packages/curl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

backport some patches from community

Browse Source 
(cherry picked from commit aafd63f8c81379df9a6075bd69d21829723fa1f0)
This commit is contained in:
sherlock2010 2024-06-24 10:35:27 +00:00 committed by openeuler-sync-bot
parent 5166adffba
commit 7a1d9162b4
7 changed files with 332 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
backport-libssh2-set-length-to-0-if-strdup-failed.patch Normal file
View File

@ -0,0 +1,31 @@
From 6f3204820052263f488f86e02c206e1d24c4da2c Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Thu, 28 Mar 2024 00:38:09 +0100
Subject: [PATCH] libssh2: set length to 0 if strdup failed
Internally, libssh2 dereferences the NULL pointer if length is non-zero.
The callback function cannot return the error condition, so at least
prevent subsequent crash.
Closes #13213
Conflict:NA
Reference:https://github.com/curl/curl/commit/6f3204820052263f488f86e02c206e1d24c4da2c
---
lib/vssh/libssh2.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lib/vssh/libssh2.c b/lib/vssh/libssh2.c
index 3cfbe126c69df3..7d8d5f46571e9f 100644
--- a/lib/vssh/libssh2.c
+++ b/lib/vssh/libssh2.c
@@ -201,7 +201,8 @@ kbd_callback(const char *name, int name_len, const char *instruction,
if(num_prompts == 1) {
struct connectdata *conn = data->conn;
responses[0].text = strdup(conn->passwd);
- responses[0].length = curlx_uztoui(strlen(conn->passwd));
+ responses[0].length =
+ responses[0].text == NULL ? 0 : curlx_uztoui(strlen(conn->passwd));
}
(void)prompts;
} /* kbd_callback */

46
backport-multi-avoid-memory-leak-risk.patch Normal file
View File

@ -0,0 +1,46 @@
From 3572dd65bb233fc2720634804312192e3bdf4adf Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 25 Apr 2024 09:52:51 +0200
Subject: [PATCH] multi: avoid memory-leak risk
'newurl' is allocated in some conditions and used in a few scenarios,
but there were theoretical combinations in which it would not get freed.
Move the free to happen unconditionally. Never triggered by tests, but
spotted by Coverity.
Closes #13471
Conflict:Context adapt
Reference:https://github.com/curl/curl/commit/3572dd65bb233fc2720634804312192e3bdf4adf
---
lib/multi.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/lib/multi.c b/lib/multi.c
index fb98d80639f3b7..7e7590d60f8bcb 100644
--- a/lib/multi.c
+++ b/lib/multi.c
@@ -2530,7 +2530,6 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
multistate(data, MSTATE_CONNECT);
rc = CURLM_CALL_MULTI_PERFORM;
}
- free(newurl);
}
else {
/* after the transfer is done, go DONE */
@@ -2542,7 +2541,6 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
newurl = data->req.location;
data->req.location = NULL;
result = Curl_follow(data, newurl, FOLLOW_FAKE);
- free(newurl);
if(result) {
stream_error = TRUE;
result = multi_done(data, result, TRUE);
@@ -2561,6 +2559,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
Curl_expire(data, 0, EXPIRE_RUN_NOW);
rc = CURLM_OK;
}
+ free(newurl);
break;
}

37
backport-openldap-create-ldap-URLs-correctly-for-IPv6-addresses.patch Normal file
View File

@ -0,0 +1,37 @@
From 56935a7dada6975d5a46aa494de0af195e4e8659 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Sat, 30 Mar 2024 11:14:54 +0100
Subject: [PATCH] openldap: create ldap URLs correctly for IPv6 addresses
Reported-by: Sergio Durigan Junior
Fixes #13228
Closes #13235
Conflict:hosturl = aprintf("%s://%s%s%s:%d", conn->handler->scheme, conn->bits.ipv6_ip? "[": "", conn->host.name, conn->bits.ipv6_ip? "]": "", conn->remote_port); => msnprintf(ptr, sizeof(hosturl)-(ptr-hosturl), "://%s%s%s:%d", conn->bits.ipv6_ip? "[": "", conn->host.name, conn->bits.ipv6_ip? "]": "", conn->remote_port);
Context adapt
Reference:https://github.com/curl/curl/commit/56935a7dada6975d5a46aa494de0af195e4e8659
---
lib/openldap.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/lib/openldap.c b/lib/openldap.c
index fb5e743..a3e81ea 100644
--- a/lib/openldap.c
+++ b/lib/openldap.c
@@ -223,8 +223,11 @@ static CURLcode oldap_connect(struct Curl_easy *data, bool *done)
ptr = hosturl + 4;
if(conn->handler->flags & PROTOPT_SSL)
*ptr++ = 's';
- msnprintf(ptr, sizeof(hosturl)-(ptr-hosturl), "://%s:%d",
- conn->host.name, conn->remote_port);
+ msnprintf(ptr, sizeof(hosturl)-(ptr-hosturl), "://%s%s%s:%d",
+ conn->bits.ipv6_ip? "[": "",
+ conn->host.name,
+ conn->bits.ipv6_ip? "]": "",
+ conn->remote_port);
#ifdef CURL_OPENLDAP_DEBUG
static int do_trace = 0;
--
2.33.0

102
backport-paramhlp-fix-CRLF-stripping-files-with-d-file.patch Normal file
View File

@ -0,0 +1,102 @@
From 923f7f8ce51b7f2f20282883cdafeb283310f3d9 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 6 Mar 2024 15:39:09 +0100
Subject: [PATCH] paramhlp: fix CRLF-stripping files with "-d @file"
All CR and LF bytes should be stripped, as documented, and all other
bytes are inluded in the data. Starting now, it also excludes null bytes
as they would otherwise also cut the data short.
Reported-by: Simon K
Fixes #13063
Closes #13064
Conflict:remove change of docs/cmdline-opts/data.md which is not exist
return PARAM_READ_ERROR => return PARAM_NO_MEM
Context adapt
Reference:https://github.com/curl/curl/commit/923f7f8ce51b7f2f20282883cdafeb283310f3d9
---
src/tool_paramhlp.c | 59 +++++++++++++++++++++++++++++++--------
1 files changed, 51 insertions(+), 12 deletions(-)
diff --git a/src/tool_paramhlp.c b/src/tool_paramhlp.c
index 2725815000dc95..c26f6bbefd775c 100644
--- a/src/tool_paramhlp.c
+++ b/src/tool_paramhlp.c
@@ -63,6 +63,33 @@ struct getout *new_getout(struct OperationConfig *config)
return node;
}
+#define ISCRLF(x) (((x) == '\r') || ((x) == '\n') || ((x) == '\0'))
+
+/* memcrlf() has two modes. Both operate on a given memory area with
+ a specified size.
+
+ countcrlf FALSE - return number of bytes from the start that DO NOT include
+ any CR or LF or NULL
+
+ countcrlf TRUE - return number of bytes from the start that are ONLY CR or
+ LF or NULL.
+
+*/
+static size_t memcrlf(char *orig,
+ bool countcrlf, /* TRUE if we count CRLF, FALSE
+ if we count non-CRLF */
+ size_t max)
+{
+ char *ptr = orig;
+ size_t total = max;
+ for(ptr = orig; max; max--, ptr++) {
+ bool crlf = ISCRLF(*ptr);
+ if(countcrlf ^ crlf)
+ return ptr - orig;
+ }
+ return total; /* no delimiter found */
+}
+
#define MAX_FILE2STRING (256*1024*1024) /* big enough ? */
ParameterError file2string(char **bufp, FILE *file)
@@ -71,18 +98,30 @@ ParameterError file2string(char **bufp, FILE *file)
struct curlx_dynbuf dyn;
curlx_dyn_init(&dyn, MAX_FILE2STRING);
if(file) {
- char buffer[256];
-
- while(fgets(buffer, sizeof(buffer), file)) {
- char *ptr = strchr(buffer, '\r');
- if(ptr)
- *ptr = '\0';
- ptr = strchr(buffer, '\n');
- if(ptr)
- *ptr = '\0';
- if(curlx_dyn_add(&dyn, buffer))
- return PARAM_NO_MEM;
- }
+ do {
+ char buffer[4096];
+ char *ptr;
+ size_t nread = fread(buffer, 1, sizeof(buffer), file);
+ if(ferror(file)) {
+ curlx_dyn_free(&dyn);
+ *bufp = NULL;
+ return PARAM_NO_MEM;
+ }
+ ptr = buffer;
+ while(nread) {
+ size_t nlen = memcrlf(ptr, FALSE, nread);
+ if(curlx_dyn_addn(&dyn, ptr, nlen))
+ return PARAM_NO_MEM;
+ nread -= nlen;
+
+ if(nread) {
+ ptr += nlen;
+ nlen = memcrlf(ptr, TRUE, nread);
+ ptr += nlen;
+ nread -= nlen;
+ }
+ }
+ } while(!feof(file));
}
*bufp = curlx_dyn_ptr(&dyn);
return PARAM_OK;

70
backport-tool_cb_rea-limit-rate-unpause-for-T-.-uploads.patch Normal file
View File

