packages/curl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!213 [sync] PR-212: fix double-free when using https with tunneling proxy

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @robertxw 
Signed-off-by: @robertxw
This commit is contained in:
openeuler-ci-bot 2023-07-05 06:08:04 +00:00 committed by Gitee
commit 336aea68fa
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
11 changed files with 594 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
backport-0002-CVE-2023-23916.patch
View File

@ -64,7 +64,7 @@ index 879d846..660ee28 100644
test409 test410 \
-\
+test418 \
test430 test431 test432 test433 test434 test435 test445 test446\
test430 test431 test432 test433 test434 test435 test446\
\
test490 test491 test492 test493 test494 \
diff --git a/tests/data/test418 b/tests/data/test418

4
backport-0004-CVE-2023-23914-CVE-2023-23915.patch
View File

@ -19,8 +19,8 @@ index f79b63e..879d846 100644
test400 test401 test402 test403 test404 test405 test406 test407 test408 \
test409 test410 \
\
-test430 test431 test432 test433 test434 test435 test445\
+test430 test431 test432 test433 test434 test435 test445 test446\
-test430 test431 test432 test433 test434 test435 \
+test430 test431 test432 test433 test434 test435 test446\
\
test490 test491 test492 test493 test494 \
\

22
backport-CVE-2022-42915.patch
View File

@ -10,25 +10,27 @@ Closes #9790
Upstream-commit: 55e1875729f9d9fc7315cec611bffbd2c817ad89
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
Conflict: NA
Conflict: context adapt
Reference:https://src.fedoraproject.org/rpms/curl/blob/f35/f/0017-curl-7.82.0-CVE-2022-42915.patch
---
lib/http_proxy.c | 3 +--
lib/http_proxy.c | 6 ++----
lib/url.c | 9 ---------
2 files changed, 1 insertion(+), 11 deletions(-)
2 files changed, 2 insertion(+), 13 deletions(-)
diff --git a/lib/http_proxy.c b/lib/http_proxy.c
index 1f87f6c..cc20b3a 100644
--- a/lib/http_proxy.c
+++ b/lib/http_proxy.c
@@ -207,9 +207,8 @@ static void connect_done(struct Curl_easy *data)
@@ -207,10 +207,8 @@ static void connect_done(struct Curl_easy *data)
Curl_dyn_free(&s->rcvbuf);
Curl_dyn_free(&s->req);
- /* retore the protocol pointer */
+ /* restore the protocol pointer */
data->req.p.http = s->prot_save;
- /* restore the protocol pointer, if not already done */
- if(s->prot_save)
- data->req.p.http = s->prot_save;
- s->prot_save = NULL;
+ /* restore the protocol pointer */
+ data->req.p.http = s->prot_save;
infof(data, "CONNECT phase completed!");
}
}
@ -77,9 +79,9 @@ index 1f774ce..f79b63e 100644
@@ -67,7 +67,7 @@ test392 test393 test394 test395 test396 test397 \
test400 test401 test402 test403 test404 test405 test406 test407 test408 \
test409 test410 \
\
-test430 test431 test432 test433 test434 test435 \
+test430 test431 test432 test433 test434 test435 test445\
test418 \
-test430 test431 test432 test433 test434 test435 test446\
+test430 test431 test432 test433 test434 test435 test445 test446\
\
test490 test491 test492 test493 test494 \
\

38
backport-Curl_connect_done-handle-being-called-twice.patch Normal file
View File

@ -0,0 +1,38 @@
From b89a4b5191e8471acca14d7de904213b0aa20125 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 12 Nov 2021 13:34:49 +0100
Subject: [PATCH 1/1] Curl_connect_done: handle being called twice
Follow-up to f0b7099a10d1a7c
When torture testing 1021, it turns out the Curl_connect_done function
might be called twice and that previously then wrongly cleared the HTTP
pointer in the second invoke.
Closes #7999
Conflict:context adapt
Reference:https://github.com/curl/curl/commit/b89a4b5191e8471acca14d7de904213b0aa20125
---
lib/http_proxy.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/lib/http_proxy.c b/lib/http_proxy.c
index cfe616fa6..2555b401a 100644
--- a/lib/http_proxy.c
+++ b/lib/http_proxy.c
@@ -207,8 +207,9 @@ void Curl_connect_done(struct Curl_easy *data)
Curl_dyn_free(&s->rcvbuf);
Curl_dyn_free(&s->req);
- /* retore the protocol pointer */
- data->req.p.http = s->prot_save;
+ /* restore the protocol pointer, if not already done */
+ if(s->prot_save)
+ data->req.p.http = s->prot_save;
s->prot_save = NULL;
infof(data, "CONNECT phase completed!");
}
--
2.33.0

36
backport-curl_easy_cleanup.3-remove-from-multi-handle-first.patch Normal file
View File

@ -0,0 +1,36 @@
From 11a46d6d66c32e4be7015aca92008d979f8b90a2 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 10 Nov 2021 08:41:51 +0100
Subject: [PATCH] curl_easy_cleanup.3: remove from multi handle first
Easy handles that are used by the multi interface should be removed from
the multi handle before they are cleaned up.
Reported-by: Stephen M. Coakley
Ref: #7982
Closes #7983
Conflict:context adapt
Reference:https://github.com/curl/curl/commit/f0b7099a10d1a7cfbbe8f67b0ecdff5846f9805b
---
docs/libcurl/curl_easy_cleanup.3 | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/docs/libcurl/curl_easy_cleanup.3 b/docs/libcurl/curl_easy_cleanup.3
index 3c3425624..c62f4e073 100644
--- a/docs/libcurl/curl_easy_cleanup.3
+++ b/docs/libcurl/curl_easy_cleanup.3
@@ -47,6 +47,10 @@ Any use of the \fBhandle\fP after this function has been called and have
returned, is illegal. \fIcurl_easy_cleanup(3)\fP kills the handle and all
memory associated with it!
+To close an easy handle that has been used with the multi interface, make sure
+to call \fIcurl_multi_remove_handle(3)\fP first to remove it from the multi
+handle before it is closed.
+
Passing in a NULL pointer in \fIhandle\fP will make this function return
immediately with no action.
.SH "OLD TIMES"
--
2.33.0

46
backport-http_proxy-make-Curl_connect_done-work-for-proxy-dis.patch Normal file
View File

@ -0,0 +1,46 @@
From 2989b11377c215884ae5a50c07607f75a31dc2ff Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 12 Nov 2021 08:08:34 +0100
Subject: [PATCH] http_proxy: make Curl_connect_done() work for proxy disabled
builds
... by making it an empty macro then.
Follow-up to f0b7099a10d1a
Reported-by: Vincent Grande
Fixes #7995
Closes #7996
Conflict:NA
Reference:https://github.com/curl/curl/commit/2989b11377c215884ae5a50c07607f75a31dc2ff
---
lib/http_proxy.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lib/http_proxy.h b/lib/http_proxy.h
index cdf8de4fb..2820e1184 100644
--- a/lib/http_proxy.h
+++ b/lib/http_proxy.h
@@ -39,6 +39,7 @@ CURLcode Curl_proxy_connect(struct Curl_easy *data, int sockindex);
bool Curl_connect_complete(struct connectdata *conn);
bool Curl_connect_ongoing(struct connectdata *conn);
int Curl_connect_getsock(struct connectdata *conn);
+void Curl_connect_done(struct Curl_easy *data);
#else
#define Curl_proxyCONNECT(x,y,z,w) CURLE_NOT_BUILT_IN
@@ -46,10 +47,10 @@ int Curl_connect_getsock(struct connectdata *conn);
#define Curl_connect_complete(x) CURLE_OK
#define Curl_connect_ongoing(x) FALSE
#define Curl_connect_getsock(x) 0
+#define Curl_connect_done(x)
#endif
void Curl_connect_free(struct Curl_easy *data);
-void Curl_connect_done(struct Curl_easy *data);
/* struct for HTTP CONNECT state data */
struct http_connect_state {
--
2.33.0

