diff options
Diffstat (limited to 'meta/recipes-support/curl/curl/CVE-2023-28322.patch')
-rw-r--r-- | meta/recipes-support/curl/curl/CVE-2023-28322.patch | 380 |
1 files changed, 380 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2023-28322.patch b/meta/recipes-support/curl/curl/CVE-2023-28322.patch new file mode 100644 index 0000000000..9351a2c286 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2023-28322.patch | |||
@@ -0,0 +1,380 @@ | |||
1 | CVE: CVE-2023-28322 | ||
2 | Upstream-Status: Backport [ import patch from ubuntu curl_7.68.0-1ubuntu2.20 | ||
3 | upstream https://github.com/curl/curl/commit/7815647d6582c0a4900be2e1de ] | ||
4 | Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> | ||
5 | |||
6 | Backport of: | ||
7 | |||
8 | From 7815647d6582c0a4900be2e1de6c5e61272c496b Mon Sep 17 00:00:00 2001 | ||
9 | From: Daniel Stenberg <daniel@haxx.se> | ||
10 | Date: Tue, 25 Apr 2023 08:28:01 +0200 | ||
11 | Subject: [PATCH] lib: unify the upload/method handling | ||
12 | |||
13 | By making sure we set state.upload based on the set.method value and not | ||
14 | independently as set.upload, we reduce confusion and mixup risks, both | ||
15 | internally and externally. | ||
16 | |||
17 | Closes #11017 | ||
18 | --- | ||
19 | lib/curl_rtmp.c | 4 ++-- | ||
20 | lib/file.c | 4 ++-- | ||
21 | lib/ftp.c | 8 ++++---- | ||
22 | lib/http.c | 4 ++-- | ||
23 | lib/imap.c | 6 +++--- | ||
24 | lib/rtsp.c | 4 ++-- | ||
25 | lib/setopt.c | 6 ++---- | ||
26 | lib/smb.c | 6 +++--- | ||
27 | lib/smtp.c | 4 ++-- | ||
28 | lib/tftp.c | 8 ++++---- | ||
29 | lib/transfer.c | 4 ++-- | ||
30 | lib/urldata.h | 2 +- | ||
31 | lib/vssh/libssh.c | 6 +++--- | ||
32 | lib/vssh/libssh2.c | 6 +++--- | ||
33 | lib/vssh/wolfssh.c | 2 +- | ||
34 | 15 files changed, 36 insertions(+), 38 deletions(-) | ||
35 | |||
36 | --- a/lib/curl_rtmp.c | ||
37 | +++ b/lib/curl_rtmp.c | ||
38 | @@ -213,7 +213,7 @@ static CURLcode rtmp_connect(struct conn | ||
39 | /* We have to know if it's a write before we send the | ||
40 | * connect request packet | ||
41 | */ | ||
42 | - if(conn->data->set.upload) | ||
43 | + if(conn->data->state.upload) | ||
44 | r->Link.protocol |= RTMP_FEATURE_WRITE; | ||
45 | |||
46 | /* For plain streams, use the buffer toggle trick to keep data flowing */ | ||
47 | @@ -245,7 +245,7 @@ static CURLcode rtmp_do(struct connectda | ||
48 | if(!RTMP_ConnectStream(r, 0)) | ||
49 | return CURLE_FAILED_INIT; | ||
50 | |||
51 | - if(conn->data->set.upload) { | ||
52 | + if(conn->data->state.upload) { | ||
53 | Curl_pgrsSetUploadSize(data, data->state.infilesize); | ||
54 | Curl_setup_transfer(data, -1, -1, FALSE, FIRSTSOCKET); | ||
55 | } | ||
56 | --- a/lib/file.c | ||
57 | +++ b/lib/file.c | ||
58 | @@ -198,7 +198,7 @@ static CURLcode file_connect(struct conn | ||
59 | file->freepath = real_path; /* free this when done */ | ||
60 | |||
61 | file->fd = fd; | ||
62 | - if(!data->set.upload && (fd == -1)) { | ||
63 | + if(!data->state.upload && (fd == -1)) { | ||
64 | failf(data, "Couldn't open file %s", data->state.up.path); | ||
65 | file_done(conn, CURLE_FILE_COULDNT_READ_FILE, FALSE); | ||
66 | return CURLE_FILE_COULDNT_READ_FILE; | ||
67 | @@ -390,7 +390,7 @@ static CURLcode file_do(struct connectda | ||
68 | |||
69 | Curl_pgrsStartNow(data); | ||
70 | |||
71 | - if(data->set.upload) | ||
72 | + if(data->state.upload) | ||
