Commit 47c8ea6e authored by J0WI's avatar J0WI Committed by Leo
Browse files

main/curl: security upgrade to 7.78.0

- CVE-2021-22922
- CVE-2021-22923
- CVE-2021-22924
- CVE-2021-22925
parent ae4a3101
......@@ -8,8 +8,8 @@
# this aport from arch=all WILL be reverted.
pkgname=curl
pkgver=7.77.0
pkgrel=1
pkgver=7.78.0
pkgrel=0
pkgdesc="URL retrival utility and library"
url="https://curl.se/"
arch="all"
......@@ -20,12 +20,15 @@ checkdepends="nghttp2 python3"
makedepends_host="$depends_dev"
makedepends_build="autoconf automake groff libtool perl"
subpackages="$pkgname-dbg $pkgname-static $pkgname-doc $pkgname-dev libcurl"
source="https://curl.se/download/curl-$pkgver.tar.xz
conn_shutdown-if-closed-during-CONNECT-cleanup-properly.patch
"
source="https://curl.se/download/curl-$pkgver.tar.xz"
options="net" # Required for running tests
# secfixes:
# 7.78.0-r0:
# - CVE-2021-22922
# - CVE-2021-22923
# - CVE-2021-22924
# - CVE-2021-22925
# 7.77.0-r0:
# - CVE-2021-22898
# - CVE-2021-22901
......@@ -156,6 +159,5 @@ static() {
}
sha512sums="
aef92a0e3f8ce8491b258a9a1c4dcea3c07c29b139a1f68f08619caa0295cfde76335d2dfb9cdf434525daea7dd05d8acd22f203f5ccc7735bd317964ec1da76 curl-7.77.0.tar.xz
bcf90547f574dd79c2dabdbc16a17426dbc6f7699799368b0b6d39d8ac6c044b027ceb484160d1e6aa7a1044834f568b94facadfa9430e720296c3103e14d3f0 conn_shutdown-if-closed-during-CONNECT-cleanup-properly.patch
f72e822a0b5e28320ef547c7a441c07f3b4870579a70ab4c428751baba435a1385cb89a22b9ed4b84a7fafecf620f155911e4131e3463ec1bdad80ecde47bb7a curl-7.78.0.tar.xz
"
From 14a2ca85ecb8478772a30d8c2521e5e1d1d98b3d Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 9 Jun 2021 08:38:07 +0200
Subject: [PATCH] conn_shutdown: if closed during CONNECT cleanup properly
Reported-by: Alex Xu
Reported-by: Phil E. Taylor
Fixes #7236
Closes #7237
---
lib/http_proxy.c | 19 +++++++++++--------
lib/http_proxy.h | 7 ++++---
lib/url.c | 9 +++++++++
3 files changed, 24 insertions(+), 11 deletions(-)
diff --git a/lib/http_proxy.c b/lib/http_proxy.c
index a67d9d3b4115..e0a4987063d7 100644
--- a/lib/http_proxy.c
+++ b/lib/http_proxy.c
@@ -129,13 +129,13 @@ CURLcode Curl_proxy_connect(struct Curl_easy *data, int sockindex)
bool Curl_connect_complete(struct connectdata *conn)
{
return !conn->connect_state ||
- (conn->connect_state->tunnel_state == TUNNEL_COMPLETE);
+ (conn->connect_state->tunnel_state >= TUNNEL_COMPLETE);
}
bool Curl_connect_ongoing(struct connectdata *conn)
{
return conn->connect_state &&
- (conn->connect_state->tunnel_state != TUNNEL_COMPLETE);
+ (conn->connect_state->tunnel_state <= TUNNEL_COMPLETE);
}
/* when we've sent a CONNECT to a proxy, we should rather either wait for the
@@ -202,13 +202,16 @@ static void connect_done(struct Curl_easy *data)
{
struct connectdata *conn = data->conn;
struct http_connect_state *s = conn->connect_state;
- s->tunnel_state = TUNNEL_COMPLETE;
- Curl_dyn_free(&s->rcvbuf);
- Curl_dyn_free(&s->req);
+ if(s->tunnel_state != TUNNEL_EXIT) {
+ s->tunnel_state = TUNNEL_EXIT;
+ Curl_dyn_free(&s->rcvbuf);
+ Curl_dyn_free(&s->req);
- /* retore the protocol pointer */
- data->req.p.http = s->prot_save;
- infof(data, "CONNECT phase completed!\n");
+ /* retore the protocol pointer */
+ data->req.p.http = s->prot_save;
+ s->prot_save = NULL;
+ infof(data, "CONNECT phase completed!\n");
+ }
}
static CURLcode CONNECT_host(struct Curl_easy *data,
diff --git a/lib/http_proxy.h b/lib/http_proxy.h
index f5a4cb07cf1b..cdf8de4fba86 100644
--- a/lib/http_proxy.h
+++ b/lib/http_proxy.h
@@ -65,9 +65,10 @@ struct http_connect_state {
} keepon;
curl_off_t cl; /* size of content to read and ignore */
enum {
- TUNNEL_INIT, /* init/default/no tunnel state */
- TUNNEL_CONNECT, /* CONNECT has been sent off */
- TUNNEL_COMPLETE /* CONNECT response received completely */
+ TUNNEL_INIT, /* init/default/no tunnel state */
+ TUNNEL_CONNECT, /* CONNECT has been sent off */
+ TUNNEL_COMPLETE, /* CONNECT response received completely */
+ TUNNEL_EXIT
} tunnel_state;
BIT(chunked_encoding);
BIT(close_connection);
diff --git a/lib/url.c b/lib/url.c
index 84d37a560eaf..27ba7d6b52ce 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -727,6 +727,15 @@ static void conn_shutdown(struct Curl_easy *data, struct connectdata *conn)
DEBUGASSERT(data);
infof(data, "Closing connection %ld\n", conn->connection_id);
+#ifndef USE_HYPER
+ if(conn->connect_state && conn->connect_state->prot_save) {
+ /* If this was closed with a CONNECT in progress, cleanup this temporary
+ struct arrangement */
+ data->req.p.http = NULL;
+ Curl_safefree(conn->connect_state->prot_save);
+ }
+#endif
+
/* possible left-overs from the async name resolvers */
Curl_resolver_cancel(data);
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment