- curl-7.37.0.orig/tests/data/Makefile.am +++ curl-7.37.0/tests/data/Makefile.am @@ -110,6 +110,7 @@ test1216 test1217 test1218 test1219 \ test1220 test1221 test1222 test1223 test1224 test1225 test1226 test1227 \ test1228 test1229 test1230 test1231 test1232 test1233 test1234 test1235 \ test1236 test1237 test1238 test1239 test1240 \ +test1269 \ test1289 \ \ test1300 test1301 test1302 test1303 test1304 test1305 test1306 test1307 \ Index: curl-7.37.0/tests/data/Makefile.in =================================================================== --- curl-7.37.0.orig/tests/data/Makefile.in +++ curl-7.37.0/tests/data/Makefile.in @@ -418,6 +418,7 @@ test1216 test1217 test1218 test1219 \ test1220 test1221 test1222 test1223 test1224 test1225 test1226 test1227 \ test1228 test1229 test1230 test1231 test1232 test1233 test1234 test1235 \ test1236 test1237 test1238 test1239 test1240 \ +test1269 \ test1289 \ \ test1300 test1301 test1302 test1303 test1304 test1305 test1306 test1307 \
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor