diff options
author | Lee Chee Yang <chee.yang.lee@intel.com> | 2023-11-24 19:43:16 +0800 |
---|---|---|
committer | Steve Sakoman <steve@sakoman.com> | 2023-12-01 04:14:18 -1000 |
commit | be8b0f817858ee4f60c274c54209c9dd3774005e (patch) | |
tree | 776283e6dcbf729c958a1c6e67687925aa11ccdd | |
parent | 7c678246f658d306f759a17533fbb012492412ae (diff) | |
download | poky-be8b0f817858ee4f60c274c54209c9dd3774005e.tar.gz |
curl: fix CVE-2023-28321 CVE-2023-28322
import patch from ubuntu curl_7.68.0-1ubuntu2.20.
minor change to CVE-2023-28321.patch tests/data/test1397 part
so the patch can be apply.
(From OE-Core rev: 5cc1f487928df04c58709dd88ef6c17c171da7a5)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
-rw-r--r-- | meta/recipes-support/curl/curl/CVE-2023-28321.patch | 272 | ||||
-rw-r--r-- | meta/recipes-support/curl/curl/CVE-2023-28322.patch | 380 | ||||
-rw-r--r-- | meta/recipes-support/curl/curl_7.69.1.bb | 2 |
3 files changed, 654 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2023-28321.patch b/meta/recipes-support/curl/curl/CVE-2023-28321.patch new file mode 100644 index 0000000000..da1d1fdcd6 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2023-28321.patch | |||
@@ -0,0 +1,272 @@ | |||
1 | Upstream-Status: Backport [import from ubuntu curl_7.68.0-1ubuntu2.20 with | ||
2 | minor change to tests/data/test1397 part so the patch can be apply. | ||
3 | upstream: https://github.com/curl/curl/commit/199f2d440d8659b42 ] | ||
4 | CVE: CVE-2023-28321 | ||
5 | Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> | ||
6 | |||
7 | This backport was obtained from SUSE. | ||
8 | |||
9 | From 199f2d440d8659b42670c1b796220792b01a97bf Mon Sep 17 00:00:00 2001 | ||
10 | From: Daniel Stenberg <daniel@haxx.se> | ||
11 | Date: Mon, 24 Apr 2023 21:07:02 +0200 | ||
12 | Subject: [PATCH] hostcheck: fix host name wildcard checking | ||
13 | |||
14 | The leftmost "label" of the host name can now only match against single | ||
15 | '*'. Like the browsers have worked for a long time. | ||
16 | |||
17 | - extended unit test 1397 for this | ||
18 | - move some SOURCE variables from unit/Makefile.am to unit/Makefile.inc | ||
19 | |||
20 | Reported-by: Hiroki Kurosawa | ||
21 | Closes #11018 | ||
22 | --- | ||
23 | lib/hostcheck.c | 50 +++++++-------- | ||
24 | tests/data/test1397 | 10 ++- | ||
25 | tests/unit/Makefile.am | 94 ---------------------------- | ||
26 | tests/unit/Makefile.inc | 94 ++++++++++++++++++++++++++++ | ||
27 | tests/unit/unit1397.c | 134 ++++++++++++++++++++++++---------------- | ||
28 | 5 files changed, 202 insertions(+), 180 deletions(-) | ||
29 | |||
30 | --- a/lib/hostcheck.c | ||
31 | +++ b/lib/hostcheck.c | ||
32 | @@ -58,15 +58,19 @@ | ||
33 | * apparent distinction between a name and an IP. We need to detect the use of | ||
34 | * an IP address and not wildcard match on such names. | ||
35 | * | ||
36 | + * Only match on "*" being used for the leftmost label, not "a*", "a*b" nor | ||
37 | + * "*b". | ||
38 | + * | ||
39 | + * @unittest: 1397 | ||
40 | + * | ||
41 | * NOTE: hostmatch() gets called with copied buffers so that it can modify the | ||
42 | * contents at will. | ||
43 | */ | ||
44 | |||
45 | static int hostmatch(char *hostname, char *pattern) | ||
46 | { | ||
47 | - const char *pattern_label_end, *pattern_wildcard, *hostname_label_end; | ||
48 | - int wildcard_enabled; | ||
49 | - size_t prefixlen, suffixlen; | ||
50 | + const char *pattern_label_end, *hostname_label_end; | ||
51 | + size_t suffixlen; | ||
52 | struct in_addr ignored; | ||
53 | #ifdef ENABLE_IPV6 | ||
54 | struct sockaddr_in6 si6; | ||
55 | @@ -80,13 +84,12 @@ static int hostmatch(char *hostname, cha | ||
56 | if(pattern[len-1]=='.') | ||
57 | pattern[len-1] = 0; | ||
58 | |||
59 | - pattern_wildcard = strchr(pattern, '*'); | ||