73 | return file_upload(conn); | ||
74 | |||
75 | file = conn->data->req.protop; | ||
76 | --- a/lib/ftp.c | ||
77 | +++ b/lib/ftp.c | ||
78 | @@ -1371,7 +1371,7 @@ static CURLcode ftp_state_prepare_transf | ||
79 | data->set.str[STRING_CUSTOMREQUEST]: | ||
80 | (data->set.ftp_list_only?"NLST":"LIST")); | ||
81 | } | ||
82 | - else if(data->set.upload) { | ||
83 | + else if(data->state.upload) { | ||
84 | PPSENDF(&conn->proto.ftpc.pp, "PRET STOR %s", conn->proto.ftpc.file); | ||
85 | } | ||
86 | else { | ||
87 | @@ -3303,7 +3303,7 @@ static CURLcode ftp_done(struct connectd | ||
88 | /* the response code from the transfer showed an error already so no | ||
89 | use checking further */ | ||
90 | ; | ||
91 | - else if(data->set.upload) { | ||
92 | + else if(data->state.upload) { | ||
93 | if((-1 != data->state.infilesize) && | ||
94 | (data->state.infilesize != data->req.writebytecount) && | ||
95 | !data->set.crlf && | ||
96 | @@ -3570,7 +3570,7 @@ static CURLcode ftp_do_more(struct conne | ||
97 | connected back to us */ | ||
98 | } | ||
99 | } | ||
100 | - else if(data->set.upload) { | ||
101 | + else if(data->state.upload) { | ||
102 | result = ftp_nb_type(conn, data->set.prefer_ascii, FTP_STOR_TYPE); | ||
103 | if(result) | ||
104 | return result; | ||
105 | @@ -4209,7 +4209,7 @@ CURLcode ftp_parse_url_path(struct conne | ||
106 | ftpc->file = NULL; /* instead of point to a zero byte, | ||
107 | we make it a NULL pointer */ | ||
108 | |||
109 | - if(data->set.upload && !ftpc->file && (ftp->transfer == FTPTRANSFER_BODY)) { | ||
110 | + if(data->state.upload && !ftpc->file && (ftp->transfer == FTPTRANSFER_BODY)) { | ||
111 | /* We need a file name when uploading. Return error! */ | ||
112 | failf(data, "Uploading to a URL without a file name!"); | ||
113 | free(rawPath); | ||
114 | --- a/lib/http.c | ||
115 | +++ b/lib/http.c | ||
116 | @@ -2080,7 +2080,7 @@ CURLcode Curl_http(struct connectdata *c | ||
117 | } | ||
118 | |||
119 | if((conn->handler->protocol&(PROTO_FAMILY_HTTP|CURLPROTO_FTP)) && | ||
120 | - data->set.upload) { | ||
121 | + data->state.upload) { | ||
122 | httpreq = HTTPREQ_PUT; | ||
123 | } | ||
124 | |||
125 | @@ -2261,7 +2261,7 @@ CURLcode Curl_http(struct connectdata *c | ||
126 | if((conn->handler->protocol & PROTO_FAMILY_HTTP) && | ||
127 | (((httpreq == HTTPREQ_POST_MIME || httpreq == HTTPREQ_POST_FORM) && | ||
128 | http->postsize < 0) || | ||
129 | - ((data->set.upload || httpreq == HTTPREQ_POST) && | ||
130 | + ((data->state.upload || httpreq == HTTPREQ_POST) && | ||
131 | data->state.infilesize == -1))) { | ||
132 | if(conn->bits.authneg) | ||
133 | /* don't enable chunked during auth neg */ | ||
134 | --- a/lib/imap.c | ||
135 | +++ b/lib/imap.c | ||
136 | @@ -1469,11 +1469,11 @@ static CURLcode imap_done(struct connect | ||
137 | result = status; /* use the already set error code */ | ||
138 | } | ||
139 | else if(!data->set.connect_only && !imap->custom && | ||
140 | - (imap->uid || imap->mindex || data->set.upload || | ||
141 | + (imap->uid || imap->mindex || data->state.upload || | ||
142 | data->set.mimepost.kind != MIMEKIND_NONE)) { | ||
143 | /* Handle responses after FETCH or APPEND transfer has finished */ | ||
144 | |||
145 | - if(!data->set.upload && data->set.mimepost.kind == MIMEKIND_NONE) | ||
146 | + if(!data->state.upload && data->set.mimepost.kind == MIMEKIND_NONE) | ||
