Resolves: CVE-2016-5421 - fix use of connection struct after free
This commit is contained in:
Kamil Dudka
parent
fb0bc4b8e6
commit
8288db1fc2
|
|
@ -0,0 +1,34 @@
|
|||
From 93b8ffb630b62fedaef04a0d7674a89fe367bb22 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Sun, 31 Jul 2016 01:09:04 +0200
|
||||
Subject: [PATCH] curl_multi_cleanup: clear connection pointer for easy handles
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
CVE-2016-5421
|
||||
Bug: https://curl.haxx.se/docs/adv_20160803C.html
|
||||
Reported-by: Marcelo Echeverria and Fernando Muñoz
|
||||
|
||||
Upstream-commit: 75dc096e01ef1e21b6c57690d99371dedb2c0b80
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
lib/multi.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/lib/multi.c b/lib/multi.c
|
||||
index 069412d..89ea625 100644
|
||||
--- a/lib/multi.c
|
||||
+++ b/lib/multi.c
|
||||
@@ -1869,6 +1869,8 @@ static void close_all_connections(struct Curl_multi *multi)
|
||||
conn->data = multi->closure_handle;
|
||||
|
||||
sigpipe_ignore(conn->data, &pipe_st);
|
||||
+ conn->data->easy_conn = NULL; /* clear the easy handle's connection
|
||||
+ pointer */
|
||||
/* This will remove the connection from the cache */
|
||||
(void)Curl_disconnect(conn, FALSE);
|
||||
sigpipe_restore(&pipe_st);
|
||||
--
|
||||
2.5.5
|
||||
|
||||
11
curl.spec
11
curl.spec
|
|
@ -1,7 +1,7 @@
|
|||
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
||||
Name: curl
|
||||
Version: 7.47.1
|
||||
Release: 5%{?dist}
|
||||
Release: 6%{?dist}
|
||||
License: MIT
|
||||
Group: Applications/Internet
|
||||
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
|
||||
|
|
@ -13,6 +13,9 @@ Patch1: 0001-curl-7.47.1-psl-localhost.patch
|
|||
# fix SIGSEGV of the curl tool while parsing URL with too many globs (#1340757)
|
||||
Patch7: 0007-curl-7.49.1-urlglob.patch
|
||||
|
||||
# fix use of connection struct after free (CVE-2016-5421)
|
||||
Patch8: 0008-curl-7.47.1-CVE-2016-5421.patch
|
||||
|
||||
# patch making libcurl multilib ready
|
||||
Patch101: 0101-curl-7.32.0-multilib.patch
|
||||
|
||||
|
|
@ -126,6 +129,7 @@ documentation of the library, too.
|
|||
# upstream patches
|
||||
%patch1 -p1
|
||||
%patch7 -p1
|
||||
%patch8 -p1
|
||||
|
||||
# Fedora patches
|
||||
%patch101 -p1
|
||||
|
|
@ -238,7 +242,10 @@ rm -rf $RPM_BUILD_ROOT
|
|||
%{_datadir}/aclocal/libcurl.m4
|
||||
|
||||
%changelog
|
||||
* Fri Jun 03 2016 Kamil Dudka <kdudka@redhat.com> 7.47.1-4
|
||||
* Wed Aug 03 2016 Kamil Dudka <kdudka@redhat.com> 7.47.1-6
|
||||
- fix use of connection struct after free (CVE-2016-5421)
|
||||
|
||||
* Fri Jun 03 2016 Kamil Dudka <kdudka@redhat.com> 7.47.1-5
|
||||
- fix SIGSEGV of the curl tool while parsing URL with too many globs (#1340757)
|
||||
|
||||
* Wed Mar 02 2016 Kamil Dudka <kdudka@redhat.com> 7.47.1-4
|
||||
|
|
|
|||
Loading…
Reference in New Issue