-
Notifications
You must be signed in to change notification settings - Fork 549
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
cmake: Patch CVE-2024-2398 in bundled curl
- Loading branch information
1 parent
ecd289e
commit 135b927
Showing
4 changed files
with
103 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,94 @@ | ||
From c9adb2114e9d9d4a50ff273234c2a1f8518aafd1 Mon Sep 17 00:00:00 2001 | ||
From: Vince Perri <[email protected]> | ||
Date: Wed, 20 Nov 2024 22:38:53 +0000 | ||
Subject: [PATCH] http2: push headers better cleanup | ||
|
||
Original patch: https://github.com/curl/curl/commit/deca8039991886a559b67bcd6 | ||
--- | ||
Utilities/cmcurl/lib/http2.c | 34 +++++++++++++++------------------- | ||
1 file changed, 15 insertions(+), 19 deletions(-) | ||
|
||
diff --git a/Utilities/cmcurl/lib/http2.c b/Utilities/cmcurl/lib/http2.c | ||
index f194c18b..50b8cd54 100644 | ||
--- a/Utilities/cmcurl/lib/http2.c | ||
+++ b/Utilities/cmcurl/lib/http2.c | ||
@@ -116,6 +116,15 @@ static int http2_getsock(struct Curl_easy *data, | ||
return bitmap; | ||
} | ||
|
||
+static void free_push_headers(struct HTTP *stream) | ||
+{ | ||
+ size_t i; | ||
+ for(i = 0; i<stream->push_headers_used; i++) | ||
+ free(stream->push_headers[i]); | ||
+ Curl_safefree(stream->push_headers); | ||
+ stream->push_headers_used = 0; | ||
+} | ||
+ | ||
/* | ||
* http2_stream_free() free HTTP2 stream related data | ||
*/ | ||
@@ -123,11 +132,7 @@ static void http2_stream_free(struct HTTP *http) | ||
{ | ||
if(http) { | ||
Curl_dyn_free(&http->header_recvbuf); | ||
- for(; http->push_headers_used > 0; --http->push_headers_used) { | ||
- free(http->push_headers[http->push_headers_used - 1]); | ||
- } | ||
- free(http->push_headers); | ||
- http->push_headers = NULL; | ||
+ free_push_headers(http); | ||
} | ||
} | ||
|
||
@@ -559,7 +564,6 @@ static int push_promise(struct Curl_easy *data, | ||
struct curl_pushheaders heads; | ||
CURLMcode rc; | ||
struct http_conn *httpc; | ||
- size_t i; | ||
/* clone the parent */ | ||
struct Curl_easy *newhandle = duphandle(data); | ||
if(!newhandle) { | ||
@@ -595,11 +599,7 @@ static int push_promise(struct Curl_easy *data, | ||
Curl_set_in_callback(data, false); | ||
|
||
/* free the headers again */ | ||
- for(i = 0; i<stream->push_headers_used; i++) | ||
- free(stream->push_headers[i]); | ||
- free(stream->push_headers); | ||
- stream->push_headers = NULL; | ||
- stream->push_headers_used = 0; | ||
+ free_push_headers(stream); | ||
|
||
if(rv) { | ||
DEBUGASSERT((rv > CURL_PUSH_OK) && (rv <= CURL_PUSH_ERROROUT)); | ||
@@ -1033,10 +1033,10 @@ static int on_header(nghttp2_session *session, const nghttp2_frame *frame, | ||
stream->push_headers_alloc) { | ||
char **headp; | ||
stream->push_headers_alloc *= 2; | ||
- headp = Curl_saferealloc(stream->push_headers, | ||
- stream->push_headers_alloc * sizeof(char *)); | ||
+ headp = realloc(stream->push_headers, | ||
+ stream->push_headers_alloc * sizeof(char *)); | ||
if(!headp) { | ||
- stream->push_headers = NULL; | ||
+ free_push_headers(stream); | ||
return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE; | ||
} | ||
stream->push_headers = headp; | ||
@@ -1204,11 +1204,7 @@ void Curl_http2_done(struct Curl_easy *data, bool premature) | ||
Curl_dyn_free(&http->trailer_recvbuf); | ||
if(http->push_headers) { | ||
/* if they weren't used and then freed before */ | ||
- for(; http->push_headers_used > 0; --http->push_headers_used) { | ||
- free(http->push_headers[http->push_headers_used - 1]); | ||
- } | ||
- free(http->push_headers); | ||
- http->push_headers = NULL; | ||
+ free_push_headers(http); | ||
} | ||
|
||
if(!(data->conn->handler->protocol&PROTO_FAMILY_HTTP) || | ||
-- | ||
2.34.1 | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,7 +2,7 @@ | |
Summary: Cmake | ||
Name: cmake | ||
Version: 3.21.4 | ||
Release: 13%{?dist} | ||
Release: 14%{?dist} | ||
License: BSD AND LGPLv2+ | ||
Vendor: Microsoft Corporation | ||
Distribution: Mariner | ||
|
@@ -29,6 +29,7 @@ Patch14: CVE-2023-27538.patch | |
Patch15: CVE-2023-27535.patch | ||
Patch16: CVE-2023-23916.patch | ||
Patch17: CVE-2023-46218.patch | ||
Patch18: CVE-2024-2398.patch | ||
BuildRequires: bzip2 | ||
BuildRequires: bzip2-devel | ||
BuildRequires: curl | ||
|
@@ -94,6 +95,9 @@ bin/ctest --force-new-ctest-process --rerun-failed --output-on-failure | |
%{_prefix}/doc/%{name}-*/* | ||
|
||
%changelog | ||
* Tue Nov 19 2024 Vince Perri <[email protected]> - 3.21.4-14 | ||
- Patch CVE-2024-2398 (bundled curl). | ||
|
||
* Thu Nov 14 2024 Sharath Srikanth Chellappa <[email protected]> - 3.21.4-13 | ||
- Patch CVE-2022-43552, CVE-2023-27536, CVE-2023-27535, CVE-2023-27538, CVE-2023-23916 and CVE-2023-46218. | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters