rpms/curl
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Resolves: #1683676 - fix NULL dereference if flushing cookies with no CookieInfo set

Browse Source
This commit is contained in:
Kamil Dudka 2019-02-27 18:02:05 +01:00
parent e97fdf9b7f
commit 95008127cf
2 changed files with 50 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
0003-curl-7.64.0-cookie-segfault.patch Normal file
View File

@ -0,0 +1,42 @@
From d73dc8d3e70bde0ef999ecf7bcd5585b9892371c Mon Sep 17 00:00:00 2001
From: Michael Wallner <mike@php.net>
Date: Mon, 25 Feb 2019 19:05:02 +0100
Subject: [PATCH] cookies: fix NULL dereference if flushing cookies with no
CookieInfo set
Regression brought by a52e46f3900fb0 (shipped in 7.63.0)
Closes #3613
Upstream-commit: 8eddb8f4259193633cfc95a42603958a89b31de5
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
lib/cookie.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/lib/cookie.c b/lib/cookie.c
index 4fb992a..d535170 100644
--- a/lib/cookie.c
+++ b/lib/cookie.c
@@ -1504,7 +1504,8 @@ static int cookie_output(struct CookieInfo *c, const char *dumphere)
struct Cookie **array;
/* at first, remove expired cookies */
- remove_expired(c);
+ if(c)
+ remove_expired(c);
if(!strcmp("-", dumphere)) {
/* use stdout */
@@ -1523,7 +1524,7 @@ static int cookie_output(struct CookieInfo *c, const char *dumphere)
"# This file was generated by libcurl! Edit at your own risk.\n\n",
out);
- if(c->numcookies) {
+ if(c && c->numcookies) {
array = malloc(sizeof(struct Cookie *) * c->numcookies);
if(!array) {
if(!use_stdout)
--
2.17.2

9
curl.spec
View File

@ -1,7 +1,7 @@
Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
Name: curl Name: curl
Version: 7.64.0 Version: 7.64.0
Release: 3%{?dist} Release: 4%{?dist}
License: MIT License: MIT
Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz
@ -11,6 +11,9 @@ Patch1: 0001-curl-7.64.0-zsh-completion.patch
# prevent NetworkManager from leaking file descriptors (#1680198) # prevent NetworkManager from leaking file descriptors (#1680198)
Patch2: 0002-curl-7.64.0-nm-fd-leak.patch Patch2: 0002-curl-7.64.0-nm-fd-leak.patch
# fix NULL dereference if flushing cookies with no CookieInfo set (#1683676)
Patch3: 0003-curl-7.64.0-cookie-segfault.patch
# patch making libcurl multilib ready # patch making libcurl multilib ready
Patch101: 0101-curl-7.32.0-multilib.patch Patch101: 0101-curl-7.32.0-multilib.patch
@ -174,6 +177,7 @@ be installed.
# upstream patches # upstream patches
%patch1 -p1 %patch1 -p1
%patch2 -p1 %patch2 -p1
%patch3 -p1
# Fedora patches # Fedora patches
%patch101 -p1 %patch101 -p1
@ -341,6 +345,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
%changelog %changelog
* Wed Feb 27 2019 Kamil Dudka <kdudka@redhat.com> - 7.64.0-4
- fix NULL dereference if flushing cookies with no CookieInfo set (#1683676)
* Mon Feb 25 2019 Kamil Dudka <kdudka@redhat.com> - 7.64.0-3 * Mon Feb 25 2019 Kamil Dudka <kdudka@redhat.com> - 7.64.0-3
- prevent NetworkManager from leaking file descriptors (#1680198) - prevent NetworkManager from leaking file descriptors (#1680198)