diff options
Diffstat (limited to 'meta/recipes-support/curl/curl/CVE-2023-27535.patch')
-rw-r--r-- | meta/recipes-support/curl/curl/CVE-2023-27535.patch | 170 |
1 files changed, 170 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2023-27535.patch b/meta/recipes-support/curl/curl/CVE-2023-27535.patch new file mode 100644 index 0000000000..e38390a57c --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2023-27535.patch | |||
@@ -0,0 +1,170 @@ | |||
1 | From 8f4608468b890dce2dad9f91d5607ee7e9c1aba1 Mon Sep 17 00:00:00 2001 | ||
2 | From: Daniel Stenberg <daniel@haxx.se> | ||
3 | Date: Thu, 9 Mar 2023 17:47:06 +0100 | ||
4 | Subject: [PATCH] ftp: add more conditions for connection reuse | ||
5 | |||
6 | Reported-by: Harry Sintonen | ||
7 | Closes #10730 | ||
8 | |||
9 | Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/curl/tree/debian/patches/CVE-2023-27535.patch?h=ubuntu/focal-security | ||
10 | Upstream commit https://github.com/curl/curl/commit/8f4608468b890dce2dad9f91d5607ee7e9c1aba1] | ||
11 | CVE: CVE-2023-27535 | ||
12 | Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> | ||
13 | --- | ||
14 | lib/ftp.c | 30 ++++++++++++++++++++++++++++-- | ||
15 | lib/ftp.h | 5 +++++ | ||
16 | lib/setopt.c | 2 +- | ||
17 | lib/url.c | 16 +++++++++++++++- | ||
18 | lib/urldata.h | 4 ++-- | ||
19 | 5 files changed, 51 insertions(+), 6 deletions(-) | ||
20 | |||
21 | diff --git a/lib/ftp.c b/lib/ftp.c | ||
22 | index 31a34e8..7a82a74 100644 | ||
23 | --- a/lib/ftp.c | ||
24 | +++ b/lib/ftp.c | ||
25 | @@ -4059,6 +4059,10 @@ static CURLcode ftp_disconnect(struct connectdata *conn, bool dead_connection) | ||
26 | } | ||
27 | |||
28 | freedirs(ftpc); | ||
29 | + free(ftpc->account); | ||
30 | + ftpc->account = NULL; | ||
31 | + free(ftpc->alternative_to_user); | ||
32 | + ftpc->alternative_to_user = NULL; | ||
33 | free(ftpc->prevpath); | ||
34 | ftpc->prevpath = NULL; | ||
35 | free(ftpc->server_os); | ||
36 | @@ -4326,11 +4330,31 @@ static CURLcode ftp_setup_connection(struct connectdata *conn) | ||
37 | struct Curl_easy *data = conn->data; | ||
38 | char *type; | ||
39 | struct FTP *ftp; | ||
40 | + struct ftp_conn *ftpc = &conn->proto.ftpc; | ||
41 | |||
42 | - conn->data->req.protop = ftp = calloc(sizeof(struct FTP), 1); | ||
43 | + ftp = calloc(sizeof(struct FTP), 1); | ||
44 | if(NULL == ftp) | ||
45 | return CURLE_OUT_OF_MEMORY; | ||
46 | |||
47 | + /* clone connection related data that is FTP specific */ | ||
48 | + if(data->set.str[STRING_FTP_ACCOUNT]) { | ||
49 | + ftpc->account = strdup(data->set.str[STRING_FTP_ACCOUNT]); | ||
50 | + if(!ftpc->account) { | ||
51 | + free(ftp); | ||
52 | + return CURLE_OUT_OF_MEMORY; | ||
53 | + } | ||
54 | + } | ||
55 | + if(data->set.str[STRING_FTP_ALTERNATIVE_TO_USER]) { | ||
56 | + ftpc->alternative_to_user = | ||
57 | + strdup(data->set.str[STRING_FTP_ALTERNATIVE_TO_USER]); | ||
58 | + if(!ftpc->alternative_to_user) { | ||
59 | + Curl_safefree(ftpc->account); | ||
60 | + free(ftp); | ||
61 | + return CURLE_OUT_OF_MEMORY; | ||
62 | + } | ||
63 | + } | ||
64 | + conn->data->req.protop = ftp; | ||
65 | + | ||
66 | ftp->path = &data->state.up.path[1]; /* don't include the initial slash */ | ||
67 | |||
68 | /* FTP URLs support an extension like ";type=<typecode>" that | ||
69 | @@ -4366,7 +4390,9 @@ static CURLcode ftp_setup_connection(struct connectdata *conn) | ||
70 | /* get some initial data into the ftp struct */ | ||
71 | ftp->transfer = FTPTRANSFER_BODY; | ||
72 | ftp->downloadsize = 0; | ||
73 | - conn->proto.ftpc.known_filesize = -1; /* unknown size for now */ | ||
74 | + ftpc->known_filesize = -1; /* unknown size for now */ | ||
75 | + ftpc->use_ssl = data->set.use_ssl; | ||
76 | + ftpc->ccc = data->set.ftp_ccc; | ||
77 | |||
78 | return CURLE_OK; | ||
79 | } | ||
80 | diff --git a/lib/ftp.h b/lib/ftp.h | ||
81 | index 984347f..163dcb3 100644 | ||
82 | --- a/lib/ftp.h | ||
83 | +++ b/lib/ftp.h | ||
84 | @@ -116,6 +116,8 @@ struct FTP { | ||
85 | struct */ | ||
86 | struct ftp_conn { | ||
87 | struct pingpong pp; | ||
88 | + char *account; | ||
89 | + char *alternative_to_user; | ||
90 | char *entrypath; /* the PWD reply when we logged on */ | ||
91 | char **dirs; /* realloc()ed array for path components */ | ||
92 | int dirdepth; /* number of entries used in the 'dirs' array */ | ||
93 | @@ -141,6 +143,9 @@ struct ftp_conn { | ||
94 | ftpstate state; /* always use ftp.c:state() to change state! */ | ||
95 | ftpstate state_saved; /* transfer type saved to be reloaded after | ||
96 | data connection is established */ | ||
97 | + unsigned char use_ssl; /* if AUTH TLS is to be attempted etc, for FTP or | ||
98 | + IMAP or POP3 or others! (type: curl_usessl)*/ | ||
99 | + unsigned char ccc; /* ccc level for this connection */ | ||
100 | curl_off_t retr_size_saved; /* Size of retrieved file saved */ | ||
101 | char *server_os; /* The target server operating system. */ | ||
102 | curl_off_t known_filesize; /* file size is different from -1, if wildcard | ||
103 | diff --git a/lib/setopt.c b/lib/setopt.c | ||
104 | index 4d96f6b..a91bb70 100644 | ||
105 | --- a/lib/setopt.c | ||
106 | +++ b/lib/setopt.c | ||
107 | @@ -2126,7 +2126,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) | ||
108 | arg = va_arg(param, long); | ||
109 | if((arg < CURLUSESSL_NONE) || (arg >= CURLUSESSL_LAST)) | ||
110 | return CURLE_BAD_FUNCTION_ARGUMENT; | ||
111 | - data->set.use_ssl = (curl_usessl)arg; | ||
112 | + data->set.use_ssl = (unsigned char)arg; | ||
113 | break; | ||
114 | |||
115 | case CURLOPT_SSL_OPTIONS: | ||
116 | diff --git a/lib/url.c b/lib/url.c | ||
117 | index dfbde3b..f84375c 100644 | ||
118 | --- a/lib/url.c | ||
119 | +++ b/lib/url.c | ||
120 | @@ -1257,10 +1257,24 @@ ConnectionExists(struct Curl_easy *data, | ||
121 | } | ||
122 | } | ||
123 | |||
124 | - if(get_protocol_family(needle->handler->protocol) & PROTO_FAMILY_SSH) { | ||
125 | +#ifdef USE_SSH | ||
126 | + else if(get_protocol_family(needle->handler->protocol) & PROTO_FAMILY_SSH) { | ||
127 | if(!ssh_config_matches(needle, check)) | ||
128 | continue; | ||
129 | } | ||
130 | +#endif | ||
131 | +#ifndef CURL_DISABLE_FTP | ||
132 | + else if(get_protocol_family(needle->handler->protocol) & PROTO_FAMILY_FTP) { | ||
133 | + /* Also match ACCOUNT, ALTERNATIVE-TO-USER, USE_SSL and CCC options */ | ||
134 | + if(Curl_timestrcmp(needle->proto.ftpc.account, | ||
135 | + check->proto.ftpc.account) || | ||
136 | + Curl_timestrcmp(needle->proto.ftpc.alternative_to_user, | ||
137 | + check->proto.ftpc.alternative_to_user) || | ||
138 | + (needle->proto.ftpc.use_ssl != check->proto.ftpc.use_ssl) || | ||
139 | + (needle->proto.ftpc.ccc != check->proto.ftpc.ccc)) | ||
140 | + continue; | ||
141 | + } | ||
142 | +#endif | ||
143 | |||
144 | if(!needle->bits.httpproxy || (needle->handler->flags&PROTOPT_SSL) || | ||
145 | needle->bits.tunnel_proxy) { | ||
146 | diff --git a/lib/urldata.h b/lib/urldata.h | ||
147 | index 168f874..51b793b 100644 | ||
148 | --- a/lib/urldata.h | ||
149 | +++ b/lib/urldata.h | ||
150 | @@ -1730,8 +1730,6 @@ struct UserDefined { | ||
151 | void *ssh_keyfunc_userp; /* custom pointer to callback */ | ||
152 | enum CURL_NETRC_OPTION | ||
153 | use_netrc; /* defined in include/curl.h */ | ||
154 | - curl_usessl use_ssl; /* if AUTH TLS is to be attempted etc, for FTP or | ||
155 | - IMAP or POP3 or others! */ | ||
156 | long new_file_perms; /* Permissions to use when creating remote files */ | ||
157 | long new_directory_perms; /* Permissions to use when creating remote dirs */ | ||
158 | long ssh_auth_types; /* allowed SSH auth types */ | ||
159 | @@ -1851,6 +1849,8 @@ struct UserDefined { | ||
160 | BIT(http09_allowed); /* allow HTTP/0.9 responses */ | ||
161 | BIT(mail_rcpt_allowfails); /* allow RCPT TO command to fail for some | ||
162 | recipients */ | ||
163 | + unsigned char use_ssl; /* if AUTH TLS is to be attempted etc, for FTP or | ||
164 | + IMAP or POP3 or others! (type: curl_usessl)*/ | ||
165 | }; | ||
166 | |||
167 | struct Names { | ||
168 | -- | ||
169 | 2.25.1 | ||
170 | |||