@ -0,0 +1,70 @@
From 5f4aaf8b66ef04208c1c2121d4b780c792303f32 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 30 Apr 2024 11:07:28 +0200
Subject: [PATCH] tool_cb_rea: limit rate unpause for -T . uploads
To avoid getting stuck in a busy-loop when nothing is read from stdin,
this function now checks the call rate and might enforce a short sleep
when called repeatedly without uploading anything. It is a crude
work-around to avoid a 100% busy CPU.
Reported-by: magisterquis on hackerone
Fixes #13174
Closes #13506
Conflict:Context adapt
add #include "tool_util.h" for tvdiff
Reference:https://github.com/curl/curl/commit/5f4aaf8b66ef04208c1c2121d4b780c792303f32
---
src/tool_cb_rea.c | 31 ++++++++++++++++++++++++++++--
1 file changed, 29 insertions(+), 2 deletions(-)
diff --git a/src/tool_cb_rea.c b/src/tool_cb_rea.c
index 8cb5bbe8ac1d11..961dd113bc519d 100644
--- a/src/tool_cb_rea.c
+++ b/src/tool_cb_rea.c
@@ -36,6 +36,8 @@
#include "tool_cfgable.h"
#include "tool_cb_rea.h"
#include "tool_operate.h"
+#include "tool_util.h"
+#include "tool_sleep.h"
#include "memdebug.h" /* keep this as LAST include */
@@ -124,8 +125,33 @@ int tool_readbusy_cb(void *clientp,
(void)ulnow; /* unused */
if(config->readbusy) {
- config->readbusy = FALSE;
- curl_easy_pause(per->curl, CURLPAUSE_CONT);
+ /* lame code to keep the rate down because the input might not deliver
+ anything, get paused again and come back here immediately */
+ static long rate = 500;
+ static struct timeval prev;
+ static curl_off_t ulprev;
+
+ if(ulprev == ulnow) {
+ /* it did not upload anything since last call */
+ struct timeval now = tvnow();
+ if(prev.tv_sec)
+ /* get a rolling average rate */
+ /* rate = rate - rate/4 + tvdiff(now, prev)/4; */
+ rate -= rate/4 - tvdiff(now, prev)/4;
+ prev = now;
+ }
+ else {
+ rate = 50;
+ ulprev = ulnow;
+ }
+ if(rate >= 50) {
+ /* keeps the looping down to 20 times per second in the crazy case */
+ config->readbusy = FALSE;
+ curl_easy_pause(per->curl, CURLPAUSE_CONT);
+ }
+ else
+ /* sleep half a period */
+ tool_go_sleep(25);
}
return per->noprogress? 0 : CURL_PROGRESSFUNC_CONTINUE;

28
backport-tool_cfgable-free-proxy_-cipher13_list-on-exit.patch Normal file
View File

@ -0,0 +1,28 @@
From 87d14e77b7d59a961eb56500017c0580f89f252b Mon Sep 17 00:00:00 2001
From: Jan Venekamp <1422460+jan2000@users.noreply.github.com>
Date: Sat, 4 May 2024 03:05:51 +0200
Subject: [PATCH] tool_cfgable: free {proxy_}cipher13_list on exit
Author: Jan Venekamp
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Closes: #13531
Conflict:NA
Reference:https://github.com/curl/curl/commit/87d14e77b7d59a961eb56500017c0580f89f252b
---
src/tool_cfgable.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/tool_cfgable.c b/src/tool_cfgable.c
index bb271583263db3..5564e250d33782 100644
--- a/src/tool_cfgable.c
+++ b/src/tool_cfgable.c
@@ -114,6 +114,8 @@ static void free_config_fields(struct OperationConfig *config)
Curl_safefree(config->doh_url);
Curl_safefree(config->cipher_list);
Curl_safefree(config->proxy_cipher_list);
+ Curl_safefree(config->cipher13_list);
+ Curl_safefree(config->proxy_cipher13_list);
Curl_safefree(config->cert);
Curl_safefree(config->proxy_cert);
Curl_safefree(config->cert_type);

19
curl.spec
View File

@ -6,7 +6,7 @@
Name: curl
Version: 7.79.1
Release: 28
Release: 29
Summary: Curl is used in command lines or scripts to transfer data
License: MIT
URL: https://curl.haxx.se/
@ -97,6 +97,12 @@ Patch83: backport-urlapi-make-sure-zoneid-is-also-duplicated-in-curl_u.pa
Patch84: backport-transfer-also-stop-the-sending-on-closed-connection.patch
Patch85: backport-openssl-avoid-BN_num_bits-NULL-pointer-derefs.patch
Patch86: backport-CVE-2024-2398.patch
Patch87: backport-paramhlp-fix-CRLF-stripping-files-with-d-file.patch
Patch88: backport-libssh2-set-length-to-0-if-strdup-failed.patch
Patch89: backport-openldap-create-ldap-URLs-correctly-for-IPv6-addresses.patch
Patch90: backport-multi-avoid-memory-leak-risk.patch
Patch91: backport-tool_cb_rea-limit-rate-unpause-for-T-.-uploads.patch
Patch92: backport-tool_cfgable-free-proxy_-cipher13_list-on-exit.patch
BuildRequires: automake brotli-devel coreutils gcc groff krb5-devel
BuildRequires: libidn2-devel libnghttp2-devel libpsl-devel
@ -265,6 +271,17 @@ rm -rf ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
%{_mandir}/man3/*
%changelog
* Mon Jun 24 2024 zhouyihang <zhouyihang3@h-partners.com> - 7.79.1-29
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:paramhlp: fix CRLF-stripping files with "-d @file"
libssh2: set length to 0 if strdup failed
openldap: create ldap URLs correctly for IPv6 addresses
multi: avoid memory-leak risk
tool_cb_rea: limit rate unpause for -T . uploads
tool_cfgable: free {proxy_}cipher13_list on exit
* Fri Mar 29 2024 zhouyihang <zhouyihang3@h-partners.com> - 7.79.1-28
- Type:CVE
- CVE:CVE-2024-2398