-
Notifications
You must be signed in to change notification settings - Fork 546
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Patch for CVE-2023-27538 and CVE-2023-27535 - v2
- Loading branch information
Sharath Srikanth Chellappa
committed
Nov 13, 2024
1 parent
2ec88d1
commit e074bb0
Showing
2 changed files
with
199 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,170 @@ | ||
| From f1c9ae1e195f93a5d46434b067d17a60867d0f6a Mon Sep 17 00:00:00 2001 | ||
| From: Sharath Srikanth Chellappa <[email protected]> | ||
| Date: Wed, 13 Nov 2024 14:18:44 -0800 | ||
| Subject: [PATCH] Patch for CVE-2023-27535 | ||
|
|
||
| Upstream patch: https://github.com/curl/curl/commit/8f4608468b890dc | ||
|
|
||
| --- | ||
| Utilities/cmcurl/lib/ftp.c | 30 ++++++++++++++++++++++++++++-- | ||
| Utilities/cmcurl/lib/ftp.h | 5 +++++ | ||
| Utilities/cmcurl/lib/setopt.c | 1 + | ||
| Utilities/cmcurl/lib/url.c | 16 +++++++++++++++- | ||
| Utilities/cmcurl/lib/urldata.h | 4 ++-- | ||
| 5 files changed, 51 insertions(+), 5 deletions(-) | ||
|
|
||
| diff --git a/Utilities/cmcurl/lib/ftp.c b/Utilities/cmcurl/lib/ftp.c | ||
| index 425b0afec6..5839296ec2 100644 | ||
| --- a/Utilities/cmcurl/lib/ftp.c | ||
| +++ b/Utilities/cmcurl/lib/ftp.c | ||
| @@ -4084,6 +4084,8 @@ static CURLcode ftp_disconnect(struct Curl_easy *data, | ||
| } | ||
|
|
||
| freedirs(ftpc); | ||
| + Curl_safefree(ftpc->account); | ||
| + Curl_safefree(ftpc->alternative_to_user); | ||
| Curl_safefree(ftpc->prevpath); | ||
| Curl_safefree(ftpc->server_os); | ||
| Curl_pp_disconnect(pp); | ||
| @@ -4108,6 +4110,7 @@ CURLcode ftp_parse_url_path(struct Curl_easy *data) | ||
| const char *slashPos = NULL; | ||
| const char *fileName = NULL; | ||
| CURLcode result = CURLE_OK; | ||
| + struct ftp_conn *ftpc = &conn->proto.ftpc; | ||
| char *rawPath = NULL; /* url-decoded "raw" path */ | ||
| size_t pathLen = 0; | ||
|
|
||
| @@ -4344,11 +4347,32 @@ static CURLcode ftp_setup_connection(struct Curl_easy *data, | ||
| { | ||
| char *type; | ||
| struct FTP *ftp; | ||
| + CURLcode result = CURLE_OK; | ||
| + struct ftp_conn *ftpc = &conn->proto.ftpc; | ||
|
|
||
| - data->req.p.ftp = ftp = calloc(sizeof(struct FTP), 1); | ||
| + ftp = calloc(sizeof(struct FTP), 1); | ||
| if(NULL == ftp) | ||
| return CURLE_OUT_OF_MEMORY; | ||
|
|
||
| + /* clone connection related data that is FTP specific */ | ||
| + if(data->set.str[STRING_FTP_ACCOUNT]) { | ||
| + ftpc->account = strdup(data->set.str[STRING_FTP_ACCOUNT]); | ||
| + if(!ftpc->account) { | ||
| + free(ftp); | ||
| + return CURLE_OUT_OF_MEMORY; | ||
| + } | ||
| + } | ||
| + if(data->set.str[STRING_FTP_ALTERNATIVE_TO_USER]) { | ||
| + ftpc->alternative_to_user = | ||
| + strdup(data->set.str[STRING_FTP_ALTERNATIVE_TO_USER]); | ||
| + if(!ftpc->alternative_to_user) { | ||
| + Curl_safefree(ftpc->account); | ||
| + free(ftp); | ||
| + return CURLE_OUT_OF_MEMORY; | ||
| + } | ||
| + } | ||
| + data->req.p.ftp = ftp; | ||
| + | ||
| ftp->path = &data->state.up.path[1]; /* don't include the initial slash */ | ||
