diff options
Diffstat (limited to 'meta/recipes-support/curl/curl/CVE-2022-32207.patch')
-rw-r--r-- | meta/recipes-support/curl/curl/CVE-2022-32207.patch | 284 |
1 files changed, 284 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2022-32207.patch b/meta/recipes-support/curl/curl/CVE-2022-32207.patch new file mode 100644 index 0000000000..f75aaecd64 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2022-32207.patch | |||
@@ -0,0 +1,284 @@ | |||
1 | From af92181055d7d64dfc0bc9d5a13c8b98af3196be Mon Sep 17 00:00:00 2001 | ||
2 | From: Daniel Stenberg <daniel@haxx.se> | ||
3 | Date: Wed, 25 May 2022 10:09:53 +0200 | ||
4 | Subject: [PATCH] fopen: add Curl_fopen() for better overwriting of files | ||
5 | |||
6 | Bug: https://curl.se/docs/CVE-2022-32207.html | ||
7 | CVE-2022-32207 | ||
8 | Reported-by: Harry Sintonen | ||
9 | Closes #9050 | ||
10 | |||
11 | Upstream-Status: Backport [https://github.com/curl/curl/commit/20f9dd6bae50b] | ||
12 | Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> | ||
13 | --- | ||
14 | CMakeLists.txt | 1 + | ||
15 | configure.ac | 1 + | ||
16 | lib/Makefile.inc | 4 +- | ||
17 | lib/cookie.c | 19 ++----- | ||
18 | lib/curl_config.h.cmake | 3 ++ | ||
19 | lib/fopen.c | 113 ++++++++++++++++++++++++++++++++++++++++ | ||
20 | lib/fopen.h | 30 +++++++++++ | ||
21 | 7 files changed, 155 insertions(+), 16 deletions(-) | ||
22 | create mode 100644 lib/fopen.c | ||
23 | create mode 100644 lib/fopen.h | ||
24 | |||
25 | diff --git a/CMakeLists.txt b/CMakeLists.txt | ||
26 | index 73b053b..cc587b0 100644 | ||
27 | --- a/CMakeLists.txt | ||
28 | +++ b/CMakeLists.txt | ||
29 | @@ -869,6 +869,7 @@ elseif(HAVE_LIBSOCKET) | ||
30 | set(CMAKE_REQUIRED_LIBRARIES socket) | ||
31 | endif() | ||
32 | |||
33 | +check_symbol_exists(fchmod "${CURL_INCLUDES}" HAVE_FCHMOD) | ||
34 | check_symbol_exists(basename "${CURL_INCLUDES}" HAVE_BASENAME) | ||
35 | check_symbol_exists(socket "${CURL_INCLUDES}" HAVE_SOCKET) | ||
36 | check_symbol_exists(select "${CURL_INCLUDES}" HAVE_SELECT) | ||
37 | diff --git a/configure.ac b/configure.ac | ||
38 | index d090622..7071077 100755 | ||
39 | --- a/configure.ac | ||
40 | +++ b/configure.ac | ||
41 | @@ -4059,6 +4059,7 @@ AC_CHECK_DECLS([getpwuid_r], [], [AC_DEFINE(HAVE_DECL_GETPWUID_R_MISSING, 1, "Se | ||
42 | |||
43 | |||
44 | AC_CHECK_FUNCS([fnmatch \ | ||
45 | + fchmod \ | ||
46 | geteuid \ | ||
47 | getpass_r \ | ||
48 | getppid \ | ||
49 | diff --git a/lib/Makefile.inc b/lib/Makefile.inc | ||
50 | index 46ded90..79307d8 100644 | ||
51 | --- a/lib/Makefile.inc | ||
52 | +++ b/lib/Makefile.inc | ||
53 | @@ -63,7 +63,7 @@ LIB_CFILES = file.c timeval.c base64.c hostip.c progress.c formdata.c \ | ||
54 | curl_multibyte.c hostcheck.c conncache.c dotdot.c \ | ||
55 | x509asn1.c http2.c smb.c curl_endian.c curl_des.c system_win32.c \ | ||
56 | mime.c sha256.c setopt.c curl_path.c curl_ctype.c curl_range.c psl.c \ | ||
57 | - doh.c urlapi.c curl_get_line.c altsvc.c socketpair.c rename.c | ||
