From 8288db1fc2bf6c7801b37b104b5803b49dfcbe17 Mon Sep 17 00:00:00 2001 From: Kamil Dudka Date: Wed, 3 Aug 2016 16:42:41 +0200 Subject: [PATCH] Resolves: CVE-2016-5421 - fix use of connection struct after free --- 0008-curl-7.47.1-CVE-2016-5421.patch | 34 ++++++++++++++++++++++++++++ curl.spec | 11 +++++++-- 2 files changed, 43 insertions(+), 2 deletions(-) create mode 100644 0008-curl-7.47.1-CVE-2016-5421.patch diff --git a/0008-curl-7.47.1-CVE-2016-5421.patch b/0008-curl-7.47.1-CVE-2016-5421.patch new file mode 100644 index 0000000..6bac6da --- /dev/null +++ b/0008-curl-7.47.1-CVE-2016-5421.patch @@ -0,0 +1,34 @@ +From 93b8ffb630b62fedaef04a0d7674a89fe367bb22 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Sun, 31 Jul 2016 01:09:04 +0200 +Subject: [PATCH] curl_multi_cleanup: clear connection pointer for easy handles +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +CVE-2016-5421 +Bug: https://curl.haxx.se/docs/adv_20160803C.html +Reported-by: Marcelo Echeverria and Fernando Muñoz + +Upstream-commit: 75dc096e01ef1e21b6c57690d99371dedb2c0b80 +Signed-off-by: Kamil Dudka +--- + lib/multi.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/lib/multi.c b/lib/multi.c +index 069412d..89ea625 100644 +--- a/lib/multi.c ++++ b/lib/multi.c +@@ -1869,6 +1869,8 @@ static void close_all_connections(struct Curl_multi *multi) + conn->data = multi->closure_handle; + + sigpipe_ignore(conn->data, &pipe_st); ++ conn->data->easy_conn = NULL; /* clear the easy handle's connection ++ pointer */ + /* This will remove the connection from the cache */ + (void)Curl_disconnect(conn, FALSE); + sigpipe_restore(&pipe_st); +-- +2.5.5 + diff --git a/curl.spec b/curl.spec index 27c9ab6..adfb8a1 100644 --- a/curl.spec +++ b/curl.spec @@ -1,7 +1,7 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl Version: 7.47.1 -Release: 5%{?dist} +Release: 6%{?dist} License: MIT Group: Applications/Internet Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma @@ -13,6 +13,9 @@ Patch1: 0001-curl-7.47.1-psl-localhost.patch # fix SIGSEGV of the curl tool while parsing URL with too many globs (#1340757) Patch7: 0007-curl-7.49.1-urlglob.patch +# fix use of connection struct after free (CVE-2016-5421) +Patch8: 0008-curl-7.47.1-CVE-2016-5421.patch + # patch making libcurl multilib ready Patch101: 0101-curl-7.32.0-multilib.patch @@ -126,6 +129,7 @@ documentation of the library, too. # upstream patches %patch1 -p1 %patch7 -p1 +%patch8 -p1 # Fedora patches %patch101 -p1 @@ -238,7 +242,10 @@ rm -rf $RPM_BUILD_ROOT %{_datadir}/aclocal/libcurl.m4 %changelog -* Fri Jun 03 2016 Kamil Dudka 7.47.1-4 +* Wed Aug 03 2016 Kamil Dudka 7.47.1-6 +- fix use of connection struct after free (CVE-2016-5421) + +* Fri Jun 03 2016 Kamil Dudka 7.47.1-5 - fix SIGSEGV of the curl tool while parsing URL with too many globs (#1340757) * Wed Mar 02 2016 Kamil Dudka 7.47.1-4