147 | state(conn, IMAP_FETCH_FINAL); | ||
148 | else { | ||
149 | /* End the APPEND command first by sending an empty line */ | ||
150 | @@ -1539,7 +1539,7 @@ static CURLcode imap_perform(struct conn | ||
151 | selected = TRUE; | ||
152 | |||
153 | /* Start the first command in the DO phase */ | ||
154 | - if(conn->data->set.upload || data->set.mimepost.kind != MIMEKIND_NONE) | ||
155 | + if(conn->data->state.upload || data->set.mimepost.kind != MIMEKIND_NONE) | ||
156 | /* APPEND can be executed directly */ | ||
157 | result = imap_perform_append(conn); | ||
158 | else if(imap->custom && (selected || !imap->mailbox)) | ||
159 | --- a/lib/rtsp.c | ||
160 | +++ b/lib/rtsp.c | ||
161 | @@ -499,7 +499,7 @@ static CURLcode rtsp_do(struct connectda | ||
162 | rtspreq == RTSPREQ_SET_PARAMETER || | ||
163 | rtspreq == RTSPREQ_GET_PARAMETER) { | ||
164 | |||
165 | - if(data->set.upload) { | ||
166 | + if(data->state.upload) { | ||
167 | putsize = data->state.infilesize; | ||
168 | data->set.httpreq = HTTPREQ_PUT; | ||
169 | |||
170 | @@ -518,7 +518,7 @@ static CURLcode rtsp_do(struct connectda | ||
171 | result = | ||
172 | Curl_add_bufferf(&req_buffer, | ||
173 | "Content-Length: %" CURL_FORMAT_CURL_OFF_T"\r\n", | ||
174 | - (data->set.upload ? putsize : postsize)); | ||
175 | + (data->state.upload ? putsize : postsize)); | ||
176 | if(result) | ||
177 | return result; | ||
178 | } | ||
179 | --- a/lib/setopt.c | ||
180 | +++ b/lib/setopt.c | ||
181 | @@ -258,8 +258,8 @@ CURLcode Curl_vsetopt(struct Curl_easy * | ||
182 | * We want to sent data to the remote host. If this is HTTP, that equals | ||
183 | * using the PUT request. | ||
184 | */ | ||
185 | - data->set.upload = (0 != va_arg(param, long)) ? TRUE : FALSE; | ||
186 | - if(data->set.upload) { | ||
187 | + arg = va_arg(param, long); | ||
188 | + if(arg) { | ||
189 | /* If this is HTTP, PUT is what's needed to "upload" */ | ||
190 | data->set.httpreq = HTTPREQ_PUT; | ||
191 | data->set.opt_no_body = FALSE; /* this is implied */ | ||
192 | @@ -486,7 +486,6 @@ CURLcode Curl_vsetopt(struct Curl_easy * | ||
193 | } | ||
194 | else | ||
195 | data->set.httpreq = HTTPREQ_GET; | ||
196 | - data->set.upload = FALSE; | ||
197 | break; | ||
198 | |||
199 | case CURLOPT_COPYPOSTFIELDS: | ||
200 | @@ -797,7 +796,6 @@ CURLcode Curl_vsetopt(struct Curl_easy * | ||
201 | */ | ||
202 | if(va_arg(param, long)) { | ||
203 | data->set.httpreq = HTTPREQ_GET; | ||
204 | - data->set.upload = FALSE; /* switch off upload */ | ||
205 | data->set.opt_no_body = FALSE; /* this is implied */ | ||
206 | } | ||
207 | break; | ||
208 | --- a/lib/smb.c | ||
209 | +++ b/lib/smb.c | ||
210 | @@ -516,7 +516,7 @@ static CURLcode smb_send_open(struct con | ||
211 | byte_count = strlen(req->path); | ||
212 | msg.name_length = smb_swap16((unsigned short)byte_count); | ||
213 | msg.share_access = smb_swap32(SMB_FILE_SHARE_ALL); | ||
214 | - if(conn->data->set.upload) { | ||
215 | + if(conn->data->state.upload) { | ||
216 | msg.access = smb_swap32(SMB_GENERIC_READ | SMB_GENERIC_WRITE); | ||
217 | msg.create_disposition = smb_swap32(SMB_FILE_OVERWRITE_IF); | ||
218 | } | ||
219 | @@ -792,7 +792,7 @@ static CURLcode smb_request_state(struct | ||
220 | smb_m = (const struct smb_nt_create_response*) msg; | ||
221 | req->fid = smb_swap16(smb_m->fid); | ||