58 | + doh.c urlapi.c curl_get_line.c altsvc.c socketpair.c rename.c fopen.c | ||
59 | |||
60 | LIB_HFILES = arpa_telnet.h netrc.h file.h timeval.h hostip.h progress.h \ | ||
61 | formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h if2ip.h \ | ||
62 | @@ -84,7 +84,7 @@ LIB_HFILES = arpa_telnet.h netrc.h file.h timeval.h hostip.h progress.h \ | ||
63 | x509asn1.h http2.h sigpipe.h smb.h curl_endian.h curl_des.h \ | ||
64 | curl_printf.h system_win32.h rand.h mime.h curl_sha256.h setopt.h \ | ||
65 | curl_path.h curl_ctype.h curl_range.h psl.h doh.h urlapi-int.h \ | ||
66 | - curl_get_line.h altsvc.h quic.h socketpair.h rename.h | ||
67 | + curl_get_line.h altsvc.h quic.h socketpair.h rename.h fopen.h | ||
68 | |||
69 | LIB_RCFILES = libcurl.rc | ||
70 | |||
71 | diff --git a/lib/cookie.c b/lib/cookie.c | ||
72 | index 68054e1..a9ad20a 100644 | ||
73 | --- a/lib/cookie.c | ||
74 | +++ b/lib/cookie.c | ||
75 | @@ -97,8 +97,8 @@ Example set of cookies: | ||
76 | #include "curl_memrchr.h" | ||
77 | #include "inet_pton.h" | ||
78 | #include "parsedate.h" | ||
79 | -#include "rand.h" | ||
80 | #include "rename.h" | ||
81 | +#include "fopen.h" | ||
82 | |||
83 | /* The last 3 #include files should be in this order */ | ||
84 | #include "curl_printf.h" | ||
85 | @@ -1524,18 +1524,9 @@ static int cookie_output(struct Curl_easy *data, | ||
86 | use_stdout = TRUE; | ||
87 | } | ||
88 | else { | ||
89 | - unsigned char randsuffix[9]; | ||
90 | - | ||
91 | - if(Curl_rand_hex(data, randsuffix, sizeof(randsuffix))) | ||
92 | - return 2; | ||
93 | - | ||
94 | - tempstore = aprintf("%s.%s.tmp", filename, randsuffix); | ||
95 | - if(!tempstore) | ||
96 | - return 1; | ||
97 | - | ||
98 | - out = fopen(tempstore, FOPEN_WRITETEXT); | ||
99 | - if(!out) | ||
100 | - goto error; | ||
101 | + error = Curl_fopen(data, filename, &out, &tempstore); | ||
102 | + if(error) | ||
103 | + goto error; | ||
104 | } | ||
105 | |||
106 | fputs("# Netscape HTTP Cookie File\n" | ||
107 | @@ -1581,7 +1572,7 @@ static int cookie_output(struct Curl_easy *data, | ||
108 | if(!use_stdout) { | ||
109 | fclose(out); | ||
110 | out = NULL; | ||
111 | - if(Curl_rename(tempstore, filename)) { | ||
112 | + if(tempstore && Curl_rename(tempstore, filename)) { | ||
113 | unlink(tempstore); | ||
114 | goto error; | ||
115 | } | ||
116 | diff --git a/lib/curl_config.h.cmake b/lib/curl_config.h.cmake | ||
117 | index 98cdf51..fe43751 100644 | ||
118 | --- a/lib/curl_config.h.cmake | ||
119 | +++ b/lib/curl_config.h.cmake | ||
120 | @@ -124,6 +124,9 @@ | ||
121 | /* Define to 1 if you have the <assert.h> header file. */ | ||
122 | #cmakedefine HAVE_ASSERT_H 1 | ||
123 | |||
124 | +/* Define to 1 if you have the `fchmod' function. */ | ||
125 | +#cmakedefine HAVE_FCHMOD 1 | ||
126 | + | ||
127 | /* Define to 1 if you have the `basename' function. */ | ||
128 | #cmakedefine HAVE_BASENAME 1 | ||
129 | |||
130 | diff --git a/lib/fopen.c b/lib/fopen.c | ||
