microsoft
/
CBL-Mariner
зеркало из https://github.com/microsoft/CBL-Mariner.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Patch CVE-2023-27534 in cmake

This commit is contained in:
Suresh Thelkar 2024-09-18 15:23:41 +05:30
Родитель 6b1169774d
Коммит a8ae15a19a
4 изменённых файлов: 128 добавлений и 5 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

119
SPECS/cmake/CVE-2023-27534.patch Normal file
Просмотреть файл

@ -0,0 +1,119 @@
From 851e92133dcb67015af8f7d3402fb58fa5df051e Mon Sep 17 00:00:00 2001
From: Suresh Thelkar <sthelkar@microsoft.com>
Date: Wed, 18 Sep 2024 15:14:00 +0530
Subject: [PATCH] Patch for CVE-2023-27534
Upstream patch details are given below.
https://github.com/curl/curl/pull/10729/commits/01345b13d4c4d1222387f5c02dfb6244a9cade33#diff-86c8ab4ca5332fd50f646ad37656e92fc41839ba34e0ddab1ec7728439cbe5f1
---
Utilities/cmcurl/lib/curl_path.c | 72 ++++++++++++++++----------------
1 file changed, 36 insertions(+), 36 deletions(-)
diff --git a/Utilities/cmcurl/lib/curl_path.c b/Utilities/cmcurl/lib/curl_path.c
index 65106188..28eb41ad 100644
--- a/Utilities/cmcurl/lib/curl_path.c
+++ b/Utilities/cmcurl/lib/curl_path.c
@@ -30,6 +30,8 @@
#include "escape.h"
#include "memdebug.h"
+#define MAX_SSHPATH_LEN 100000 /* arbitrary */
+
/* figure out the path to work with in this particular request */
CURLcode Curl_getworkingpath(struct Curl_easy *data,
char *homedir, /* when SFTP is used */
@@ -39,57 +41,55 @@ CURLcode Curl_getworkingpath(struct Curl_easy *data,
char *real_path = NULL;
char *working_path;
size_t working_path_len;
+ struct dynbuf npath;
CURLcode result =
Curl_urldecode(data, data->state.up.path, 0, &working_path,
&working_path_len, REJECT_ZERO);
if(result)
return result;
+ /* new path to switch to in case we need to */
+ Curl_dyn_init(&npath, MAX_SSHPATH_LEN);
+
/* Check for /~/, indicating relative to the user's home directory */
- if(data->conn->handler->protocol & CURLPROTO_SCP) {
- real_path = malloc(working_path_len + 1);
- if(!real_path) {
+ if((data->conn->handler->protocol & CURLPROTO_SCP) &&
+ (working_path_len > 3) && (!memcmp(working_path, "/~/", 3))) {
+ /* It is referenced to the home directory, so strip the leading '/~/' */
+ if(Curl_dyn_addn(&npath, &working_path[3], working_path_len - 3)) {
free(working_path);
return CURLE_OUT_OF_MEMORY;
}
- if((working_path_len > 3) && (!memcmp(working_path, "/~/", 3)))
- /* It is referenced to the home directory, so strip the leading '/~/' */
- memcpy(real_path, working_path + 3, working_path_len - 2);
- else
- memcpy(real_path, working_path, 1 + working_path_len);
}
- else if(data->conn->handler->protocol & CURLPROTO_SFTP) {
- if((working_path_len > 1) && (working_path[1] == '~')) {
- size_t homelen = strlen(homedir);
- real_path = malloc(homelen + working_path_len + 1);
- if(!real_path) {
- free(working_path);
- return CURLE_OUT_OF_MEMORY;
- }
- /* It is referenced to the home directory, so strip the
- leading '/' */
- memcpy(real_path, homedir, homelen);
- real_path[homelen] = '/';
- real_path[homelen + 1] = '\0';
- if(working_path_len > 3) {
- memcpy(real_path + homelen + 1, working_path + 3,
- 1 + working_path_len -3);
- }
+ else if((data->conn->handler->protocol & CURLPROTO_SFTP) &&
+ (working_path_len > 2) && !memcmp(working_path, "/~/", 3)) {
+ size_t len;
+ const char *p;
+ int copyfrom = 3;
+ if(Curl_dyn_add(&npath, homedir)) {
+ free(working_path);
+ return CURLE_OUT_OF_MEMORY;
}
- else {
- real_path = malloc(working_path_len + 1);
- if(!real_path) {
- free(working_path);
- return CURLE_OUT_OF_MEMORY;
- }
- memcpy(real_path, working_path, 1 + working_path_len);
+ /* Copy a separating '/' if homedir does not end with one */
+ len = Curl_dyn_len(&npath);
+ p = Curl_dyn_ptr(&npath);
+ if(len && (p[len-1] != '/'))
+ copyfrom = 2;
+
+ if(Curl_dyn_addn(&npath,
+ &working_path[copyfrom], working_path_len - copyfrom)) {
+ free(working_path);
+ return CURLE_OUT_OF_MEMORY;
}
}
- free(working_path);
-
- /* store the pointer for the caller to receive */
- *path = real_path;
+ if(Curl_dyn_len(&npath)) {
+ free(working_path);
+
+ /* store the pointer for the caller to receive */
+ *path = Curl_dyn_ptr(&npath);
+ }
+ else
+ *path = working_path
return CURLE_OK;
}
--
2.34.1

