Resolves: CVE-2016-5421 - fix use of connection struct after free
This commit is contained in:
Kamil Dudka
parent
8e287ada5e
commit
a91699a8d3
|
|
@ -0,0 +1,34 @@
|
|||
From 31c621ee6dcc793cf3b11e4c062f396d3bdfb503 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Sun, 31 Jul 2016 01:09:04 +0200
|
||||
Subject: [PATCH] curl_multi_cleanup: clear connection pointer for easy handles
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
CVE-2016-5421
|
||||
Bug: https://curl.haxx.se/docs/adv_20160803C.html
|
||||
Reported-by: Marcelo Echeverria and Fernando Muñoz
|
||||
|
||||
Upstream-commit: 75dc096e01ef1e21b6c57690d99371dedb2c0b80
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
lib/multi.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/lib/multi.c b/lib/multi.c
|
||||
index b63f8bf..3ff5e86 100644
|
||||
--- a/lib/multi.c
|
||||
+++ b/lib/multi.c
|
||||
@@ -1841,6 +1841,8 @@ static void close_all_connections(struct Curl_multi *multi)
|
||||
conn->data = multi->closure_handle;
|
||||
|
||||
sigpipe_ignore(conn->data, &pipe_st);
|
||||
+ conn->data->easy_conn = NULL; /* clear the easy handle's connection
|
||||
+ pointer */
|
||||
/* This will remove the connection from the cache */
|
||||
(void)Curl_disconnect(conn, FALSE);
|
||||
sigpipe_restore(&pipe_st);
|
||||
--
|
||||
2.5.5
|
||||
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
||||
Name: curl
|
||||
Version: 7.43.0
|
||||
Release: 7%{?dist}
|
||||
Release: 8%{?dist}
|
||||
License: MIT
|
||||
Group: Applications/Internet
|
||||
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
|
||||
|
|
@ -28,6 +28,9 @@ Patch6: 0006-curl-7.43.0-effa575f.patch
|
|||
# fix SIGSEGV of the curl tool while parsing URL with too many globs (#1340757)
|
||||
Patch7: 0007-curl-7.49.1-urlglob.patch
|
||||
|
||||
# fix use of connection struct after free (CVE-2016-5421)
|
||||
Patch8: 0008-curl-7.47.1-CVE-2016-5421.patch
|
||||
|
||||
# patch making libcurl multilib ready
|
||||
Patch101: 0101-curl-7.32.0-multilib.patch
|
||||
|
||||
|
|
@ -145,6 +148,7 @@ documentation of the library, too.
|
|||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
%patch7 -p1
|
||||
%patch8 -p1
|
||||
|
||||
# Fedora patches
|
||||
%patch101 -p1
|
||||
|
|
@ -264,6 +268,9 @@ rm -rf $RPM_BUILD_ROOT
|
|||
%{_datadir}/aclocal/libcurl.m4
|
||||
|
||||
%changelog
|
||||
* Wed Aug 03 2016 Kamil Dudka <kdudka@redhat.com> 7.43.0-8
|
||||
- fix use of connection struct after free (CVE-2016-5421)
|
||||
|
||||
* Fri Jun 03 2016 Kamil Dudka <kdudka@redhat.com> 7.43.0-7
|
||||
- fix SIGSEGV of the curl tool while parsing URL with too many globs (#1340757)
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue