Resolves: CVE-2021-22898 - fix TELNET stack contents disclosure
This commit is contained in:
parent
ff41f425b6
commit
fa90718ce5
31
0011-curl-7.71.1-CVE-2021-22898.patch
Normal file
31
0011-curl-7.71.1-CVE-2021-22898.patch
Normal file
@ -0,0 +1,31 @@
|
||||
From ae2dc830fb37e9243dbdaf8b92e41df91f43b3f2 Mon Sep 17 00:00:00 2001
|
||||
From: Harry Sintonen <sintonen@iki.fi>
|
||||
Date: Fri, 7 May 2021 13:09:57 +0200
|
||||
Subject: [PATCH] telnet: check sscanf() for correct number of matches
|
||||
|
||||
CVE-2021-22898
|
||||
|
||||
Bug: https://curl.se/docs/CVE-2021-22898.html
|
||||
|
||||
Upstream-commit: 39ce47f219b09c380b81f89fe54ac586c8db6bde
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
lib/telnet.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/telnet.c b/lib/telnet.c
|
||||
index 1fc5af1..ea6bc71 100644
|
||||
--- a/lib/telnet.c
|
||||
+++ b/lib/telnet.c
|
||||
@@ -967,7 +967,7 @@ static void suboption(struct connectdata *conn)
|
||||
size_t tmplen = (strlen(v->data) + 1);
|
||||
/* Add the variable only if it fits */
|
||||
if(len + tmplen < (int)sizeof(temp)-6) {
|
||||
- if(sscanf(v->data, "%127[^,],%127s", varname, varval)) {
|
||||
+ if(sscanf(v->data, "%127[^,],%127s", varname, varval) == 2) {
|
||||
msnprintf((char *)&temp[len], sizeof(temp) - len,
|
||||
"%c%s%c%s", CURL_NEW_ENV_VAR, varname,
|
||||
CURL_NEW_ENV_VALUE, varval);
|
||||
--
|
||||
2.31.1
|
||||
|
@ -32,6 +32,9 @@ Patch9: 0009-curl-7.71.1-CVE-2021-22890.patch
|
||||
# fix bad connection reuse due to flawed path name checks (CVE-2021-22924)
|
||||
Patch10: 0010-curl-7.71.1-CVE-2021-22924.patch
|
||||
|
||||
# fix TELNET stack contents disclosure (CVE-2021-22898)
|
||||
Patch11: 0011-curl-7.71.1-CVE-2021-22898.patch
|
||||
|
||||
# patch making libcurl multilib ready
|
||||
Patch101: 0101-curl-7.32.0-multilib.patch
|
||||
|
||||
@ -207,6 +210,7 @@ be installed.
|
||||
%patch8 -p1
|
||||
%patch9 -p1
|
||||
%patch10 -p1
|
||||
%patch11 -p1
|
||||
|
||||
# Fedora patches
|
||||
%patch101 -p1
|
||||
@ -385,6 +389,7 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
|
||||
|
||||
%changelog
|
||||
* Wed Jun 02 2021 Kamil Dudka <kdudka@redhat.com> - 7.71.1-10
|
||||
- fix TELNET stack contents disclosure (CVE-2021-22898)
|
||||
- fix bad connection reuse due to flawed path name checks (CVE-2021-22924)
|
||||
- disable metalink support to fix the following vulnerabilities
|
||||
CVE-2021-22923 - metalink download sends credentials
|
||||
|
Loading…
Reference in New Issue
Block a user