60 | - if(pattern_wildcard == NULL) | ||
61 | + if(strncmp(pattern, "*.", 2)) | ||
62 | return strcasecompare(pattern, hostname) ? | ||
63 | CURL_HOST_MATCH : CURL_HOST_NOMATCH; | ||
64 | |||
65 | /* detect IP address as hostname and fail the match if so */ | ||
66 | - if(Curl_inet_pton(AF_INET, hostname, &ignored) > 0) | ||
67 | + else if(Curl_inet_pton(AF_INET, hostname, &ignored) > 0) | ||
68 | return CURL_HOST_NOMATCH; | ||
69 | #ifdef ENABLE_IPV6 | ||
70 | if(Curl_inet_pton(AF_INET6, hostname, &si6.sin6_addr) > 0) | ||
71 | @@ -95,14 +98,9 @@ static int hostmatch(char *hostname, cha | ||
72 | |||
73 | /* We require at least 2 dots in pattern to avoid too wide wildcard | ||
74 | match. */ | ||
75 | - wildcard_enabled = 1; | ||
76 | pattern_label_end = strchr(pattern, '.'); | ||
77 | - if(pattern_label_end == NULL || strchr(pattern_label_end + 1, '.') == NULL || | ||
78 | - pattern_wildcard > pattern_label_end || | ||
79 | - strncasecompare(pattern, "xn--", 4)) { | ||
80 | - wildcard_enabled = 0; | ||
81 | - } | ||
82 | - if(!wildcard_enabled) | ||
83 | + if(pattern_label_end == NULL || | ||
84 | + strchr(pattern_label_end + 1, '.') == NULL) | ||
85 | return strcasecompare(pattern, hostname) ? | ||
86 | CURL_HOST_MATCH : CURL_HOST_NOMATCH; | ||
87 | |||
88 | @@ -117,11 +115,9 @@ static int hostmatch(char *hostname, cha | ||
89 | if(hostname_label_end - hostname < pattern_label_end - pattern) | ||
90 | return CURL_HOST_NOMATCH; | ||
91 | |||
92 | - prefixlen = pattern_wildcard - pattern; | ||
93 | - suffixlen = pattern_label_end - (pattern_wildcard + 1); | ||
94 | - return strncasecompare(pattern, hostname, prefixlen) && | ||
95 | - strncasecompare(pattern_wildcard + 1, hostname_label_end - suffixlen, | ||
96 | - suffixlen) ? | ||
97 | + suffixlen = pattern_label_end - (pattern + 1); | ||
98 | + return strncasecompare(pattern + 1, hostname_label_end - suffixlen, | ||
99 | + suffixlen) ? | ||
100 | CURL_HOST_MATCH : CURL_HOST_NOMATCH; | ||
101 | } | ||
102 | |||
103 | --- a/tests/data/test1397 | ||
104 | +++ b/tests/data/test1397 | ||
105 | @@ -2,8 +2,7 @@ | ||
106 | <info> | ||
107 | <keywords> | ||
108 | unittest | ||
109 | -ssl | ||
110 | -wildcard | ||
111 | +Curl_cert_hostcheck | ||
112 | </keywords> | ||
113 | </info> | ||
114 | |||
115 | @@ -16,9 +15,8 @@ none | ||
116 | <features> | ||
117 | unittest | ||
118 | </features> | ||
119 | - <name> | ||
120 | -Check wildcard certificate matching function Curl_cert_hostcheck | ||
121 | - </name> | ||
122 | +<name> | ||
123 | +Curl_cert_hostcheck unit tests | ||
124 | +</name> | ||
125 | </client> | ||
126 | - | ||
127 | </testcase> | ||
128 | --- a/tests/unit/unit1397.c | ||
129 | +++ b/tests/unit/unit1397.c | ||
130 | @@ -21,8 +21,6 @@ | ||
131 | ***************************************************************************/ | ||
132 | #include "curlcheck.h" | ||
133 | |||
134 | -#include "hostcheck.h" /* from the lib dir */ | ||
135 | - | ||
136 | static CURLcode unit_setup(void) | ||
137 | { | ||
138 | return CURLE_OK; | ||
139 | @@ -30,50 +28,94 @@ static CURLcode unit_setup(void) | ||
140 | |||
141 | static void unit_stop(void) | ||
142 | { | ||
143 | - /* done before shutting down and exiting */ | ||
144 | } | ||
145 | |||
146 | -UNITTEST_START | ||
147 | +* only these backends define the tested functions */ | ||
148 | +#if defined(USE_OPENSSL) || defined(USE_GSKIT) || \ | ||
149 | + defined(USE_SCHANNEL) | ||
150 | +#include "hostcheck.h" | ||
151 | +struct testcase { | ||
152 | + const char *host; | ||
153 | + const char *pattern; | ||
154 | + bool match; | ||
155 | +}; | ||
156 | + | ||
157 | +static struct testcase tests[] = { | ||
158 | + {"", "", FALSE}, | ||
159 | + {"a", "", FALSE}, | ||
160 | + {"", "b", FALSE}, | ||