90
backport-lib1939-make-it-endure-torture-tests.patch Normal file
View File

@ -0,0 +1,90 @@
From 26247a0d7e24c06d5b250f044a951441674a4484 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Sat, 13 Nov 2021 14:13:20 +0100
Subject: [PATCH 1/1] lib1939: make it endure torture tests
Follow-up to f0b7099a10d1a
Closes #8007
Conflict:NA
Reference:https://github.com/curl/curl/commit/26247a0d7e24c06d5b250f044a951441674a4484
---
tests/libtest/lib1939.c | 55 +++++++++++++++++++----------------------
1 file changed, 26 insertions(+), 29 deletions(-)
diff --git a/tests/libtest/lib1939.c b/tests/libtest/lib1939.c
index 644617712..510215dbd 100644
--- a/tests/libtest/lib1939.c
+++ b/tests/libtest/lib1939.c
@@ -33,41 +33,38 @@ int test(char *URL)
curl_global_init(CURL_GLOBAL_DEFAULT);
multi = curl_multi_init();
- if(!multi)
- return 1;
+ if(multi) {
+ easy = curl_easy_init();
+ if(easy) {
+ CURLcode c;
+ CURLMcode m;
- easy = curl_easy_init();
- if(easy) {
- CURLcode c;
- CURLMcode m;
+ /* Crash only happens when using HTTPS */
+ c = curl_easy_setopt(easy, CURLOPT_URL, URL);
+ if(!c)
+ /* Any old HTTP tunneling proxy will do here */
+ c = curl_easy_setopt(easy, CURLOPT_PROXY, libtest_arg2);
- /* Crash only happens when using HTTPS */
- c = curl_easy_setopt(easy, CURLOPT_URL, URL);
- if(!c)
- /* Any old HTTP tunneling proxy will do here */
- c = curl_easy_setopt(easy, CURLOPT_PROXY, libtest_arg2);
+ if(!c) {
- if(c)
- return 2;
+ /* We're going to drive the transfer using multi interface here,
+ because we want to stop during the middle. */
+ m = curl_multi_add_handle(multi, easy);
- /* We're going to drive the transfer using multi interface here, because we
- want to stop during the middle. */
- m = curl_multi_add_handle(multi, easy);
+ if(!m)
+ /* Run the multi handle once, just enough to start establishing an
+ HTTPS connection. */
+ m = curl_multi_perform(multi, &running_handles);
- if(!m)
- /* Run the multi handle once, just enough to start establishing an HTTPS
- connection. */
- m = curl_multi_perform(multi, &running_handles);
-
- if(m)
- return 3;
-
- /* Close the easy handle *before* the multi handle. Doing it the other way
- around avoids the issue. */
- curl_easy_cleanup(easy);
+ if(m)
+ fprintf(stderr, "curl_multi_perform failed\n");
+ }
+ /* Close the easy handle *before* the multi handle. Doing it the other
+ way around avoids the issue. */
+ curl_easy_cleanup(easy);
+ }
+ curl_multi_cleanup(multi); /* double-free happens here */
}
- curl_multi_cleanup(multi); /* double-free happens here */
-
curl_global_cleanup();
return CURLE_OK;
}
--
2.33.0

259
backport-multi-shut-down-CONNECT-in-Curl_detach_connnection.patch Normal file
View File