|
|
||
| /* FTP URLs support an extension like ";type=<typecode>" that | ||
| @@ -4383,7 +4407,9 @@ static CURLcode ftp_setup_connection(struct Curl_easy *data, | ||
| /* get some initial data into the ftp struct */ | ||
| ftp->transfer = PPTRANSFER_BODY; | ||
| ftp->downloadsize = 0; | ||
| - conn->proto.ftpc.known_filesize = -1; /* unknown size for now */ | ||
| + ftpc->known_filesize = -1; /* unknown size for now */ | ||
| + ftpc->use_ssl = data->set.use_ssl; | ||
| + ftpc->ccc = data->set.ftp_ccc; | ||
|
|
||
| return CURLE_OK; | ||
| } | ||
| diff --git a/Utilities/cmcurl/lib/ftp.h b/Utilities/cmcurl/lib/ftp.h | ||
| index 1cfdac0851..afca25b469 100644 | ||
| --- a/Utilities/cmcurl/lib/ftp.h | ||
| +++ b/Utilities/cmcurl/lib/ftp.h | ||
| @@ -115,6 +115,8 @@ struct FTP { | ||
| struct */ | ||
| struct ftp_conn { | ||
| struct pingpong pp; | ||
| + char *account; | ||
| + char *alternative_to_user; | ||
| char *entrypath; /* the PWD reply when we logged on */ | ||
| char *file; /* url-decoded file name (or path) */ | ||
| char **dirs; /* realloc()ed array for path components */ | ||
| @@ -144,6 +146,9 @@ struct ftp_conn { | ||
| ftpstate state; /* always use ftp.c:state() to change state! */ | ||
| ftpstate state_saved; /* transfer type saved to be reloaded after | ||
| data connection is established */ | ||
| + unsigned char use_ssl; /* if AUTH TLS is to be attempted etc, for FTP or | ||
| + IMAP or POP3 or others! (type: curl_usessl)*/ | ||
| + unsigned char ccc; /* ccc level for this connection */ | ||
| curl_off_t retr_size_saved; /* Size of retrieved file saved */ | ||
| char *server_os; /* The target server operating system. */ | ||
| curl_off_t known_filesize; /* file size is different from -1, if wildcard | ||
| diff --git a/Utilities/cmcurl/lib/setopt.c b/Utilities/cmcurl/lib/setopt.c | ||
| index fb8b86d474..10c6872bb3 100644 | ||
| --- a/Utilities/cmcurl/lib/setopt.c | ||
| +++ b/Utilities/cmcurl/lib/setopt.c | ||
| @@ -2307,6 +2307,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) | ||
| if((arg < CURLUSESSL_NONE) || (arg >= CURLUSESSL_LAST)) | ||
| return CURLE_BAD_FUNCTION_ARGUMENT; | ||
| data->set.use_ssl = (curl_usessl)arg; | ||
| + data->set.use_ssl = (unsigned char)arg; | ||
| break; | ||
|
|
||
| case CURLOPT_SSL_OPTIONS: | ||
| diff --git a/Utilities/cmcurl/lib/url.c b/Utilities/cmcurl/lib/url.c | ||
| index ca40322504..e00c56300b 100644 | ||
| --- a/Utilities/cmcurl/lib/url.c | ||
| +++ b/Utilities/cmcurl/lib/url.c | ||
| @@ -1334,10 +1334,24 @@ ConnectionExists(struct Curl_easy *data, | ||
| (data->state.httpwant < CURL_HTTP_VERSION_2_0)) | ||
| continue; | ||
|
|
||
| - if(get_protocol_family(needle->handler) & PROTO_FAMILY_SSH) { | ||
| +#ifdef USE_SSH | ||
| + else if(get_protocol_family(needle->handler) & PROTO_FAMILY_SSH) { | ||
| if(!ssh_config_matches(needle, check)) | ||
| continue; | ||
| } | ||
| +#endif | ||
| +#ifndef CURL_DISABLE_FTP | ||
| + else if(get_protocol_family(needle->handler) & PROTO_FAMILY_FTP) { | ||
