Resolves: CVE-2016-5421 - fix use of connection struct after free
This commit is contained in:
parent
fb0bc4b8e6
commit
8288db1fc2
34
0008-curl-7.47.1-CVE-2016-5421.patch
Normal file
34
0008-curl-7.47.1-CVE-2016-5421.patch
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
From 93b8ffb630b62fedaef04a0d7674a89fe367bb22 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daniel Stenberg <daniel@haxx.se>
|
||||||
|
Date: Sun, 31 Jul 2016 01:09:04 +0200
|
||||||
|
Subject: [PATCH] curl_multi_cleanup: clear connection pointer for easy handles
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
CVE-2016-5421
|
||||||
|
Bug: https://curl.haxx.se/docs/adv_20160803C.html
|
||||||
|
Reported-by: Marcelo Echeverria and Fernando Muñoz
|
||||||
|
|
||||||
|
Upstream-commit: 75dc096e01ef1e21b6c57690d99371dedb2c0b80
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
lib/multi.c | 2 ++
|
||||||
|
1 file changed, 2 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/lib/multi.c b/lib/multi.c
|
||||||
|
index 069412d..89ea625 100644
|
||||||
|
--- a/lib/multi.c
|
||||||
|
+++ b/lib/multi.c
|
||||||
|
@@ -1869,6 +1869,8 @@ static void close_all_connections(struct Curl_multi *multi)
|
||||||
|
conn->data = multi->closure_handle;
|
||||||
|
|
||||||
|
sigpipe_ignore(conn->data, &pipe_st);
|
||||||
|
+ conn->data->easy_conn = NULL; /* clear the easy handle's connection
|
||||||
|
+ pointer */
|
||||||
|
/* This will remove the connection from the cache */
|
||||||
|
(void)Curl_disconnect(conn, FALSE);
|
||||||
|
sigpipe_restore(&pipe_st);
|
||||||
|
--
|
||||||
|
2.5.5
|
||||||
|
|
11
curl.spec
11
curl.spec
@ -1,7 +1,7 @@
|
|||||||
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
||||||
Name: curl
|
Name: curl
|
||||||
Version: 7.47.1
|
Version: 7.47.1
|
||||||
Release: 5%{?dist}
|
Release: 6%{?dist}
|
||||||
License: MIT
|
License: MIT
|
||||||
Group: Applications/Internet
|
Group: Applications/Internet
|
||||||
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
|
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
|
||||||
@ -13,6 +13,9 @@ Patch1: 0001-curl-7.47.1-psl-localhost.patch
|
|||||||
# fix SIGSEGV of the curl tool while parsing URL with too many globs (#1340757)
|
# fix SIGSEGV of the curl tool while parsing URL with too many globs (#1340757)
|
||||||
Patch7: 0007-curl-7.49.1-urlglob.patch
|
Patch7: 0007-curl-7.49.1-urlglob.patch
|
||||||
|
|
||||||
|
# fix use of connection struct after free (CVE-2016-5421)
|
||||||
|
Patch8: 0008-curl-7.47.1-CVE-2016-5421.patch
|
||||||
|
|
||||||
# patch making libcurl multilib ready
|
# patch making libcurl multilib ready
|
||||||
Patch101: 0101-curl-7.32.0-multilib.patch
|
Patch101: 0101-curl-7.32.0-multilib.patch
|
||||||
|
|
||||||
@ -126,6 +129,7 @@ documentation of the library, too.
|
|||||||
# upstream patches
|
# upstream patches
|
||||||
%patch1 -p1
|
%patch1 -p1
|
||||||
%patch7 -p1
|
%patch7 -p1
|
||||||
|
%patch8 -p1
|
||||||
|
|
||||||
# Fedora patches
|
# Fedora patches
|
||||||
%patch101 -p1
|
%patch101 -p1
|
||||||
@ -238,7 +242,10 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%{_datadir}/aclocal/libcurl.m4
|
%{_datadir}/aclocal/libcurl.m4
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Fri Jun 03 2016 Kamil Dudka <kdudka@redhat.com> 7.47.1-4
|
* Wed Aug 03 2016 Kamil Dudka <kdudka@redhat.com> 7.47.1-6
|
||||||
|
- fix use of connection struct after free (CVE-2016-5421)
|
||||||
|
|
||||||
|
* Fri Jun 03 2016 Kamil Dudka <kdudka@redhat.com> 7.47.1-5
|
||||||
- fix SIGSEGV of the curl tool while parsing URL with too many globs (#1340757)
|
- fix SIGSEGV of the curl tool while parsing URL with too many globs (#1340757)
|
||||||
|
|
||||||
* Wed Mar 02 2016 Kamil Dudka <kdudka@redhat.com> 7.47.1-4
|
* Wed Mar 02 2016 Kamil Dudka <kdudka@redhat.com> 7.47.1-4
|
||||||
|
Loading…
Reference in New Issue
Block a user