diff options
Diffstat (limited to 'meta/recipes-support/curl/curl/CVE-2023-28320-fol1.patch')
-rw-r--r-- | meta/recipes-support/curl/curl/CVE-2023-28320-fol1.patch | 197 |
1 files changed, 197 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2023-28320-fol1.patch b/meta/recipes-support/curl/curl/CVE-2023-28320-fol1.patch new file mode 100644 index 0000000000..eaa6fdc327 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2023-28320-fol1.patch | |||
@@ -0,0 +1,197 @@ | |||
1 | From f446258f0269a62289cca0210157cb8558d0edc3 Mon Sep 17 00:00:00 2001 | ||
2 | From: Daniel Stenberg <daniel@haxx.se> | ||
3 | Date: Tue, 16 May 2023 23:40:42 +0200 | ||
4 | Subject: [PATCH] hostip: include easy_lock.h before using | ||
5 | GLOBAL_INIT_IS_THREADSAFE | ||
6 | |||
7 | Since that header file is the only place that define can be defined. | ||
8 | |||
9 | Reported-by: Marc Deslauriers | ||
10 | |||
11 | Follow-up to 13718030ad4b3209 | ||
12 | |||
13 | Closes #11121 | ||
14 | |||
15 | Upstream-Status: Backport [https://github.com/curl/curl/commit/f446258f0269a62289cca0210157cb8558d0edc3] | ||
16 | CVE: CVE-2023-28320 | ||
17 | Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> | ||
18 | --- | ||
19 | lib/easy_lock.h | 109 ++++++++++++++++++++++++++++++++++++++++++++++++ | ||
20 | lib/hostip.c | 10 ++--- | ||
21 | lib/hostip.h | 9 ---- | ||
22 | 3 files changed, 113 insertions(+), 15 deletions(-) | ||
23 | create mode 100644 lib/easy_lock.h | ||
24 | |||
25 | diff --git a/lib/easy_lock.h b/lib/easy_lock.h | ||
26 | new file mode 100644 | ||
27 | index 0000000..6399a39 | ||
28 | --- /dev/null | ||
29 | +++ b/lib/easy_lock.h | ||
30 | @@ -0,0 +1,109 @@ | ||
31 | +#ifndef HEADER_CURL_EASY_LOCK_H | ||
32 | +#define HEADER_CURL_EASY_LOCK_H | ||
33 | +/*************************************************************************** | ||
34 | + * _ _ ____ _ | ||
35 | + * Project ___| | | | _ \| | | ||
36 | + * / __| | | | |_) | | | ||
37 | + * | (__| |_| | _ <| |___ | ||
38 | + * \___|\___/|_| \_\_____| | ||
39 | + * | ||
40 | + * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. | ||
41 | + * | ||
42 | + * This software is licensed as described in the file COPYING, which | ||
43 | + * you should have received as part of this distribution. The terms | ||
44 | + * are also available at https://curl.se/docs/copyright.html. | ||
45 | + * | ||
46 | + * You may opt to use, copy, modify, merge, publish, distribute and/or sell | ||
47 | + * copies of the Software, and permit persons to whom the Software is | ||
48 | + * furnished to do so, under the terms of the COPYING file. | ||
49 | + * | ||
50 | + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY | ||
51 | + * KIND, either express or implied. | ||
52 | + * | ||
53 | + * SPDX-License-Identifier: curl | ||
54 | + * | ||
55 | + ***************************************************************************/ | ||
56 | + | ||
57 | +#include "curl_setup.h" | ||
58 | + | ||
59 | +#define GLOBAL_INIT_IS_THREADSAFE | ||
60 | + | ||
61 | +#if defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x600 | ||
62 | + | ||
63 | +#ifdef __MINGW32__ | ||
64 | +#ifndef __MINGW64_VERSION_MAJOR | ||
65 | +#if (__MINGW32_MAJOR_VERSION < 5) || \ | ||
66 | + (__MINGW32_MAJOR_VERSION == 5 && __MINGW32_MINOR_VERSION == 0) | ||
67 | +/* mingw >= 5.0.1 defines SRWLOCK, and slightly different from MS define */ | ||
68 | +typedef PVOID SRWLOCK, *PSRWLOCK; | ||
69 | +#endif | ||
70 | +#endif | ||
71 | +#ifndef SRWLOCK_INIT | ||
72 | +#define SRWLOCK_INIT NULL | ||
73 | +#endif | ||
74 | +#endif /* __MINGW32__ */ | ||
75 | + | ||
76 | +#define curl_simple_lock SRWLOCK | ||
77 | +#define CURL_SIMPLE_LOCK_INIT SRWLOCK_INIT | ||
78 | + | ||
79 | +#define curl_simple_lock_lock(m) AcquireSRWLockExclusive(m) | ||
80 | +#define curl_simple_lock_unlock(m) ReleaseSRWLockExclusive(m) | ||
81 | + | ||
82 | +#elif defined(HAVE_ATOMIC) && defined(HAVE_STDATOMIC_H) | ||
83 | +#include <stdatomic.h> | ||
84 | +#if defined(HAVE_SCHED_YIELD) | ||
85 | +#include <sched.h> | ||
86 | +#endif | ||
87 | + | ||
88 | +#define curl_simple_lock atomic_int | ||
89 | +#define CURL_SIMPLE_LOCK_INIT 0 | ||
90 | + | ||
91 | +/* a clang-thing */ | ||
92 | +#ifndef __has_builtin | ||
93 | +#define __has_builtin(x) 0 | ||
94 | +#endif | ||
95 | + | ||
96 | +#ifndef __INTEL_COMPILER | ||
97 | +/* The Intel compiler tries to look like GCC *and* clang *and* lies in its | ||
98 | + __has_builtin() function, so override it. */ | ||
99 | + | ||
100 | +/* if GCC on i386/x86_64 or if the built-in is present */ | ||
101 | +#if ( (defined(__GNUC__) && !defined(__clang__)) && \ | ||
102 | + (defined(__i386__) || defined(__x86_64__))) || \ | ||
103 | + __has_builtin(__builtin_ia32_pause) | ||
104 | +#define HAVE_BUILTIN_IA32_PAUSE | ||
105 | +#endif | ||
106 | + | ||
107 | +#endif | ||
108 | + | ||
109 | +static inline void curl_simple_lock_lock(curl_simple_lock *lock) | ||
110 | +{ | ||
111 | + for(;;) { | ||
112 | + if(!atomic_exchange_explicit(lock, true, memory_order_acquire)) | ||
113 | + break; | ||
114 | + /* Reduce cache coherency traffic */ | ||
115 | + while(atomic_load_explicit(lock, memory_order_relaxed)) { | ||
116 | + /* Reduce load (not mandatory) */ | ||
117 | +#ifdef HAVE_BUILTIN_IA32_PAUSE | ||
118 | + __builtin_ia32_pause(); | ||
119 | +#elif defined(__aarch64__) | ||
120 | + __asm__ volatile("yield" ::: "memory"); | ||
121 | +#elif defined(HAVE_SCHED_YIELD) | ||
122 | + sched_yield(); | ||
123 | +#endif | ||
124 | + } | ||
125 | + } | ||
126 | +} | ||
127 | + | ||
128 | +static inline void curl_simple_lock_unlock(curl_simple_lock *lock) | ||
129 | +{ | ||
130 | + atomic_store_explicit(lock, false, memory_order_release); | ||
131 | +} | ||
132 | + | ||
133 | +#else | ||
134 | + | ||
135 | +#undef GLOBAL_INIT_IS_THREADSAFE | ||
136 | + | ||
137 | +#endif | ||
138 | + | ||
139 | +#endif /* HEADER_CURL_EASY_LOCK_H */ | ||
140 | diff --git a/lib/hostip.c b/lib/hostip.c | ||
141 | index 5231a74..d5bf881 100644 | ||
142 | --- a/lib/hostip.c | ||
143 | +++ b/lib/hostip.c | ||
144 | @@ -68,6 +68,8 @@ | ||
145 | #include "curl_memory.h" | ||
146 | #include "memdebug.h" | ||
147 | |||
148 | +#include "easy_lock.h" | ||
149 | + | ||
150 | #if defined(CURLRES_SYNCH) && \ | ||
151 | defined(HAVE_ALARM) && \ | ||
152 | defined(SIGALRM) && \ | ||
153 | @@ -77,10 +79,6 @@ | ||
154 | #define USE_ALARM_TIMEOUT | ||
155 | #endif | ||
156 | |||
157 | -#ifdef USE_ALARM_TIMEOUT | ||
158 | -#include "easy_lock.h" | ||
159 | -#endif | ||
160 | - | ||
161 | #define MAX_HOSTCACHE_LEN (255 + 7) /* max FQDN + colon + port number + zero */ | ||
162 | |||
163 | /* | ||
164 | @@ -259,8 +257,8 @@ void Curl_hostcache_prune(struct Curl_easy *data) | ||
165 | /* Beware this is a global and unique instance. This is used to store the | ||
166 | return address that we can jump back to from inside a signal handler. This | ||
167 | is not thread-safe stuff. */ | ||
168 | -sigjmp_buf curl_jmpenv; | ||
169 | -curl_simple_lock curl_jmpenv_lock; | ||
170 | +static sigjmp_buf curl_jmpenv; | ||
171 | +static curl_simple_lock curl_jmpenv_lock; | ||
172 | #endif | ||
173 | |||
174 | /* lookup address, returns entry if found and not stale */ | ||
175 | diff --git a/lib/hostip.h b/lib/hostip.h | ||
176 | index baf1e58..d7f73d9 100644 | ||
177 | --- a/lib/hostip.h | ||
178 | +++ b/lib/hostip.h | ||
179 | @@ -196,15 +196,6 @@ Curl_cache_addr(struct Curl_easy *data, Curl_addrinfo *addr, | ||
180 | #define CURL_INADDR_NONE INADDR_NONE | ||
181 | #endif | ||
182 | |||
183 | -#ifdef HAVE_SIGSETJMP | ||
184 | -/* Forward-declaration of variable defined in hostip.c. Beware this | ||
185 | - * is a global and unique instance. This is used to store the return | ||
186 | - * address that we can jump back to from inside a signal handler. | ||
187 | - * This is not thread-safe stuff. | ||
188 | - */ | ||
189 | -extern sigjmp_buf curl_jmpenv; | ||
190 | -#endif | ||
191 | - | ||
192 | /* | ||
193 | * Function provided by the resolver backend to set DNS servers to use. | ||
194 | */ | ||
195 | -- | ||
196 | 2.25.1 | ||
197 | |||