131 | new file mode 100644 | ||
132 | index 0000000..ad3691b | ||
133 | --- /dev/null | ||
134 | +++ b/lib/fopen.c | ||
135 | @@ -0,0 +1,113 @@ | ||
136 | +/*************************************************************************** | ||
137 | + * _ _ ____ _ | ||
138 | + * Project ___| | | | _ \| | | ||
139 | + * / __| | | | |_) | | | ||
140 | + * | (__| |_| | _ <| |___ | ||
141 | + * \___|\___/|_| \_\_____| | ||
142 | + * | ||
143 | + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. | ||
144 | + * | ||
145 | + * This software is licensed as described in the file COPYING, which | ||
146 | + * you should have received as part of this distribution. The terms | ||
147 | + * are also available at https://curl.se/docs/copyright.html. | ||
148 | + * | ||
149 | + * You may opt to use, copy, modify, merge, publish, distribute and/or sell | ||
150 | + * copies of the Software, and permit persons to whom the Software is | ||
151 | + * furnished to do so, under the terms of the COPYING file. | ||
152 | + * | ||
153 | + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY | ||
154 | + * KIND, either express or implied. | ||
155 | + * | ||
156 | + * SPDX-License-Identifier: curl | ||
157 | + * | ||
158 | + ***************************************************************************/ | ||
159 | + | ||
160 | +#include "curl_setup.h" | ||
161 | + | ||
162 | +#if !defined(CURL_DISABLE_COOKIES) || !defined(CURL_DISABLE_ALTSVC) || \ | ||
163 | + !defined(CURL_DISABLE_HSTS) | ||
164 | + | ||
165 | +#ifdef HAVE_FCNTL_H | ||
166 | +#include <fcntl.h> | ||
167 | +#endif | ||
168 | + | ||
169 | +#include "urldata.h" | ||
170 | +#include "rand.h" | ||
171 | +#include "fopen.h" | ||
172 | +/* The last 3 #include files should be in this order */ | ||
173 | +#include "curl_printf.h" | ||
174 | +#include "curl_memory.h" | ||
175 | +#include "memdebug.h" | ||
176 | + | ||
177 | +/* | ||
178 | + * Curl_fopen() opens a file for writing with a temp name, to be renamed | ||
179 | + * to the final name when completed. If there is an existing file using this | ||
180 | + * name at the time of the open, this function will clone the mode from that | ||
181 | + * file. if 'tempname' is non-NULL, it needs a rename after the file is | ||
182 | + * written. | ||
183 | + */ | ||
184 | +CURLcode Curl_fopen(struct Curl_easy *data, const char *filename, | ||
185 | + FILE **fh, char **tempname) | ||
186 | +{ | ||
187 | + CURLcode result = CURLE_WRITE_ERROR; | ||
188 | + unsigned char randsuffix[9]; | ||
189 | + char *tempstore = NULL; | ||
190 | + struct_stat sb; | ||
191 | + int fd = -1; | ||
192 | + *tempname = NULL; | ||
193 | + | ||
194 | + if(stat(filename, &sb) == -1 || !S_ISREG(sb.st_mode)) { | ||
195 | + /* a non-regular file, fallback to direct fopen() */ | ||
196 | + *fh = fopen(filename, FOPEN_WRITETEXT); | ||
197 | + if(*fh) | ||
198 | + return CURLE_OK; | ||
199 | + goto fail; | ||
200 | + } | ||
201 | + | ||