161 | + {"a", "b", FALSE}, | ||
162 | + {"aa", "bb", FALSE}, | ||
163 | + {"\xff", "\xff", TRUE}, | ||
164 | + {"aa.aa.aa", "aa.aa.bb", FALSE}, | ||
165 | + {"aa.aa.aa", "aa.aa.aa", TRUE}, | ||
166 | + {"aa.aa.aa", "*.aa.bb", FALSE}, | ||
167 | + {"aa.aa.aa", "*.aa.aa", TRUE}, | ||
168 | + {"192.168.0.1", "192.168.0.1", TRUE}, | ||
169 | + {"192.168.0.1", "*.168.0.1", FALSE}, | ||
170 | + {"192.168.0.1", "*.0.1", FALSE}, | ||
171 | + {"h.ello", "*.ello", FALSE}, | ||
172 | + {"h.ello.", "*.ello", FALSE}, | ||
173 | + {"h.ello", "*.ello.", FALSE}, | ||
174 | + {"h.e.llo", "*.e.llo", TRUE}, | ||
175 | + {"h.e.llo", " *.e.llo", FALSE}, | ||
176 | + {" h.e.llo", "*.e.llo", TRUE}, | ||
177 | + {"h.e.llo.", "*.e.llo", TRUE}, | ||
178 | + {"*.e.llo.", "*.e.llo", TRUE}, | ||
179 | + {"************.e.llo.", "*.e.llo", TRUE}, | ||
180 | + {"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" | ||
181 | + "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB" | ||
182 | + "CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC" | ||
183 | + "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD" | ||
184 | + "EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE" | ||
185 | + ".e.llo.", "*.e.llo", TRUE}, | ||
186 | + {"\xfe\xfe.e.llo.", "*.e.llo", TRUE}, | ||
187 | + {"h.e.llo.", "*.e.llo.", TRUE}, | ||
188 | + {"h.e.llo", "*.e.llo.", TRUE}, | ||
189 | + {".h.e.llo", "*.e.llo.", FALSE}, | ||
190 | + {"h.e.llo", "*.*.llo.", FALSE}, | ||
191 | + {"h.e.llo", "h.*.llo", FALSE}, | ||
192 | + {"h.e.llo", "h.e.*", FALSE}, | ||
193 | + {"hello", "*.ello", FALSE}, | ||
194 | + {"hello", "**llo", FALSE}, | ||
195 | + {"bar.foo.example.com", "*.example.com", FALSE}, | ||
196 | + {"foo.example.com", "*.example.com", TRUE}, | ||
197 | + {"baz.example.net", "b*z.example.net", FALSE}, | ||
198 | + {"foobaz.example.net", "*baz.example.net", FALSE}, | ||
199 | + {"xn--l8j.example.local", "x*.example.local", FALSE}, | ||
200 | + {"xn--l8j.example.net", "*.example.net", TRUE}, | ||
201 | + {"xn--l8j.example.net", "*j.example.net", FALSE}, | ||
202 | + {"xn--l8j.example.net", "xn--l8j.example.net", TRUE}, | ||
203 | + {"xn--l8j.example.net", "xn--l8j.*.net", FALSE}, | ||
204 | + {"xl8j.example.net", "*.example.net", TRUE}, | ||
205 | + {"fe80::3285:a9ff:fe46:b619", "*::3285:a9ff:fe46:b619", FALSE}, | ||
206 | + {"fe80::3285:a9ff:fe46:b619", "fe80::3285:a9ff:fe46:b619", TRUE}, | ||
207 | + {NULL, NULL, FALSE} | ||
208 | +}; | ||
209 | |||
210 | -/* only these backends define the tested functions */ | ||
211 | -#if defined(USE_OPENSSL) || defined(USE_GSKIT) | ||
212 | +UNITTEST_START | ||
213 | +{ | ||
214 | + int i; | ||
215 | + for(i = 0; tests[i].host; i++) { | ||
216 | + if(tests[i].match != Curl_cert_hostcheck(tests[i].pattern, | ||
217 | + tests[i].host)) { | ||
218 | + fprintf(stderr, | ||
219 | + "HOST: %s\n" | ||
220 | + "PTRN: %s\n" | ||
221 | + "did %sMATCH\n", | ||
222 | + tests[i].host, | ||
223 | + tests[i].pattern, | ||
224 | + tests[i].match ? "NOT ": ""); | ||
225 | + unitfail++; | ||
226 | + } | ||
227 | + } | ||
228 | +} | ||
229 | |||
230 | - /* here you start doing things and checking that the results are good */ | ||
231 | +UNITTEST_STOP | ||
232 | +#else | ||
233 | |||
234 | -fail_unless(Curl_cert_hostcheck("www.example.com", "www.example.com"), | ||
235 | - "good 1"); | ||
236 | -fail_unless(Curl_cert_hostcheck("*.example.com", "www.example.com"), | ||
237 | - "good 2"); | ||
238 | -fail_unless(Curl_cert_hostcheck("xxx*.example.com", "xxxwww.example.com"), | ||
239 | - "good 3"); | ||
240 | -fail_unless(Curl_cert_hostcheck("f*.example.com", "foo.example.com"), | ||
241 | - "good 4"); | ||
242 | -fail_unless(Curl_cert_hostcheck("192.168.0.0", "192.168.0.0"), | ||
243 | - "good 5"); | ||
244 | - | ||
