Resolves: CVE-2022-27775 - fix bad local IPv6 connection reuse
This commit is contained in:
parent
fd4baaca6f
commit
159cab915b
|
@ -0,0 +1,40 @@
|
||||||
|
From 187d0795030ccb4f410eb6089e265ac3571e56dd Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daniel Stenberg <daniel@haxx.se>
|
||||||
|
Date: Mon, 25 Apr 2022 11:48:00 +0200
|
||||||
|
Subject: [PATCH] conncache: include the zone id in the "bundle" hashkey
|
||||||
|
|
||||||
|
Make connections to two separate IPv6 zone ids create separate
|
||||||
|
connections.
|
||||||
|
|
||||||
|
Reported-by: Harry Sintonen
|
||||||
|
Bug: https://curl.se/docs/CVE-2022-27775.html
|
||||||
|
Closes #8747
|
||||||
|
|
||||||
|
Upstream-commit: 058f98dc3fe595f21dc26a5b9b1699e519ba5705
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
lib/conncache.c | 8 ++++++--
|
||||||
|
1 file changed, 6 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/conncache.c b/lib/conncache.c
|
||||||
|
index cd5756a..9b9f683 100644
|
||||||
|
--- a/lib/conncache.c
|
||||||
|
+++ b/lib/conncache.c
|
||||||
|
@@ -155,8 +155,12 @@ static void hashkey(struct connectdata *conn, char *buf,
|
||||||
|
/* report back which name we used */
|
||||||
|
*hostp = hostname;
|
||||||
|
|
||||||
|
- /* put the number first so that the hostname gets cut off if too long */
|
||||||
|
- msnprintf(buf, len, "%ld%s", port, hostname);
|
||||||
|
+ /* put the numbers first so that the hostname gets cut off if too long */
|
||||||
|
+#ifdef ENABLE_IPV6
|
||||||
|
+ msnprintf(buf, len, "%u/%ld/%s", conn->scope_id, port, hostname);
|
||||||
|
+#else
|
||||||
|
+ msnprintf(buf, len, "%ld/%s", port, hostname);
|
||||||
|
+#endif
|
||||||
|
Curl_strntolower(buf, buf, len);
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.34.1
|
||||||
|
|
|
@ -16,6 +16,9 @@ Patch1: 0001-curl-7.82.0-openssl-spurious-oom.patch
|
||||||
# fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)
|
# fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)
|
||||||
Patch2: 0002-curl-7.82.0-CVE-2022-22576.patch
|
Patch2: 0002-curl-7.82.0-CVE-2022-22576.patch
|
||||||
|
|
||||||
|
# fix bad local IPv6 connection reuse (CVE-2022-27775)
|
||||||
|
Patch3: 0003-curl-7.82.0-CVE-2022-27775.patch
|
||||||
|
|
||||||
# patch making libcurl multilib ready
|
# patch making libcurl multilib ready
|
||||||
Patch101: 0101-curl-7.32.0-multilib.patch
|
Patch101: 0101-curl-7.32.0-multilib.patch
|
||||||
|
|
||||||
|
@ -192,6 +195,7 @@ be installed.
|
||||||
# upstream patches
|
# upstream patches
|
||||||
%patch1 -p1
|
%patch1 -p1
|
||||||
%patch2 -p1
|
%patch2 -p1
|
||||||
|
%patch3 -p1
|
||||||
|
|
||||||
# Fedora patches
|
# Fedora patches
|
||||||
%patch101 -p1
|
%patch101 -p1
|
||||||
|
@ -420,6 +424,7 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Thu Apr 28 2022 Kamil Dudka <kdudka@redhat.com> - 7.82.0-3
|
* Thu Apr 28 2022 Kamil Dudka <kdudka@redhat.com> - 7.82.0-3
|
||||||
|
- fix bad local IPv6 connection reuse (CVE-2022-27775)
|
||||||
- fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)
|
- fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)
|
||||||
|
|
||||||
* Tue Mar 15 2022 Kamil Dudka <kdudka@redhat.com> - 7.82.0-2
|
* Tue Mar 15 2022 Kamil Dudka <kdudka@redhat.com> - 7.82.0-2
|
||||||
|
|
Loading…
Reference in New Issue