| + /* Also match ACCOUNT, ALTERNATIVE-TO-USER, USE_SSL and CCC options */ | ||
| + if(Curl_timestrcmp(needle->proto.ftpc.account, | ||
| + check->proto.ftpc.account) || | ||
| + Curl_timestrcmp(needle->proto.ftpc.alternative_to_user, | ||
| + check->proto.ftpc.alternative_to_user) || | ||
| + (needle->proto.ftpc.use_ssl != check->proto.ftpc.use_ssl) || | ||
| + (needle->proto.ftpc.ccc != check->proto.ftpc.ccc)) | ||
| + continue; | ||
| + } | ||
| +#endif | ||
|
|
||
| if((needle->handler->flags&PROTOPT_SSL) | ||
| #ifndef CURL_DISABLE_PROXY | ||
| diff --git a/Utilities/cmcurl/lib/urldata.h b/Utilities/cmcurl/lib/urldata.h | ||
| index 365b6821b1..ef3a58e55a 100644 | ||
| --- a/Utilities/cmcurl/lib/urldata.h | ||
| +++ b/Utilities/cmcurl/lib/urldata.h | ||
| @@ -1729,8 +1729,6 @@ struct UserDefined { | ||
| void *ssh_keyfunc_userp; /* custom pointer to callback */ | ||
| enum CURL_NETRC_OPTION | ||
| use_netrc; /* defined in include/curl.h */ | ||
| - curl_usessl use_ssl; /* if AUTH TLS is to be attempted etc, for FTP or | ||
| - IMAP or POP3 or others! */ | ||
| long new_file_perms; /* Permissions to use when creating remote files */ | ||
| long new_directory_perms; /* Permissions to use when creating remote dirs */ | ||
| long ssh_auth_types; /* allowed SSH auth types */ | ||
| @@ -1773,6 +1771,8 @@ struct UserDefined { | ||
| CURLU *uh; /* URL handle for the current parsed URL */ | ||
| void *trailer_data; /* pointer to pass to trailer data callback */ | ||
| curl_trailer_callback trailer_callback; /* trailing data callback */ | ||
| + unsigned char use_ssl; /* if AUTH TLS is to be attempted etc, for FTP or | ||
| + IMAP or POP3 or others! (type: curl_usessl)*/ | ||
| BIT(is_fread_set); /* has read callback been set to non-NULL? */ | ||
| BIT(is_fwrite_set); /* has write callback been set to non-NULL? */ | ||
| BIT(free_referer); /* set TRUE if 'referer' points to a string we | ||
| -- | ||
| 2.45.2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| From 89e90fece52aa6abbf96ac84477ea82d9c12a6ef Mon Sep 17 00:00:00 2001 | ||
| From: Sharath Srikanth Chellappa <[email protected]> | ||
| Date: Wed, 13 Nov 2024 13:29:57 -0800 | ||
| Subject: [PATCH] Patch for CVE-2023-27538 | ||
|
|
||
| Upstream Patch: https://github.com/curl/curl/commit/af369db4d3833272b8ed | ||
|
|
||
| --- | ||
| Utilities/cmcurl/lib/url.c | 5 +++++ | ||
| 1 file changed, 5 insertions(+) | ||
|
|
||
| diff --git a/Utilities/cmcurl/lib/url.c b/Utilities/cmcurl/lib/url.c | ||
| index 4ab389af48..ca40322504 100644 | ||
| --- a/Utilities/cmcurl/lib/url.c | ||
| +++ b/Utilities/cmcurl/lib/url.c | ||
| @@ -1334,6 +1334,11 @@ ConnectionExists(struct Curl_easy *data, | ||
| (data->state.httpwant < CURL_HTTP_VERSION_2_0)) | ||
| continue; | ||
|
|
||
| + if(get_protocol_family(needle->handler) & PROTO_FAMILY_SSH) { | ||
| + if(!ssh_config_matches(needle, check)) | ||
| + continue; | ||
| + } | ||
| + | ||
| if((needle->handler->flags&PROTOPT_SSL) | ||
| #ifndef CURL_DISABLE_PROXY | ||
| || !needle->bits.httpproxy || needle->bits.tunnel_proxy | ||
| -- | ||
| 2.45.2 |