245 | -fail_if(Curl_cert_hostcheck("xxx.example.com", "www.example.com"), "bad 1"); | ||
246 | -fail_if(Curl_cert_hostcheck("*", "www.example.com"), "bad 2"); | ||
247 | -fail_if(Curl_cert_hostcheck("*.*.com", "www.example.com"), "bad 3"); | ||
248 | -fail_if(Curl_cert_hostcheck("*.example.com", "baa.foo.example.com"), "bad 4"); | ||
249 | -fail_if(Curl_cert_hostcheck("f*.example.com", "baa.example.com"), "bad 5"); | ||
250 | -fail_if(Curl_cert_hostcheck("*.com", "example.com"), "bad 6"); | ||
251 | -fail_if(Curl_cert_hostcheck("*fail.com", "example.com"), "bad 7"); | ||
252 | -fail_if(Curl_cert_hostcheck("*.example.", "www.example."), "bad 8"); | ||
253 | -fail_if(Curl_cert_hostcheck("*.example.", "www.example"), "bad 9"); | ||
254 | -fail_if(Curl_cert_hostcheck("", "www"), "bad 10"); | ||
255 | -fail_if(Curl_cert_hostcheck("*", "www"), "bad 11"); | ||
256 | -fail_if(Curl_cert_hostcheck("*.168.0.0", "192.168.0.0"), "bad 12"); | ||
257 | -fail_if(Curl_cert_hostcheck("www.example.com", "192.168.0.0"), "bad 13"); | ||
258 | - | ||
259 | -#ifdef ENABLE_IPV6 | ||
260 | -fail_if(Curl_cert_hostcheck("*::3285:a9ff:fe46:b619", | ||
261 | - "fe80::3285:a9ff:fe46:b619"), "bad 14"); | ||
262 | -fail_unless(Curl_cert_hostcheck("fe80::3285:a9ff:fe46:b619", | ||
263 | - "fe80::3285:a9ff:fe46:b619"), "good 6"); | ||
264 | -#endif | ||
265 | +UNITTEST_START | ||
266 | |||
267 | +UNITTEST_STOP | ||
268 | #endif | ||
269 | |||
270 | - /* you end the test code like this: */ | ||
271 | - | ||
272 | -UNITTEST_STOP | ||
diff --git a/meta/recipes-support/curl/curl/CVE-2023-28322.patch b/meta/recipes-support/curl/curl/CVE-2023-28322.patch new file mode 100644 index 0000000000..9351a2c286 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2023-28322.patch | |||
@@ -0,0 +1,380 @@ | |||
1 | CVE: CVE-2023-28322 | ||
2 | Upstream-Status: Backport [ import patch from ubuntu curl_7.68.0-1ubuntu2.20 | ||
3 | upstream https://github.com/curl/curl/commit/7815647d6582c0a4900be2e1de ] | ||
4 | Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> | ||
5 | |||
6 | Backport of: | ||
7 | |||
8 | From 7815647d6582c0a4900be2e1de6c5e61272c496b Mon Sep 17 00:00:00 2001 | ||
9 | From: Daniel Stenberg <daniel@haxx.se> | ||
10 | Date: Tue, 25 Apr 2023 08:28:01 +0200 | ||
11 | Subject: [PATCH] lib: unify the upload/method handling | ||
12 | |||
13 | By making sure we set state.upload based on the set.method value and not | ||
14 | independently as set.upload, we reduce confusion and mixup risks, both | ||
15 | internally and externally. | ||
16 | |||
17 | Closes #11017 | ||
18 | --- | ||
19 | lib/curl_rtmp.c | 4 ++-- | ||
20 | lib/file.c | 4 ++-- | ||
21 | lib/ftp.c | 8 ++++---- | ||
22 | lib/http.c | 4 ++-- | ||
23 | lib/imap.c | 6 +++--- | ||
24 | lib/rtsp.c | 4 ++-- | ||
25 | lib/setopt.c | 6 ++---- | ||
26 | lib/smb.c | 6 +++--- | ||
27 | lib/smtp.c | 4 ++-- | ||
28 | lib/tftp.c | 8 ++++---- | ||
29 | lib/transfer.c | 4 ++-- | ||
30 | lib/urldata.h | 2 +- | ||
31 | lib/vssh/libssh.c | 6 +++--- | ||
32 | lib/vssh/libssh2.c | 6 +++--- | ||
33 | lib/vssh/wolfssh.c | 2 +- | ||
34 | 15 files changed, 36 insertions(+), 38 deletions(-) | ||
35 | |||
36 | --- a/lib/curl_rtmp.c | ||
37 | +++ b/lib/curl_rtmp.c | ||
38 | @@ -213,7 +213,7 @@ static CURLcode rtmp_connect(struct conn | ||
39 | /* We have to know if it's a write before we send the | ||
40 | * connect request packet | ||
41 | */ | ||
42 | - if(conn->data->set.upload) | ||
43 | + if(conn->data->state.upload) | ||
44 | r->Link.protocol |= RTMP_FEATURE_WRITE; | ||
45 | |||
46 | /* For plain streams, use the buffer toggle trick to keep data flowing */ | ||
47 | @@ -245,7 +245,7 @@ static CURLcode rtmp_do(struct connectda | ||
48 | if(!RTMP_ConnectStream(r, 0)) | ||
49 | return CURLE_FAILED_INIT; | ||
50 | |||
51 | - if(conn->data->set.upload) { | ||
52 | + if(conn->data->state.upload) { | ||
53 | Curl_pgrsSetUploadSize(data, data->state.infilesize); | ||
54 | Curl_setup_transfer(data, -1, -1, FALSE, FIRSTSOCKET); | ||
55 | } | ||
56 | --- a/lib/file.c | ||
57 | +++ b/lib/file.c | ||
58 | @@ -198,7 +198,7 @@ static CURLcode file_connect(struct conn | ||
59 | file->freepath = real_path; /* free this when done */ | ||
60 | |||
61 | file->fd = fd; | ||
62 | - if(!data->set.upload && (fd == -1)) { | ||
63 | + if(!data->state.upload && (fd == -1)) { | ||
64 | failf(data, "Couldn't open file %s", data->state.up.path); | ||
65 | file_done(conn, CURLE_FILE_COULDNT_READ_FILE, FALSE); | ||
66 | return CURLE_FILE_COULDNT_READ_FILE; | ||
67 | @@ -390,7 +390,7 @@ static CURLcode file_do(struct connectda | ||
68 | |||
69 | Curl_pgrsStartNow(data); | ||
70 | |||
71 | - if(data->set.upload) | ||
72 | + if(data->state.upload) | ||
73 | return file_upload(conn); | ||
74 | |||
75 | file = conn->data->req.protop; | ||
76 | --- a/lib/ftp.c | ||
77 | +++ b/lib/ftp.c | ||
78 | @@ -1371,7 +1371,7 @@ static CURLcode ftp_state_prepare_transf | ||
79 | data->set.str[STRING_CUSTOMREQUEST]: | ||
80 | (data->set.ftp_list_only?"NLST":"LIST")); | ||
81 | } | ||
82 | - else if(data->set.upload) { | ||
83 | + else if(data->state.upload) { | ||
84 | PPSENDF(&conn->proto.ftpc.pp, "PRET STOR %s", conn->proto.ftpc.file); | ||
85 | } | ||
86 | else { | ||
87 | @@ -3303,7 +3303,7 @@ static CURLcode ftp_done(struct connectd | ||
88 | /* the response code from the transfer showed an error already so no | ||
89 | use checking further */ | ||
90 | ; | ||
91 | - else if(data->set.upload) { | ||
92 | + else if(data->state.upload) { | ||
93 | if((-1 != data->state.infilesize) && | ||
94 | (data->state.infilesize != data->req.writebytecount) && | ||
95 | !data->set.crlf && | ||
96 | @@ -3570,7 +3570,7 @@ static CURLcode ftp_do_more(struct conne | ||
97 | connected back to us */ | ||
98 | } | ||
99 | } | ||
100 | - else if(data->set.upload) { | ||
101 | + else if(data->state.upload) { | ||
102 | result = ftp_nb_type(conn, data->set.prefer_ascii, FTP_STOR_TYPE); | ||
103 | if(result) | ||
104 | return result; | ||
105 | @@ -4209,7 +4209,7 @@ CURLcode ftp_parse_url_path(struct conne | ||
106 | ftpc->file = NULL; /* instead of point to a zero byte, | ||
107 | we make it a NULL pointer */ | ||
108 | |||
109 | - if(data->set.upload && !ftpc->file && (ftp->transfer == FTPTRANSFER_BODY)) { | ||
110 | + if(data->state.upload && !ftpc->file && (ftp->transfer == FTPTRANSFER_BODY)) { | ||
111 | /* We need a file name when uploading. Return error! */ | ||
112 | failf(data, "Uploading to a URL without a file name!"); | ||
113 | free(rawPath); | ||
114 | --- a/lib/http.c | ||
115 | +++ b/lib/http.c | ||
116 | @@ -2080,7 +2080,7 @@ CURLcode Curl_http(struct connectdata *c | ||
117 | } | ||
118 | |||
119 | if((conn->handler->protocol&(PROTO_FAMILY_HTTP|CURLPROTO_FTP)) && | ||
120 | - data->set.upload) { | ||
121 | + data->state.upload) { | ||
122 | httpreq = HTTPREQ_PUT; | ||
123 | } | ||
124 | |||
125 | @@ -2261,7 +2261,7 @@ CURLcode Curl_http(struct connectdata *c | ||
126 | if((conn->handler->protocol & PROTO_FAMILY_HTTP) && | ||
127 | (((httpreq == HTTPREQ_POST_MIME || httpreq == HTTPREQ_POST_FORM) && | ||
128 | http->postsize < 0) || | ||
129 | - ((data->set.upload || httpreq == HTTPREQ_POST) && | ||
130 | + ((data->state.upload || httpreq == HTTPREQ_POST) && | ||
131 | data->state.infilesize == -1))) { | ||
132 | if(conn->bits.authneg) | ||
133 | /* don't enable chunked during auth neg */ | ||
134 | --- a/lib/imap.c | ||
135 | +++ b/lib/imap.c | ||
136 | @@ -1469,11 +1469,11 @@ static CURLcode imap_done(struct connect | ||
137 | result = status; /* use the already set error code */ | ||
138 | } | ||