6
SPECS/cmake/cmake.spec
Просмотреть файл

@ -2,7 +2,7 @@
Summary: Cmake
Name: cmake
Version: 3.21.4
Release: 11%{?dist}
Release: 12%{?dist}
License: BSD AND LGPLv2+
Vendor: Microsoft Corporation
Distribution: Mariner
@ -21,6 +21,7 @@ Patch6: CVE-2023-38545.patch
Patch7: CVE-2023-38546.patch
Patch8: cve-2023-44487.patch
Patch9: CVE-2023-28320.patch
Patch10: CVE-2023-27534.patch
BuildRequires: bzip2
BuildRequires: bzip2-devel
BuildRequires: curl
@ -86,6 +87,9 @@ bin/ctest --force-new-ctest-process --rerun-failed --output-on-failure
%{_prefix}/doc/%{name}-*/*
%changelog
* Wed Sep 18 2024 Suresh Thelkar <sthelkar@microsoft.com> - 3.21.4-12
- Patch CVE-2023-27534
* Fri Jul 26 2024 Zhichun Wan <zhichunwan@microsoft.com> - 3.21.4-11
- Patch CVE-2023-28320.patch

4
toolkit/resources/manifests/package/toolchain_aarch64.txt
Просмотреть файл

@ -30,8 +30,8 @@ check-debuginfo-0.15.2-1.cm2.aarch64.rpm
chkconfig-1.20-4.cm2.aarch64.rpm
chkconfig-debuginfo-1.20-4.cm2.aarch64.rpm
chkconfig-lang-1.20-4.cm2.aarch64.rpm
cmake-3.21.4-11.cm2.aarch64.rpm
cmake-debuginfo-3.21.4-11.cm2.aarch64.rpm
cmake-3.21.4-12.cm2.aarch64.rpm
cmake-debuginfo-3.21.4-12.cm2.aarch64.rpm
coreutils-8.32-7.cm2.aarch64.rpm
coreutils-debuginfo-8.32-7.cm2.aarch64.rpm
coreutils-lang-8.32-7.cm2.aarch64.rpm

4
toolkit/resources/manifests/package/toolchain_x86_64.txt
Просмотреть файл

@ -31,8 +31,8 @@ check-debuginfo-0.15.2-1.cm2.x86_64.rpm
chkconfig-1.20-4.cm2.x86_64.rpm
chkconfig-debuginfo-1.20-4.cm2.x86_64.rpm
chkconfig-lang-1.20-4.cm2.x86_64.rpm
cmake-3.21.4-11.cm2.x86_64.rpm
cmake-debuginfo-3.21.4-11.cm2.x86_64.rpm
cmake-3.21.4-12.cm2.x86_64.rpm
cmake-debuginfo-3.21.4-12.cm2.x86_64.rpm
coreutils-8.32-7.cm2.x86_64.rpm
coreutils-debuginfo-8.32-7.cm2.x86_64.rpm
coreutils-lang-8.32-7.cm2.x86_64.rpm