Resolves: CVE-2022-32208 - fix FTP-KRB bad message verification
This commit is contained in:
parent
c637ed663b
commit
424d9c193f
70
0010-curl-7.82.0-CVE-2022-32208.patch
Normal file
70
0010-curl-7.82.0-CVE-2022-32208.patch
Normal file
@ -0,0 +1,70 @@
|
|||||||
|
From d36661703e16bd740a3a928041b1e697a6617b98 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daniel Stenberg <daniel@haxx.se>
|
||||||
|
Date: Thu, 9 Jun 2022 09:27:24 +0200
|
||||||
|
Subject: [PATCH] krb5: return error properly on decode errors
|
||||||
|
|
||||||
|
Bug: https://curl.se/docs/CVE-2022-32208.html
|
||||||
|
CVE-2022-32208
|
||||||
|
Reported-by: Harry Sintonen
|
||||||
|
Closes #9051
|
||||||
|
|
||||||
|
Upstream-commit: 6ecdf5136b52af747e7bda08db9a748256b1cd09
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
lib/krb5.c | 18 +++++++++++-------
|
||||||
|
1 file changed, 11 insertions(+), 7 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/krb5.c b/lib/krb5.c
|
||||||
|
index 787137c..6f9e1f7 100644
|
||||||
|
--- a/lib/krb5.c
|
||||||
|
+++ b/lib/krb5.c
|
||||||
|
@@ -140,11 +140,8 @@ krb5_decode(void *app_data, void *buf, int len,
|
||||||
|
enc.value = buf;
|
||||||
|
enc.length = len;
|
||||||
|
maj = gss_unwrap(&min, *context, &enc, &dec, NULL, NULL);
|
||||||
|
- if(maj != GSS_S_COMPLETE) {
|
||||||
|
- if(len >= 4)
|
||||||
|
- strcpy(buf, "599 ");
|
||||||
|
+ if(maj != GSS_S_COMPLETE)
|
||||||
|
return -1;
|
||||||
|
- }
|
||||||
|
|
||||||
|
memcpy(buf, dec.value, dec.length);
|
||||||
|
len = curlx_uztosi(dec.length);
|
||||||
|
@@ -506,6 +503,7 @@ static CURLcode read_data(struct connectdata *conn,
|
||||||
|
{
|
||||||
|
int len;
|
||||||
|
CURLcode result;
|
||||||
|
+ int nread;
|
||||||
|
|
||||||
|
result = socket_read(fd, &len, sizeof(len));
|
||||||
|
if(result)
|
||||||
|
@@ -514,7 +512,10 @@ static CURLcode read_data(struct connectdata *conn,
|
||||||
|
if(len) {
|
||||||
|
/* only realloc if there was a length */
|
||||||
|
len = ntohl(len);
|
||||||
|
- buf->data = Curl_saferealloc(buf->data, len);
|
||||||
|
+ if(len > CURL_MAX_INPUT_LENGTH)
|
||||||
|
+ len = 0;
|
||||||
|
+ else
|
||||||
|
+ buf->data = Curl_saferealloc(buf->data, len);
|
||||||
|
}
|
||||||
|
if(!len || !buf->data)
|
||||||
|
return CURLE_OUT_OF_MEMORY;
|
||||||
|
@@ -522,8 +523,11 @@ static CURLcode read_data(struct connectdata *conn,
|
||||||
|
result = socket_read(fd, buf->data, len);
|
||||||
|
if(result)
|
||||||
|
return result;
|
||||||
|
- buf->size = conn->mech->decode(conn->app_data, buf->data, len,
|
||||||
|
- conn->data_prot, conn);
|
||||||
|
+ nread = conn->mech->decode(conn->app_data, buf->data, len,
|
||||||
|
+ conn->data_prot, conn);
|
||||||
|
+ if(nread < 0)
|
||||||
|
+ return CURLE_RECV_ERROR;
|
||||||
|
+ buf->size = (size_t)nread;
|
||||||
|
buf->index = 0;
|
||||||
|
return CURLE_OK;
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.35.3
|
||||||
|
|
@ -1,7 +1,7 @@
|
|||||||
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
||||||
Name: curl
|
Name: curl
|
||||||
Version: 7.82.0
|
Version: 7.82.0
|
||||||
Release: 5%{?dist}
|
Release: 6%{?dist}
|
||||||
License: MIT
|
License: MIT
|
||||||
Source0: https://curl.se/download/%{name}-%{version}.tar.xz
|
Source0: https://curl.se/download/%{name}-%{version}.tar.xz
|
||||||
Source1: https://curl.se/download/%{name}-%{version}.tar.xz.asc
|
Source1: https://curl.se/download/%{name}-%{version}.tar.xz.asc
|
||||||
@ -37,6 +37,9 @@ Patch8: 0008-curl-7.82.0-CVE-2022-27779.patch
|
|||||||
# fix too eager reuse of TLS and SSH connections (CVE-2022-27782)
|
# fix too eager reuse of TLS and SSH connections (CVE-2022-27782)
|
||||||
Patch9: 0009-curl-7.82.0-CVE-2022-27782.patch
|
Patch9: 0009-curl-7.82.0-CVE-2022-27782.patch
|
||||||
|
|
||||||
|
# fix FTP-KRB bad message verification (CVE-2022-32208)
|
||||||
|
Patch10: 0010-curl-7.82.0-CVE-2022-32208.patch
|
||||||
|
|
||||||
# patch making libcurl multilib ready
|
# patch making libcurl multilib ready
|
||||||
Patch101: 0101-curl-7.32.0-multilib.patch
|
Patch101: 0101-curl-7.32.0-multilib.patch
|
||||||
|
|
||||||
@ -220,6 +223,7 @@ be installed.
|
|||||||
%patch7 -p1
|
%patch7 -p1
|
||||||
%patch8 -p1
|
%patch8 -p1
|
||||||
%patch9 -p1
|
%patch9 -p1
|
||||||
|
%patch10 -p1
|
||||||
|
|
||||||
# Fedora patches
|
# Fedora patches
|
||||||
%patch101 -p1
|
%patch101 -p1
|
||||||
@ -447,6 +451,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
|
|||||||
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
|
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Jun 29 2022 Kamil Dudka <kdudka@redhat.com> - 7.82.0-6
|
||||||
|
- fix FTP-KRB bad message verification (CVE-2022-32208)
|
||||||
|
|
||||||
* Wed May 11 2022 Kamil Dudka <kdudka@redhat.com> - 7.82.0-5
|
* Wed May 11 2022 Kamil Dudka <kdudka@redhat.com> - 7.82.0-5
|
||||||
- fix too eager reuse of TLS and SSH connections (CVE-2022-27782)
|
- fix too eager reuse of TLS and SSH connections (CVE-2022-27782)
|
||||||
- do not accept cookies for TLD with trailing dot (CVE-2022-27779)
|
- do not accept cookies for TLD with trailing dot (CVE-2022-27779)
|
||||||
|
Loading…
Reference in New Issue
Block a user