Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
aports
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Service Desk
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Incidents
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Johannes Müller
aports
Commits
0f35f852
Commit
0f35f852
authored
Apr 14, 2017
by
Sergei Lukin
Committed by
Leonardo Arena
Apr 14, 2017
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
main/curl: security fixes #7133
CVE-2017-7407: write-out out of buffer read
parent
143477dd
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
206 additions
and
3 deletions
+206
-3
main/curl/APKBUILD
main/curl/APKBUILD
+9
-3
main/curl/CVE-2017-7407.patch
main/curl/CVE-2017-7407.patch
+197
-0
No files found.
main/curl/APKBUILD
View file @
0f35f852
# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
# Contributor: Valery Kartel <valery.kartel@gmail.com>
# Contributor: Łukasz Jendrysik <scadu@yandex.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname
=
curl
pkgver
=
7.53.1
pkgrel
=
1
pkgrel
=
2
pkgdesc
=
"An URL retrival utility and library"
url
=
"http://curl.haxx.se"
arch
=
"all"
license
=
"MIT"
depends
=
"ca-certificates"
makedepends
=
"zlib-dev libressl-dev libssh2-dev groff perl"
source
=
"http://curl.haxx.se/download/
$pkgname
-
$pkgver
.tar.bz2"
source
=
"http://curl.haxx.se/download/
$pkgname
-
$pkgver
.tar.bz2
CVE-2017-7407.patch
"
subpackages
=
"
$pkgname
-dbg
$pkgname
-doc
$pkgname
-dev libcurl"
# secfixes:
# 7.53.1-r2:
# CVE-2017-7407
# 7.53.0:
# - CVE-2017-2629
# 7.52.1:
...
...
@@ -76,4 +81,5 @@ libcurl() {
mv
"
$pkgdir
"
/usr/lib
"
$subpkgdir
"
/usr
}
sha512sums
=
"c668494d0e795f34b00505ca68ab41fbb475a1bccbcac1d0bbacbbbafa40a994472e100be18a0c10f8fa21b5b9bd3f4e66c1e68ff5423b13b82d829cbaefcd52 curl-7.53.1.tar.bz2"
sha512sums
=
"c668494d0e795f34b00505ca68ab41fbb475a1bccbcac1d0bbacbbbafa40a994472e100be18a0c10f8fa21b5b9bd3f4e66c1e68ff5423b13b82d829cbaefcd52 curl-7.53.1.tar.bz2
05ab29bef14abef013f2df9dee9ad5a449a0b24838f1376d4f53db9bb428c3769e264302ac9098563e9a2cc57b56c6fba9805581cae7f4a115d8be9f623714e3 CVE-2017-7407.patch"
main/curl/CVE-2017-7407.patch
0 → 100644
View file @
0f35f852
From 6019f1795b4e3b72507b84b0e02dc8c32024f562 Mon Sep 17 00:00:00 2001
From: Dan Fandrich <dan@coneharvesters.com>
Date: Sat, 11 Mar 2017 10:59:34 +0100
Subject: [PATCH] CVE-2017-7407: fixed
Bug: https://curl.haxx.se/docs/adv_20170403.html
Reported-by: Brian Carpenter
---
src/tool_writeout.c | 6 +++---
tests/data/Makefile.inc | 2 +-
tests/data/test1440 | 31 +++++++++++++++++++++++++++++++
tests/data/test1441 | 31 +++++++++++++++++++++++++++++++
tests/data/test1442 | 35 +++++++++++++++++++++++++++++++++++
5 files changed, 101 insertions(+), 4 deletions(-)
create mode 100644 tests/data/test1440
create mode 100644 tests/data/test1441
create mode 100644 tests/data/test1442
diff --git a/src/tool_writeout.c b/src/tool_writeout.c
index 2fb77742a..5d92bd278 100644
--- a/src/tool_writeout.c
+++ b/src/tool_writeout.c
@@ -3,11 +3,11 @@
* Project ___| | | | _ \| |
* / __| | | | |_) | |
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
* are also available at https://curl.haxx.se/docs/copyright.html.