222 | conn->data->req.offset = 0; | ||
223 | - if(conn->data->set.upload) { | ||
224 | + if(conn->data->state.upload) { | ||
225 | conn->data->req.size = conn->data->state.infilesize; | ||
226 | Curl_pgrsSetUploadSize(conn->data, conn->data->req.size); | ||
227 | next_state = SMB_UPLOAD; | ||
228 | --- a/lib/smtp.c | ||
229 | +++ b/lib/smtp.c | ||
230 | @@ -1210,7 +1210,7 @@ static CURLcode smtp_done(struct connect | ||
231 | result = status; /* use the already set error code */ | ||
232 | } | ||
233 | else if(!data->set.connect_only && data->set.mail_rcpt && | ||
234 | - (data->set.upload || data->set.mimepost.kind)) { | ||
235 | + (data->state.upload || data->set.mimepost.kind)) { | ||
236 | /* Calculate the EOB taking into account any terminating CRLF from the | ||
237 | previous line of the email or the CRLF of the DATA command when there | ||
238 | is "no mail data". RFC-5321, sect. 4.1.1.4. | ||
239 | @@ -1297,7 +1297,7 @@ static CURLcode smtp_perform(struct conn | ||
240 | smtp->eob = 2; | ||
241 | |||
242 | /* Start the first command in the DO phase */ | ||
243 | - if((data->set.upload || data->set.mimepost.kind) && data->set.mail_rcpt) | ||
244 | + if((data->state.upload || data->set.mimepost.kind) && data->set.mail_rcpt) | ||
245 | /* MAIL transfer */ | ||
246 | result = smtp_perform_mail(conn); | ||
247 | else | ||
248 | --- a/lib/tftp.c | ||
249 | +++ b/lib/tftp.c | ||
250 | @@ -390,7 +390,7 @@ static CURLcode tftp_parse_option_ack(tf | ||
251 | |||
252 | /* tsize should be ignored on upload: Who cares about the size of the | ||
253 | remote file? */ | ||
254 | - if(!data->set.upload) { | ||
255 | + if(!data->state.upload) { | ||
256 | if(!tsize) { | ||
257 | failf(data, "invalid tsize -:%s:- value in OACK packet", value); | ||
258 | return CURLE_TFTP_ILLEGAL; | ||
259 | @@ -470,7 +470,7 @@ static CURLcode tftp_send_first(tftp_sta | ||
260 | return result; | ||
261 | } | ||
262 | |||
263 | - if(data->set.upload) { | ||
264 | + if(data->state.upload) { | ||
265 | /* If we are uploading, send an WRQ */ | ||
266 | setpacketevent(&state->spacket, TFTP_EVENT_WRQ); | ||
267 | state->conn->data->req.upload_fromhere = | ||
268 | @@ -505,7 +505,7 @@ static CURLcode tftp_send_first(tftp_sta | ||
269 | if(!data->set.tftp_no_options) { | ||
270 | char buf[64]; | ||
271 | /* add tsize option */ | ||
272 | - if(data->set.upload && (data->state.infilesize != -1)) | ||
273 | + if(data->state.upload && (data->state.infilesize != -1)) | ||
274 | msnprintf(buf, sizeof(buf), "%" CURL_FORMAT_CURL_OFF_T, | ||
275 | data->state.infilesize); | ||
276 | else | ||
277 | @@ -559,7 +559,7 @@ static CURLcode tftp_send_first(tftp_sta | ||
278 | break; | ||
279 | |||
280 | case TFTP_EVENT_OACK: | ||
281 | - if(data->set.upload) { | ||
282 | + if(data->state.upload) { | ||
283 | result = tftp_connect_for_tx(state, event); | ||
284 | } | ||
285 | else { | ||
286 | --- a/lib/transfer.c | ||
287 | +++ b/lib/transfer.c | ||
288 | @@ -1405,6 +1405,7 @@ void Curl_init_CONNECT(struct Curl_easy | ||
289 | { | ||
290 | data->state.fread_func = data->set.fread_func_set; | ||
291 | data->state.in = data->set.in_set; | ||
292 | + data->state.upload = (data->set.httpreq == HTTPREQ_PUT); | ||
293 | } | ||
294 | |||
295 | /* | ||
296 | @@ -1816,7 +1817,7 @@ CURLcode Curl_retry_request(struct conne | ||
297 | |||