@ -0,0 +1,259 @@
From f0b7099a10d1a7cfbbe8f67b0ecdff5846f9805b Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 10 Nov 2021 14:42:04 +0100
Subject: [PATCH 1/1] multi: shut down CONNECT in Curl_detach_connnection
... to prevent a lingering pointer that would lead to a double-free.
Added test 1939 to verify.
Reported-by: Stephen M. Coakley
Fixes #7982
Closes #7986
Conflict:context adapt of test makefile
Reference:https://github.com/curl/curl/commit/f0b7099a10d1a7cfbbe8f67b0ecdff5846f9805b
---
lib/http_proxy.c | 10 +++---
lib/multi.c | 1 +
tests/data/Makefile.inc | 2 +-
tests/data/test1939 | 52 +++++++++++++++++++++++++++
tests/libtest/Makefile.inc | 5 +++-
tests/libtest/lib1939.c | 73 ++++++++++++++++++++++++++++++++++++++
6 files changed, 137 insertions(+), 6 deletions(-)
create mode 100644 tests/data/test1939
create mode 100644 tests/libtest/lib1939.c
diff --git a/lib/http_proxy.c b/lib/http_proxy.c
index fc050a07d..cfe616fa6 100644
--- a/lib/http_proxy.c
+++ b/lib/http_proxy.c
@@ -198,11 +198,11 @@ static CURLcode connect_init(struct Curl_easy *data, bool reinit)
return CURLE_OK;
}
-static void connect_done(struct Curl_easy *data)
+void Curl_connect_done(struct Curl_easy *data)
{
struct connectdata *conn = data->conn;
struct http_connect_state *s = conn->connect_state;
- if(s->tunnel_state != TUNNEL_EXIT) {
+ if(s && (s->tunnel_state != TUNNEL_EXIT)) {
s->tunnel_state = TUNNEL_EXIT;
Curl_dyn_free(&s->rcvbuf);
Curl_dyn_free(&s->req);
@@ -662,7 +662,7 @@ static CURLcode CONNECT(struct Curl_easy *data,
if(s->close_connection && data->req.newurl) {
conn->bits.proxy_connect_closed = TRUE;
infof(data, "Connect me again please");
- connect_done(data);
+ Curl_connect_done(data);
}
else {
free(data->req.newurl);
@@ -974,7 +974,7 @@ static CURLcode CONNECT(struct Curl_easy *data,
if(conn->bits.close && data->req.newurl) {
conn->bits.proxy_connect_closed = TRUE;
infof(data, "Connect me again please");
- connect_done(data);
+ Curl_connect_done(data);
}
else {
free(data->req.newurl);
@@ -1048,7 +1048,7 @@ CURLcode Curl_proxyCONNECT(struct Curl_easy *data,
result = CONNECT(data, sockindex, hostname, remote_port);
if(result || Curl_connect_complete(conn))
- connect_done(data);
+ Curl_connect_done(data);
return result;
}
diff --git a/lib/multi.c b/lib/multi.c
index f307d63b9..ce634fcac 100644
--- a/lib/multi.c
+++ b/lib/multi.c
@@ -878,6 +878,7 @@ void Curl_detach_connnection(struct Curl_easy *data)
{
struct connectdata *conn = data->conn;
if(conn) {
+ Curl_connect_done(data); /* if mid-CONNECT, shut it down */
Curl_llist_remove(&conn->easyq, &data->conn_queue, NULL);
Curl_ssl_detach_conn(data, conn);
}
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index 9a8b64bed..b6a503e72 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -216,7 +216,7 @@ test1800 test1801 \
test1908 test1909 test1910 test1911 test1912 test1913 test1914 test1915 \
test1916 test1917 test1918 \
\
-test1933 test1934 test1935 test1936 \
+test1933 test1934 test1935 test1936 test1939 \
\
test2000 test2001 test2002 test2003 test2004 \
\
diff --git a/tests/data/test1939 b/tests/data/test1939