202 | + result = Curl_rand_hex(data, randsuffix, sizeof(randsuffix)); | ||
203 | + if(result) | ||
204 | + goto fail; | ||
205 | + | ||
206 | + tempstore = aprintf("%s.%s.tmp", filename, randsuffix); | ||
207 | + if(!tempstore) { | ||
208 | + result = CURLE_OUT_OF_MEMORY; | ||
209 | + goto fail; | ||
210 | + } | ||
211 | + | ||
212 | + result = CURLE_WRITE_ERROR; | ||
213 | + fd = open(tempstore, O_WRONLY | O_CREAT | O_EXCL, 0600); | ||
214 | + if(fd == -1) | ||
215 | + goto fail; | ||
216 | + | ||
217 | +#ifdef HAVE_FCHMOD | ||
218 | + { | ||
219 | + struct_stat nsb; | ||
220 | + if((fstat(fd, &nsb) != -1) && | ||
221 | + (nsb.st_uid == sb.st_uid) && (nsb.st_gid == sb.st_gid)) { | ||
222 | + /* if the user and group are the same, clone the original mode */ | ||
223 | + if(fchmod(fd, sb.st_mode) == -1) | ||
224 | + goto fail; | ||
225 | + } | ||
226 | + } | ||
227 | +#endif | ||
228 | + | ||
229 | + *fh = fdopen(fd, FOPEN_WRITETEXT); | ||
230 | + if(!*fh) | ||
231 | + goto fail; | ||
232 | + | ||
233 | + *tempname = tempstore; | ||
234 | + return CURLE_OK; | ||
235 | + | ||
236 | +fail: | ||
237 | + if(fd != -1) { | ||
238 | + close(fd); | ||
239 | + unlink(tempstore); | ||
240 | + } | ||
241 | + | ||
242 | + free(tempstore); | ||
243 | + | ||
244 | + *tempname = NULL; | ||
245 | + return result; | ||
246 | +} | ||
247 | + | ||
248 | +#endif /* ! disabled */ | ||
249 | diff --git a/lib/fopen.h b/lib/fopen.h | ||
250 | new file mode 100644 | ||
251 | index 0000000..289e55f | ||
252 | --- /dev/null | ||
253 | +++ b/lib/fopen.h | ||
254 | @@ -0,0 +1,30 @@ | ||
255 | +#ifndef HEADER_CURL_FOPEN_H | ||
256 | +#define HEADER_CURL_FOPEN_H | ||
257 | +/*************************************************************************** | ||
258 | + * _ _ ____ _ | ||
259 | + * Project ___| | | | _ \| | | ||
260 | + * / __| | | | |_) | | | ||
261 | + * | (__| |_| | _ <| |___ | ||
262 | + * \___|\___/|_| \_\_____| | ||
263 | + * | ||
264 | + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. | ||
265 | + * | ||
266 | + * This software is licensed as described in the file COPYING, which | ||
267 | + * you should have received as part of this distribution. The terms | ||
268 | + * are also available at https://curl.se/docs/copyright.html. | ||
269 | + * | ||
270 | + * You may opt to use, copy, modify, merge, publish, distribute and/or sell | ||
271 | + * copies of the Software, and permit persons to whom the Software is | ||
272 | + * furnished to do so, under the terms of the COPYING file. | ||
273 | + * | ||
274 | + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY | ||
275 | + * KIND, either express or implied. | ||
276 | + * | ||
277 | + * SPDX-License-Identifier: curl | ||
278 | + * | ||
279 | + ***************************************************************************/ | ||
280 | + | ||
281 | +CURLcode Curl_fopen(struct Curl_easy *data, const char *filename, | ||
282 | + FILE **fh, char **tempname); | ||
283 | + | ||
284 | +#endif | ||