*
@@ -111,11 +111,11 @@
void ourWriteOut(CURL *curl, struct OutStruct *outs, const char *writeinfo)
char *stringp = NULL;
long longinfo;
double doubleinfo;
while(ptr && *ptr) {
- if('%' == *ptr) {
+ if('%' == *ptr && ptr[1]) {
if('%' == ptr[1]) {
/* an escaped %-letter */
fputc('%', stream);
ptr += 2;
}
@@ -339,11 +339,11 @@
void ourWriteOut(CURL *curl, struct OutStruct *outs, const char *writeinfo)
fputc(ptr[1], stream);
ptr += 2;
}
}
}
- else if('\\' == *ptr) {
+ else if('\\' == *ptr && ptr[1]) {
switch(ptr[1]) {
case 'r':
fputc('\r', stream);
break;
case 'n':
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index 8251ab9a4..267ff6aef 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -149,11 +149,11 @@
test1396 test1397 test1398 \
test1400 test1401 test1402 test1403 test1404 test1405 test1406 test1407 \
test1408 test1409 test1410 test1411 test1412 test1413 test1414 test1415 \
test1416 test1417 test1418 test1419 test1420 test1421 test1422 test1423 \
test1424 \
test1428 test1429 test1430 test1431 test1432 test1433 test1434 test1435 \
-test1436 test1437 test1438 test1439 \
+test1436 test1437 test1438 test1439 test1440 test1441 test1442 \
\
test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 \
test1508 test1509 test1510 test1511 test1512 test1513 test1514 test1515 \
test1516 test1517 \
\
diff --git a/tests/data/test1440 b/tests/data/test1440
new file mode 100644
index 000000000..7ed0c4d5f
--- /dev/null
+++ b/tests/data/test1440
@@ -0,0 +1,31 @@
+<testcase>
+<info>
+<keywords>
+--write-out
+</keywords>
+</info>
+# Server-side
+<reply>
+</reply>
+
+# Client-side
+<client>
+<server>
+file
+</server>
+
+<name>
+Check --write-out with trailing %{
+</name>
+<command>
+file://localhost/%PWD/log/ --write-out '%{'
+</command>
+</client>
+
+# Verify data
+<verify>
+<stdout nonewline="yes">
+%{
+</stdout>
+</verify>
+</testcase>
diff --git a/tests/data/test1441 b/tests/data/test1441
new file mode 100644
index 000000000..6e253a690
--- /dev/null
+++ b/tests/data/test1441
@@ -0,0 +1,31 @@
+<testcase>
+<info>
+<keywords>
+--write-out
+</keywords>
+</info>
+# Server-side
+<reply>
+</reply>
+
+# Client-side
+<client>
+<server>
+file
+</server>
+
+<name>
+Check --write-out with trailing %
+</name>
+<command>
+file://localhost/%PWD/log/ --write-out '%'
+</command>
+</client>
+
+# Verify data
+<verify>
+<stdout nonewline="yes">
+%
+</stdout>
+</verify>
+</testcase>
diff --git a/tests/data/test1442 b/tests/data/test1442
new file mode 100644
index 000000000..255a4c9ff
--- /dev/null
+++ b/tests/data/test1442
@@ -0,0 +1,35 @@
+<testcase>
+<info>
+<keywords>
+--write-out
+FILE
+</keywords>
+</info>
+# Server-side
+<reply>
+</reply>
+
+# Client-side
+<client>
+<server>
+file
+</server>
+
+<name>
+Check --write-out with trailing \
+</name>
+<command>
+file://localhost/%PWD/log/non-existent-file.txt --write-out '\'
+</command>
+</client>
+
+# Verify data
+<verify>
+<errorcode>
+37
+</errorcode>
+<stdout nonewline="yes">
+\
+</stdout>
+</verify>
+</testcase>
--
2.11.0
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