new file mode 100644
index 000000000..0b9987b5b
--- /dev/null
+++ b/tests/data/test1939
@@ -0,0 +1,52 @@
+<testcase>
+<info>
+<keywords>
+CONNECT
+curl_easy_cleanup
+</keywords>
+</info>
+
+# Server-side
+<reply>
+<data nocheck="yes">
+HTTP/1.1 302 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Content-Type: text/html
+Content-Length: 0
+Location: /%TESTNUMBER0002
+
+</data>
+<data2>
+HTTP/1.1 200 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Content-Type: text/html
+Content-Length: 0
+
+</data2>
+</reply>
+
+# Client-side
+<client>
+<server>
+https
+http-proxy
+</server>
+
+<name>
+curl_easy_cleanup without curl_multi_remove_handle - in CONNECT
+</name>
+<tool>
+lib%TESTNUMBER
+</tool>
+
+<command>
+https://%HOSTIP:%HTTPPORT/%TESTNUMBER http://%HOSTIP:%PROXYPORT
+</command>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+</verify>
+</testcase>
diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc
index 8cea7c014..62a7675b1 100644
--- a/tests/libtest/Makefile.inc
+++ b/tests/libtest/Makefile.inc
@@ -61,6 +61,7 @@ noinst_PROGRAMS = chkhostname libauthretry libntlmconnect \
lib1591 lib1592 lib1593 lib1594 lib1596 \
lib1905 lib1906 lib1907 lib1908 lib1910 lib1911 lib1912 lib1913 \
lib1915 lib1916 lib1917 lib1918 lib1933 lib1934 lib1935 lib1936 \
+ lib1939 \
lib3010
chkdecimalpoint_SOURCES = chkdecimalpoint.c ../../lib/mprintf.c \
@@ -715,6 +716,10 @@ lib1938_SOURCES = lib1938.c $(SUPPORTFILES)
lib1936_LDADD = $(TESTUTIL_LIBS)
lib1936_CPPFLAGS = $(AM_CPPFLAGS)
+lib1939_SOURCES = lib1939.c $(SUPPORTFILES)
+lib1939_LDADD = $(TESTUTIL_LIBS)
+lib1939_CPPFLAGS = $(AM_CPPFLAGS)
+
lib3010_SOURCES = lib3010.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
lib3010_LDADD = $(TESTUTIL_LIBS)
lib3010_CPPFLAGS = $(AM_CPPFLAGS)
diff --git a/tests/libtest/lib1939.c b/tests/libtest/lib1939.c
new file mode 100644
index 000000000..644617712
--- /dev/null
+++ b/tests/libtest/lib1939.c
@@ -0,0 +1,73 @@
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "test.h"
+
+#include "memdebug.h"
+
+int test(char *URL)
+{
+ CURLM *multi;
+ CURL *easy;
+ int running_handles;
+
+ curl_global_init(CURL_GLOBAL_DEFAULT);
+
+ multi = curl_multi_init();
+ if(!multi)
+ return 1;
+
+ easy = curl_easy_init();
+ if(easy) {
+ CURLcode c;
+ CURLMcode m;
+
+ /* Crash only happens when using HTTPS */
+ c = curl_easy_setopt(easy, CURLOPT_URL, URL);
+ if(!c)
+ /* Any old HTTP tunneling proxy will do here */
+ c = curl_easy_setopt(easy, CURLOPT_PROXY, libtest_arg2);
+
+ if(c)
+ return 2;
+
+ /* We're going to drive the transfer using multi interface here, because we
+ want to stop during the middle. */
+ m = curl_multi_add_handle(multi, easy);
+
+ if(!m)
+ /* Run the multi handle once, just enough to start establishing an HTTPS
+ connection. */
+ m = curl_multi_perform(multi, &running_handles);
+
+ if(m)
+ return 3;
+
+ /* Close the easy handle *before* the multi handle. Doing it the other way
+ around avoids the issue. */
+ curl_easy_cleanup(easy);
+ }
+ curl_multi_cleanup(multi); /* double-free happens here */
+
+ curl_global_cleanup();
+ return CURLE_OK;
+}
--
2.33.0

32
backport-test1939-require-proxy-support-to-run.patch Normal file
View File

@ -0,0 +1,32 @@
From b7e1443a1d59feea9fc63e5b78276153ac635438 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Sat, 13 Nov 2021 23:43:24 +0100
Subject: [PATCH 1/1] test1939: require proxy support to run
Follow-up to f0b7099a10d1a
Closes #8011
Conflict:NA
Reference:https://github.com/curl/curl/commit/b7e1443a1d59feea9fc63e5b78276153ac635438
---
tests/data/test1939 | 3 +++
1 file changed, 3 insertions(+)
diff --git a/tests/data/test1939 b/tests/data/test1939
index 0b9987b5b..19dc74d2b 100644
--- a/tests/data/test1939
+++ b/tests/data/test1939
@@ -29,6 +29,9 @@ Content-Length: 0
# Client-side
<client>
+<features>
+proxy
+</features>
<server>
https
http-proxy
--
2.33.0

63
backport-tftp-mark-protocol-as-not-possible-to-do-over-CONNEC.patch Normal file
View File

@ -0,0 +1,63 @@
From 4d97fe547322c4ad0868e2282476b1a7d2027f86 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 15 Nov 2021 16:51:32 +0100
Subject: [PATCH 1/1] tftp: mark protocol as not possible to do over CONNECT
... and make connect_init() refusing trying to tunnel protocols marked
as not working. Avoids a double-free.
Reported-by: Even Rouault
Fixes #8018
Closes #8020
Conflict:remove a chunk because the change exists
Reference:https://github.com/curl/curl/commit/4d97fe547322c4ad0868e2282476b1a7d2027f86
---
lib/http_proxy.c | 4 ++++
lib/tftp.c | 2 +-
lib/urldata.h | 1 +
3 files changed, 6 insertions(+), 1 deletions(-)
diff --git a/lib/http_proxy.c b/lib/http_proxy.c
index 2555b401a..e788babed 100644
--- a/lib/http_proxy.c
+++ b/lib/http_proxy.c
@@ -158,6 +158,10 @@ static CURLcode connect_init(struct Curl_easy *data, bool reinit)
{
struct http_connect_state *s;
struct connectdata *conn = data->conn;
+ if(conn->handler->flags & PROTOPT_NOTCPPROXY) {
+ failf(data, "%s cannot be done over CONNECT", conn->handler->scheme);
+ return CURLE_UNSUPPORTED_PROTOCOL;
+ }
if(!reinit) {
CURLcode result;
DEBUGASSERT(!conn->connect_state);
diff --git a/lib/tftp.c b/lib/tftp.c
index 7e5246f01..f8c68441c 100644
--- a/lib/tftp.c
+++ b/lib/tftp.c
@@ -186,7 +186,7 @@ const struct Curl_handler Curl_handler_tftp = {
PORT_TFTP, /* defport */
CURLPROTO_TFTP, /* protocol */
CURLPROTO_TFTP, /* family */
- PROTOPT_NONE | PROTOPT_NOURLQUERY /* flags */
+ PROTOPT_NOTCPPROXY | PROTOPT_NOURLQUERY /* flags */
};
/**********************************************************
diff --git a/lib/urldata.h b/lib/urldata.h
index f12e99b8d..22c66cd44 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -835,6 +835,7 @@ struct Curl_handler {
#define PROTOPT_WILDCARD (1<<12) /* protocol supports wildcard matching */
#define PROTOPT_USERPWDCTRL (1<<13) /* Allow "control bytes" (< 32 ascii) in
user name and password */
+#define PROTOPT_NOTCPPROXY (1<<14) /* this protocol can't proxy over TCP */
#define CONNCHECK_NONE 0 /* No checks */
#define CONNCHECK_ISDEAD (1<<0) /* Check if the connection is dead. */
--
2.33.0

17
curl.spec
View File

@ -6,7 +6,7 @@
Name: curl
Version: 7.79.1
Release: 20
Release: 21
Summary: Curl is used in command lines or scripts to transfer data
License: MIT
URL: https://curl.haxx.se/
@ -30,7 +30,6 @@ Patch15: backport-fix-configure-disable-http-auth-build-error.patch
Patch16: backport-CVE-2022-35252-cookie-reject-cookies-with-control-bytes.patch
Patch17: backport-CVE-2022-32221.patch
Patch18: backport-CVE-2022-42916.patch
Patch19: backport-CVE-2022-42915.patch
Patch20: backport-CVE-2022-43551-http-use-the-IDN-decoded-name-in-HSTS-checks.patch
Patch21: backport-CVE-2022-43552-smb-telnet-do-not-free-the-protocol-struct-in-_done.patch
Patch22: backport-0001-CVE-2023-23914-CVE-2023-23915.patch
@ -58,6 +57,14 @@ Patch43: backport-tool_getparam-repair-cleanarg.patch
Patch44: backport-tool_getparam-fix-cleanarg-for-unicode-builds.patch
Patch45: backport-getparam-correctly-clean-args.patch
Patch46: backport-tool_getparam-fix-hiding-of-command-line-secrets.patch
Patch47: backport-multi-shut-down-CONNECT-in-Curl_detach_connnection.patch
Patch48: backport-curl_easy_cleanup.3-remove-from-multi-handle-first.patch
Patch49: backport-http_proxy-make-Curl_connect_done-work-for-proxy-dis.patch
Patch50: backport-Curl_connect_done-handle-being-called-twice.patch
Patch51: backport-tftp-mark-protocol-as-not-possible-to-do-over-CONNEC.patch
Patch52: backport-test1939-require-proxy-support-to-run.patch
Patch53: backport-lib1939-make-it-endure-torture-tests.patch
Patch54: backport-CVE-2022-42915.patch
BuildRequires: automake brotli-devel coreutils gcc groff krb5-devel
BuildRequires: libidn2-devel libnghttp2-devel libpsl-devel
@ -226,6 +233,12 @@ rm -rf ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
%{_mandir}/man3/*
%changelog
* Mon Jul 03 2023 zhouyihang <zhouyihang3@h-partners.com> - 7.79.1-21
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:fix double-free when using https with tunneling proxy
* Mon Jun 19 2023 zhouyihang <zhouyihang3@h-partners.com> - 7.79.1-20
- Type:bugfix
- CVE:NA