Patch CVE-2023-27534 in cmake
This commit is contained in:
Родитель
6b1169774d
Коммит
a8ae15a19a
|
@ -0,0 +1,119 @@
|
|||
From 851e92133dcb67015af8f7d3402fb58fa5df051e Mon Sep 17 00:00:00 2001
|
||||
From: Suresh Thelkar <sthelkar@microsoft.com>
|
||||
Date: Wed, 18 Sep 2024 15:14:00 +0530
|
||||
Subject: [PATCH] Patch for CVE-2023-27534
|
||||
|
||||
Upstream patch details are given below.
|
||||
https://github.com/curl/curl/pull/10729/commits/01345b13d4c4d1222387f5c02dfb6244a9cade33#diff-86c8ab4ca5332fd50f646ad37656e92fc41839ba34e0ddab1ec7728439cbe5f1
|
||||
---
|
||||
Utilities/cmcurl/lib/curl_path.c | 72 ++++++++++++++++----------------
|
||||
1 file changed, 36 insertions(+), 36 deletions(-)
|
||||
|
||||
diff --git a/Utilities/cmcurl/lib/curl_path.c b/Utilities/cmcurl/lib/curl_path.c
|
||||
index 65106188..28eb41ad 100644
|
||||
--- a/Utilities/cmcurl/lib/curl_path.c
|
||||
+++ b/Utilities/cmcurl/lib/curl_path.c
|
||||
@@ -30,6 +30,8 @@
|
||||
#include "escape.h"
|
||||
#include "memdebug.h"
|
||||
|
||||
+#define MAX_SSHPATH_LEN 100000 /* arbitrary */
|
||||
+
|
||||
/* figure out the path to work with in this particular request */
|
||||
CURLcode Curl_getworkingpath(struct Curl_easy *data,
|
||||
char *homedir, /* when SFTP is used */
|
||||
@@ -39,57 +41,55 @@ CURLcode Curl_getworkingpath(struct Curl_easy *data,
|
||||
char *real_path = NULL;
|
||||
char *working_path;
|
||||
size_t working_path_len;
|
||||
+ struct dynbuf npath;
|
||||
CURLcode result =
|
||||
Curl_urldecode(data, data->state.up.path, 0, &working_path,
|
||||
&working_path_len, REJECT_ZERO);
|
||||
if(result)
|
||||
return result;
|
||||
|
||||
+ /* new path to switch to in case we need to */
|
||||
+ Curl_dyn_init(&npath, MAX_SSHPATH_LEN);
|
||||
+
|
||||
/* Check for /~/, indicating relative to the user's home directory */
|
||||
- if(data->conn->handler->protocol & CURLPROTO_SCP) {
|
||||
- real_path = malloc(working_path_len + 1);
|
||||
- if(!real_path) {
|
||||
+ if((data->conn->handler->protocol & CURLPROTO_SCP) &&
|
||||
+ (working_path_len > 3) && (!memcmp(working_path, "/~/", 3))) {
|
||||
+ /* It is referenced to the home directory, so strip the leading '/~/' */
|
||||
+ if(Curl_dyn_addn(&npath, &working_path[3], working_path_len - 3)) {
|
||||
free(working_path);
|
||||
return CURLE_OUT_OF_MEMORY;
|
||||
}
|
||||
- if((working_path_len > 3) && (!memcmp(working_path, "/~/", 3)))
|
||||
- /* It is referenced to the home directory, so strip the leading '/~/' */
|
||||
- memcpy(real_path, working_path + 3, working_path_len - 2);
|
||||
- else
|
||||
- memcpy(real_path, working_path, 1 + working_path_len);
|
||||
}
|
||||
- else if(data->conn->handler->protocol & CURLPROTO_SFTP) {
|
||||
- if((working_path_len > 1) && (working_path[1] == '~')) {
|
||||
- size_t homelen = strlen(homedir);
|
||||
- real_path = malloc(homelen + working_path_len + 1);
|
||||
- if(!real_path) {
|
||||
- free(working_path);
|
||||
- return CURLE_OUT_OF_MEMORY;
|
||||
- }
|
||||
- /* It is referenced to the home directory, so strip the
|
||||
- leading '/' */
|
||||
- memcpy(real_path, homedir, homelen);
|
||||
- real_path[homelen] = '/';
|
||||
- real_path[homelen + 1] = '\0';
|
||||
- if(working_path_len > 3) {
|
||||
- memcpy(real_path + homelen + 1, working_path + 3,
|
||||
- 1 + working_path_len -3);
|
||||
- }
|