139 | else if(!data->set.connect_only && !imap->custom && | ||
140 | - (imap->uid || imap->mindex || data->set.upload || | ||
141 | + (imap->uid || imap->mindex || data->state.upload || | ||
142 | data->set.mimepost.kind != MIMEKIND_NONE)) { | ||
143 | /* Handle responses after FETCH or APPEND transfer has finished */ | ||
144 | |||
145 | - if(!data->set.upload && data->set.mimepost.kind == MIMEKIND_NONE) | ||
146 | + if(!data->state.upload && data->set.mimepost.kind == MIMEKIND_NONE) | ||
147 | state(conn, IMAP_FETCH_FINAL); | ||
148 | else { | ||
149 | /* End the APPEND command first by sending an empty line */ | ||
150 | @@ -1539,7 +1539,7 @@ static CURLcode imap_perform(struct conn | ||
151 | selected = TRUE; | ||
152 | |||
153 | /* Start the first command in the DO phase */ | ||
154 | - if(conn->data->set.upload || data->set.mimepost.kind != MIMEKIND_NONE) | ||
155 | + if(conn->data->state.upload || data->set.mimepost.kind != MIMEKIND_NONE) | ||
156 | /* APPEND can be executed directly */ | ||
157 | result = imap_perform_append(conn); | ||
158 | else if(imap->custom && (selected || !imap->mailbox)) | ||
159 | --- a/lib/rtsp.c | ||
160 | +++ b/lib/rtsp.c | ||
161 | @@ -499,7 +499,7 @@ static CURLcode rtsp_do(struct connectda | ||
162 | rtspreq == RTSPREQ_SET_PARAMETER || | ||
163 | rtspreq == RTSPREQ_GET_PARAMETER) { | ||
164 | |||
165 | - if(data->set.upload) { | ||
166 | + if(data->state.upload) { | ||
167 | putsize = data->state.infilesize; | ||
168 | data->set.httpreq = HTTPREQ_PUT; | ||
169 | |||
170 | @@ -518,7 +518,7 @@ static CURLcode rtsp_do(struct connectda | ||
171 | result = | ||
172 | Curl_add_bufferf(&req_buffer, | ||
173 | "Content-Length: %" CURL_FORMAT_CURL_OFF_T"\r\n", | ||
174 | - (data->set.upload ? putsize : postsize)); | ||
175 | + (data->state.upload ? putsize : postsize)); | ||
176 | if(result) | ||
177 | return result; | ||
178 | } | ||
179 | --- a/lib/setopt.c | ||
180 | +++ b/lib/setopt.c | ||
181 | @@ -258,8 +258,8 @@ CURLcode Curl_vsetopt(struct Curl_easy * | ||
182 | * We want to sent data to the remote host. If this is HTTP, that equals | ||
183 | * using the PUT request. | ||
184 | */ | ||
185 | - data->set.upload = (0 != va_arg(param, long)) ? TRUE : FALSE; | ||
186 | - if(data->set.upload) { | ||
187 | + arg = va_arg(param, long); | ||
188 | + if(arg) { | ||
189 | /* If this is HTTP, PUT is what's needed to "upload" */ | ||
190 | data->set.httpreq = HTTPREQ_PUT; | ||
191 | data->set.opt_no_body = FALSE; /* this is implied */ | ||
192 | @@ -486,7 +486,6 @@ CURLcode Curl_vsetopt(struct Curl_easy * | ||
193 | } | ||
194 | else | ||
195 | data->set.httpreq = HTTPREQ_GET; | ||
196 | - data->set.upload = FALSE; | ||
197 | break; | ||
198 | |||
199 | case CURLOPT_COPYPOSTFIELDS: | ||
200 | @@ -797,7 +796,6 @@ CURLcode Curl_vsetopt(struct Curl_easy * | ||
201 | */ | ||
202 | if(va_arg(param, long)) { | ||
203 | data->set.httpreq = HTTPREQ_GET; | ||
204 | - data->set.upload = FALSE; /* switch off upload */ | ||
205 | data->set.opt_no_body = FALSE; /* this is implied */ | ||
206 | } | ||
207 | break; | ||
208 | --- a/lib/smb.c | ||
209 | +++ b/lib/smb.c | ||
210 | @@ -516,7 +516,7 @@ static CURLcode smb_send_open(struct con | ||
211 | byte_count = strlen(req->path); | ||
212 | msg.name_length = smb_swap16((unsigned short)byte_count); | ||
213 | msg.share_access = smb_swap32(SMB_FILE_SHARE_ALL); | ||
214 | - if(conn->data->set.upload) { | ||
215 | + if(conn->data->state.upload) { | ||
216 | msg.access = smb_swap32(SMB_GENERIC_READ | SMB_GENERIC_WRITE); | ||
217 | msg.create_disposition = smb_swap32(SMB_FILE_OVERWRITE_IF); | ||
218 | } | ||
219 | @@ -792,7 +792,7 @@ static CURLcode smb_request_state(struct | ||
220 | smb_m = (const struct smb_nt_create_response*) msg; | ||
221 | req->fid = smb_swap16(smb_m->fid); | ||
222 | conn->data->req.offset = 0; | ||
223 | - if(conn->data->set.upload) { | ||
224 | + if(conn->data->state.upload) { | ||
225 | conn->data->req.size = conn->data->state.infilesize; | ||
226 | Curl_pgrsSetUploadSize(conn->data, conn->data->req.size); | ||
227 | next_state = SMB_UPLOAD; | ||
228 | --- a/lib/smtp.c | ||
229 | +++ b/lib/smtp.c | ||
230 | @@ -1210,7 +1210,7 @@ static CURLcode smtp_done(struct connect | ||
231 | result = status; /* use the already set error code */ | ||
232 | } | ||
233 | else if(!data->set.connect_only && data->set.mail_rcpt && | ||
234 | - (data->set.upload || data->set.mimepost.kind)) { | ||
235 | + (data->state.upload || data->set.mimepost.kind)) { | ||
236 | /* Calculate the EOB taking into account any terminating CRLF from the | ||
237 | previous line of the email or the CRLF of the DATA command when there | ||
238 | is "no mail data". RFC-5321, sect. 4.1.1.4. | ||
239 | @@ -1297,7 +1297,7 @@ static CURLcode smtp_perform(struct conn | ||
240 | smtp->eob = 2; | ||
241 | |||
242 | /* Start the first command in the DO phase */ | ||
243 | - if((data->set.upload || data->set.mimepost.kind) && data->set.mail_rcpt) | ||
244 | + if((data->state.upload || data->set.mimepost.kind) && data->set.mail_rcpt) | ||
245 | /* MAIL transfer */ | ||
246 | result = smtp_perform_mail(conn); | ||
247 | else | ||
248 | --- a/lib/tftp.c | ||
249 | +++ b/lib/tftp.c | ||
250 | @@ -390,7 +390,7 @@ static CURLcode tftp_parse_option_ack(tf | ||
251 | |||
252 | /* tsize should be ignored on upload: Who cares about the size of the | ||
253 | remote file? */ | ||
254 | - if(!data->set.upload) { | ||
255 | + if(!data->state.upload) { | ||
256 | if(!tsize) { | ||
257 | failf(data, "invalid tsize -:%s:- value in OACK packet", value); | ||
258 | return CURLE_TFTP_ILLEGAL; | ||
259 | @@ -470,7 +470,7 @@ static CURLcode tftp_send_first(tftp_sta | ||
260 | return result; | ||
261 | } | ||
262 | |||
263 | - if(data->set.upload) { | ||
264 | + if(data->state.upload) { | ||
265 | /* If we are uploading, send an WRQ */ | ||
266 | setpacketevent(&state->spacket, TFTP_EVENT_WRQ); | ||
267 | state->conn->data->req.upload_fromhere = | ||
268 | @@ -505,7 +505,7 @@ static CURLcode tftp_send_first(tftp_sta | ||
269 | if(!data->set.tftp_no_options) { | ||
270 | char buf[64]; | ||
271 | /* add tsize option */ | ||
272 | - if(data->set.upload && (data->state.infilesize != -1)) | ||
273 | + if(data->state.upload && (data->state.infilesize != -1)) | ||
274 | msnprintf(buf, sizeof(buf), "%" CURL_FORMAT_CURL_OFF_T, | ||
275 | data->state.infilesize); | ||
276 | else | ||
277 | @@ -559,7 +559,7 @@ static CURLcode tftp_send_first(tftp_sta | ||
278 | break; | ||
279 | |||
280 | case TFTP_EVENT_OACK: | ||
281 | - if(data->set.upload) { | ||
282 | + if(data->state.upload) { | ||
283 | result = tftp_connect_for_tx(state, event); | ||
284 | } | ||
285 | else { | ||
286 | --- a/lib/transfer.c | ||
287 | +++ b/lib/transfer.c | ||
288 | @@ -1405,6 +1405,7 @@ void Curl_init_CONNECT(struct Curl_easy | ||
289 | { | ||
290 | data->state.fread_func = data->set.fread_func_set; | ||
291 | data->state.in = data->set.in_set; | ||
292 | + data->state.upload = (data->set.httpreq == HTTPREQ_PUT); | ||
293 | } | ||
294 | |||
295 | /* | ||
296 | @@ -1816,7 +1817,7 @@ CURLcode Curl_retry_request(struct conne | ||
297 | |||
298 | /* if we're talking upload, we can't do the checks below, unless the protocol | ||
299 | is HTTP as when uploading over HTTP we will still get a response */ | ||
300 | - if(data->set.upload && | ||
301 | + if(data->state.upload && | ||
302 | !(conn->handler->protocol&(PROTO_FAMILY_HTTP|CURLPROTO_RTSP))) | ||
303 | return CURLE_OK; | ||
304 | |||
305 | --- a/lib/urldata.h | ||
306 | +++ b/lib/urldata.h | ||
307 | @@ -1427,6 +1427,7 @@ struct UrlState { | ||
308 | BIT(stream_depends_e); /* set or don't set the Exclusive bit */ | ||
309 | BIT(previouslypending); /* this transfer WAS in the multi->pending queue */ | ||
310 | BIT(cookie_engine); | ||
311 | + BIT(upload); /* upload request */ | ||
312 | }; | ||
313 | |||
314 | |||
315 | @@ -1762,7 +1763,6 @@ struct UserDefined { | ||
316 | BIT(http_auto_referer); /* set "correct" referer when following | ||
317 | location: */ | ||
318 | BIT(opt_no_body); /* as set with CURLOPT_NOBODY */ | ||
319 | - BIT(upload); /* upload request */ | ||
320 | BIT(verbose); /* output verbosity */ | ||
321 | BIT(krb); /* Kerberos connection requested */ | ||
322 | BIT(reuse_forbid); /* forbidden to be reused, close after use */ | ||
323 | --- a/lib/vssh/libssh.c | ||
324 | +++ b/lib/vssh/libssh.c | ||
325 | @@ -1076,7 +1076,7 @@ static CURLcode myssh_statemach_act(stru | ||
326 | } | ||
327 | |||
328 | case SSH_SFTP_TRANS_INIT: | ||
329 | - if(data->set.upload) | ||
330 | + if(data->state.upload) | ||
331 | state(conn, SSH_SFTP_UPLOAD_INIT); | ||
332 | else { | ||
333 | if(protop->path[strlen(protop->path)-1] == '/') | ||
334 | @@ -1686,7 +1686,7 @@ static CURLcode myssh_statemach_act(stru | ||
335 | /* Functions from the SCP subsystem cannot handle/return SSH_AGAIN */ | ||
336 | ssh_set_blocking(sshc->ssh_session, 1); | ||
337 | |||
338 | - if(data->set.upload) { | ||
339 | + if(data->state.upload) { | ||
340 | if(data->state.infilesize < 0) { | ||
341 | failf(data, "SCP requires a known file size for upload"); | ||
342 | sshc->actualcode = CURLE_UPLOAD_FAILED; | ||
343 | @@ -1787,7 +1787,7 @@ static CURLcode myssh_statemach_act(stru | ||
344 | break; | ||
345 | } | ||
346 | case SSH_SCP_DONE: | ||
347 | - if(data->set.upload) | ||
348 | + if(data->state.upload) | ||
349 | state(conn, SSH_SCP_SEND_EOF); | ||
350 | else | ||
351 | state(conn, SSH_SCP_CHANNEL_FREE); | ||
352 | --- a/lib/vssh/libssh2.c | ||
353 | +++ b/lib/vssh/libssh2.c | ||
354 | @@ -1664,7 +1664,7 @@ static CURLcode ssh_statemach_act(struct | ||
355 | } | ||
356 | |||
357 | case SSH_SFTP_TRANS_INIT: | ||
358 | - if(data->set.upload) | ||
359 | + if(data->state.upload) | ||
360 | state(conn, SSH_SFTP_UPLOAD_INIT); | ||
361 | else { | ||
362 | if(sftp_scp->path[strlen(sftp_scp->path)-1] == '/') | ||
363 | @@ -2366,7 +2366,7 @@ static CURLcode ssh_statemach_act(struct | ||
364 | break; | ||
365 | } | ||
366 | |||
367 | - if(data->set.upload) { | ||
368 | + if(data->state.upload) { | ||
369 | if(data->state.infilesize < 0) { | ||
370 | failf(data, "SCP requires a known file size for upload"); | ||
371 | sshc->actualcode = CURLE_UPLOAD_FAILED; | ||
372 | @@ -2504,7 +2504,7 @@ static CURLcode ssh_statemach_act(struct | ||
373 | break; | ||
374 | |||
375 | case SSH_SCP_DONE: | ||
376 | - if(data->set.upload) | ||
377 | + if(data->state.upload) | ||
378 | state(conn, SSH_SCP_SEND_EOF); | ||
379 | else | ||
380 | state(conn, SSH_SCP_CHANNEL_FREE); | ||
diff --git a/meta/recipes-support/curl/curl_7.69.1.bb b/meta/recipes-support/curl/curl_7.69.1.bb index 0141b780ee..82b07bc554 100644 --- a/meta/recipes-support/curl/curl_7.69.1.bb +++ b/meta/recipes-support/curl/curl_7.69.1.bb | |||
@@ -55,6 +55,8 @@ SRC_URI = "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \ | |||
55 | file://CVE-2023-32001.patch \ | 55 | file://CVE-2023-32001.patch \ |
56 | file://CVE-2023-38545.patch \ | 56 | file://CVE-2023-38545.patch \ |
57 | file://CVE-2023-38546.patch \ | 57 | file://CVE-2023-38546.patch \ |
58 | file://CVE-2023-28321.patch \ | ||
59 | file://CVE-2023-28322.patch \ | ||
58 | " | 60 | " |
59 | 61 | ||
60 | SRC_URI[md5sum] = "ec5fc263f898a3dfef08e805f1ecca42" | 62 | SRC_URI[md5sum] = "ec5fc263f898a3dfef08e805f1ecca42" |