Resolves: #1683676 - fix NULL dereference if flushing cookies with no CookieInfo set

2019-02-27 18:02:05 +01:00 · 2019-02-27 18:02:05 +01:00 · 95008127cf
commit 95008127cf
parent e97fdf9b7f
2 changed files with 50 additions and 1 deletions
--- a/0003-curl-7.64.0-cookie-segfault.patch
+++ b/0003-curl-7.64.0-cookie-segfault.patch
@ -0,0 +1,42 @@
+From d73dc8d3e70bde0ef999ecf7bcd5585b9892371c Mon Sep 17 00:00:00 2001
+From: Michael Wallner <mike@php.net>
+Date: Mon, 25 Feb 2019 19:05:02 +0100
+Subject: [PATCH] cookies: fix NULL dereference if flushing cookies with no
+ CookieInfo set
+
+Regression brought by a52e46f3900fb0 (shipped in 7.63.0)
+
+Closes #3613
+
+Upstream-commit: 8eddb8f4259193633cfc95a42603958a89b31de5
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/cookie.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/lib/cookie.c b/lib/cookie.c
+index 4fb992a..d535170 100644
+--- a/lib/cookie.c
+++ b/lib/cookie.c
+@@ -1504,7 +1504,8 @@ static int cookie_output(struct CookieInfo *c, const char *dumphere)
+   struct Cookie **array;
+ 
+   /* at first, remove expired cookies */
+-  remove_expired(c);
+  if(c)
+    remove_expired(c);
+ 
+   if(!strcmp("-", dumphere)) {
+     /* use stdout */
+@@ -1523,7 +1524,7 @@ static int cookie_output(struct CookieInfo *c, const char *dumphere)
+         "# This file was generated by libcurl! Edit at your own risk.\n\n",
+         out);
+ 
+-  if(c->numcookies) {
+  if(c && c->numcookies) {
+     array = malloc(sizeof(struct Cookie *) * c->numcookies);
+     if(!array) {
+       if(!use_stdout)
+-- 
+2.17.2
+
--- a/curl.spec
+++ b/curl.spec
@ -1,7 +1,7 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
 Version: 7.64.0
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: MIT
 Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz

@ -11,6 +11,9 @@ Patch1:   0001-curl-7.64.0-zsh-completion.patch
 # prevent NetworkManager from leaking file descriptors (#1680198)
 Patch2:   0002-curl-7.64.0-nm-fd-leak.patch

+# fix NULL dereference if flushing cookies with no CookieInfo set (#1683676)
+Patch3:   0003-curl-7.64.0-cookie-segfault.patch
+
 # patch making libcurl multilib ready
 Patch101: 0101-curl-7.32.0-multilib.patch

@ -174,6 +177,7 @@ be installed.
 # upstream patches
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1

 # Fedora patches
 %patch101 -p1
@ -341,6 +345,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal

 %changelog
+* Wed Feb 27 2019 Kamil Dudka <kdudka@redhat.com> - 7.64.0-4
+- fix NULL dereference if flushing cookies with no CookieInfo set (#1683676)
+
 * Mon Feb 25 2019 Kamil Dudka <kdudka@redhat.com> - 7.64.0-3
 - prevent NetworkManager from leaking file descriptors (#1680198)