298 | /* if we're talking upload, we can't do the checks below, unless the protocol | ||
299 | is HTTP as when uploading over HTTP we will still get a response */ | ||
300 | - if(data->set.upload && | ||
301 | + if(data->state.upload && | ||
302 | !(conn->handler->protocol&(PROTO_FAMILY_HTTP|CURLPROTO_RTSP))) | ||
303 | return CURLE_OK; | ||
304 | |||
305 | --- a/lib/urldata.h | ||
306 | +++ b/lib/urldata.h | ||
307 | @@ -1427,6 +1427,7 @@ struct UrlState { | ||
308 | BIT(stream_depends_e); /* set or don't set the Exclusive bit */ | ||
309 | BIT(previouslypending); /* this transfer WAS in the multi->pending queue */ | ||
310 | BIT(cookie_engine); | ||
311 | + BIT(upload); /* upload request */ | ||
312 | }; | ||
313 | |||
314 | |||
315 | @@ -1762,7 +1763,6 @@ struct UserDefined { | ||
316 | BIT(http_auto_referer); /* set "correct" referer when following | ||
317 | location: */ | ||
318 | BIT(opt_no_body); /* as set with CURLOPT_NOBODY */ | ||
319 | - BIT(upload); /* upload request */ | ||
320 | BIT(verbose); /* output verbosity */ | ||
321 | BIT(krb); /* Kerberos connection requested */ | ||
322 | BIT(reuse_forbid); /* forbidden to be reused, close after use */ | ||
323 | --- a/lib/vssh/libssh.c | ||
324 | +++ b/lib/vssh/libssh.c | ||
325 | @@ -1076,7 +1076,7 @@ static CURLcode myssh_statemach_act(stru | ||
326 | } | ||
327 | |||
328 | case SSH_SFTP_TRANS_INIT: | ||
329 | - if(data->set.upload) | ||
330 | + if(data->state.upload) | ||
331 | state(conn, SSH_SFTP_UPLOAD_INIT); | ||
332 | else { | ||
333 | if(protop->path[strlen(protop->path)-1] == '/') | ||
334 | @@ -1686,7 +1686,7 @@ static CURLcode myssh_statemach_act(stru | ||
335 | /* Functions from the SCP subsystem cannot handle/return SSH_AGAIN */ | ||
336 | ssh_set_blocking(sshc->ssh_session, 1); | ||
337 | |||
338 | - if(data->set.upload) { | ||
339 | + if(data->state.upload) { | ||
340 | if(data->state.infilesize < 0) { | ||
341 | failf(data, "SCP requires a known file size for upload"); | ||
342 | sshc->actualcode = CURLE_UPLOAD_FAILED; | ||
343 | @@ -1787,7 +1787,7 @@ static CURLcode myssh_statemach_act(stru | ||
344 | break; | ||
345 | } | ||
346 | case SSH_SCP_DONE: | ||
347 | - if(data->set.upload) | ||
348 | + if(data->state.upload) | ||
349 | state(conn, SSH_SCP_SEND_EOF); | ||
350 | else | ||
351 | state(conn, SSH_SCP_CHANNEL_FREE); | ||
352 | --- a/lib/vssh/libssh2.c | ||
353 | +++ b/lib/vssh/libssh2.c | ||
354 | @@ -1664,7 +1664,7 @@ static CURLcode ssh_statemach_act(struct | ||
355 | } | ||
356 | |||
357 | case SSH_SFTP_TRANS_INIT: | ||
358 | - if(data->set.upload) | ||
359 | + if(data->state.upload) | ||
360 | state(conn, SSH_SFTP_UPLOAD_INIT); | ||
361 | else { | ||
362 | if(sftp_scp->path[strlen(sftp_scp->path)-1] == '/') | ||
363 | @@ -2366,7 +2366,7 @@ static CURLcode ssh_statemach_act(struct | ||
364 | break; | ||
365 | } | ||
366 | |||
367 | - if(data->set.upload) { | ||
368 | + if(data->state.upload) { | ||
369 | if(data->state.infilesize < 0) { | ||
370 | failf(data, "SCP requires a known file size for upload"); | ||
371 | sshc->actualcode = CURLE_UPLOAD_FAILED; | ||
372 | @@ -2504,7 +2504,7 @@ static CURLcode ssh_statemach_act(struct | ||
373 | break; | ||
374 | |||
375 | case SSH_SCP_DONE: | ||
376 | - if(data->set.upload) | ||
377 | + if(data->state.upload) | ||
378 | state(conn, SSH_SCP_SEND_EOF); | ||
379 | else | ||
380 | state(conn, SSH_SCP_CHANNEL_FREE); | ||