||||
+ else if((data->conn->handler->protocol & CURLPROTO_SFTP) &&
|
||||
+ (working_path_len > 2) && !memcmp(working_path, "/~/", 3)) {
|
||||
+ size_t len;
|
||||
+ const char *p;
|
||||
+ int copyfrom = 3;
|
||||
+ if(Curl_dyn_add(&npath, homedir)) {
|
||||
+ free(working_path);
|
||||
+ return CURLE_OUT_OF_MEMORY;
|
||||
}
|
||||
- else {
|
||||
- real_path = malloc(working_path_len + 1);
|
||||
- if(!real_path) {
|
||||
- free(working_path);
|
||||
- return CURLE_OUT_OF_MEMORY;
|
||||
- }
|
||||
- memcpy(real_path, working_path, 1 + working_path_len);
|
||||
+ /* Copy a separating '/' if homedir does not end with one */
|
||||
+ len = Curl_dyn_len(&npath);
|
||||
+ p = Curl_dyn_ptr(&npath);
|
||||
+ if(len && (p[len-1] != '/'))
|
||||
+ copyfrom = 2;
|
||||
+
|
||||
+ if(Curl_dyn_addn(&npath,
|
||||
+ &working_path[copyfrom], working_path_len - copyfrom)) {
|
||||
+ free(working_path);
|
||||
+ return CURLE_OUT_OF_MEMORY;
|
||||
}
|
||||
}
|
||||
|
||||
- free(working_path);
|
||||
-
|
||||
- /* store the pointer for the caller to receive */
|
||||
- *path = real_path;
|
||||
+ if(Curl_dyn_len(&npath)) {
|
||||
+ free(working_path);
|
||||
+
|
||||
+ /* store the pointer for the caller to receive */
|
||||
+ *path = Curl_dyn_ptr(&npath);
|
||||
+ }
|
||||
+ else
|
||||
+ *path = working_path
|
||||
|
||||
return CURLE_OK;
|
||||
}
|
||||
--
|
||||
2.34.1
|
||||
|
|
@ -2,7 +2,7 @@
|
|||
Summary: Cmake
|
||||
Name: cmake
|
||||
Version: 3.21.4
|
||||
Release: 11%{?dist}
|
||||
Release: 12%{?dist}
|
||||
License: BSD AND LGPLv2+
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
|
@ -21,6 +21,7 @@ Patch6: CVE-2023-38545.patch
|
|||
Patch7: CVE-2023-38546.patch
|
||||
Patch8: cve-2023-44487.patch
|
||||
Patch9: CVE-2023-28320.patch
|
||||
Patch10: CVE-2023-27534.patch
|
||||
BuildRequires: bzip2
|
||||
BuildRequires: bzip2-devel
|
||||
BuildRequires: curl
|
||||
|
@ -86,6 +87,9 @@ bin/ctest --force-new-ctest-process --rerun-failed --output-on-failure
|
|||
%{_prefix}/doc/%{name}-*/*
|
||||
|
||||
%changelog
|
||||
* Wed Sep 18 2024 Suresh Thelkar <sthelkar@microsoft.com> - 3.21.4-12
|
||||
- Patch CVE-2023-27534
|
||||
|
||||
* Fri Jul 26 2024 Zhichun Wan <zhichunwan@microsoft.com> - 3.21.4-11
|
||||
- Patch CVE-2023-28320.patch
|
||||
|
||||
|
|
|
@ -30,8 +30,8 @@ check-debuginfo-0.15.2-1.cm2.aarch64.rpm
|
|||
chkconfig-1.20-4.cm2.aarch64.rpm
|
||||
chkconfig-debuginfo-1.20-4.cm2.aarch64.rpm
|
||||
chkconfig-lang-1.20-4.cm2.aarch64.rpm
|
||||
cmake-3.21.4-11.cm2.aarch64.rpm
|
||||
cmake-debuginfo-3.21.4-11.cm2.aarch64.rpm
|
||||
cmake-3.21.4-12.cm2.aarch64.rpm
|
||||
cmake-debuginfo-3.21.4-12.cm2.aarch64.rpm
|
||||
coreutils-8.32-7.cm2.aarch64.rpm
|
||||
coreutils-debuginfo-8.32-7.cm2.aarch64.rpm
|
||||
coreutils-lang-8.32-7.cm2.aarch64.rpm
|
||||
|
|
|
@ -31,8 +31,8 @@ check-debuginfo-0.15.2-1.cm2.x86_64.rpm
|
|||
chkconfig-1.20-4.cm2.x86_64.rpm
|
||||
chkconfig-debuginfo-1.20-4.cm2.x86_64.rpm
|
||||
chkconfig-lang-1.20-4.cm2.x86_64.rpm
|
||||
cmake-3.21.4-11.cm2.x86_64.rpm
|
||||
cmake-debuginfo-3.21.4-11.cm2.x86_64.rpm
|
||||
cmake-3.21.4-12.cm2.x86_64.rpm
|
||||
cmake-debuginfo-3.21.4-12.cm2.x86_64.rpm
|
||||
coreutils-8.32-7.cm2.x86_64.rpm
|
||||
coreutils-debuginfo-8.32-7.cm2.x86_64.rpm
|
||||
coreutils-lang-8.32-7.cm2.x86_64.rpm
|
||||
|
|
Загрузка…
Ссылка в новой задаче