126 строки
4.4 KiB
Diff
126 строки
4.4 KiB
Diff
From 4568e746d25e15039b9b4f70a3f8cfcda2aaa241 Mon Sep 17 00:00:00 2001
|
|
From: mbykhovtsev-ms <mbykhovtsev@microsoft.com>
|
|
Date: Tue, 10 Oct 2023 14:18:30 -0700
|
|
Subject: [PATCH] fix CVE-2023-38546
|
|
|
|
---
|
|
Utilities/cmcurl/lib/cookie.c | 13 +------------
|
|
Utilities/cmcurl/lib/cookie.h | 10 ++++------
|
|
Utilities/cmcurl/lib/easy.c | 6 ++----
|
|
3 files changed, 7 insertions(+), 22 deletions(-)
|
|
|
|
diff --git a/Utilities/cmcurl/lib/cookie.c b/Utilities/cmcurl/lib/cookie.c
|
|
index 941623f9..77883351 100644
|
|
--- a/Utilities/cmcurl/lib/cookie.c
|
|
+++ b/Utilities/cmcurl/lib/cookie.c
|
|
@@ -116,7 +116,6 @@ static void freecookie(struct Cookie *co)
|
|
free(co->name);
|
|
free(co->value);
|
|
free(co->maxage);
|
|
- free(co->version);
|
|
free(co);
|
|
}
|
|
|
|
@@ -670,11 +669,7 @@ Curl_cookie_add(struct Curl_easy *data,
|
|
}
|
|
}
|
|
else if(strcasecompare("version", name)) {
|
|
- strstore(&co->version, whatptr);
|
|
- if(!co->version) {
|
|
- badcookie = TRUE;
|
|
- break;
|
|
- }
|
|
+ /* just ignore */
|
|
}
|
|
else if(strcasecompare("max-age", name)) {
|
|
/*
|
|
@@ -1095,7 +1090,6 @@ Curl_cookie_add(struct Curl_easy *data,
|
|
free(clist->path);
|
|
free(clist->spath);
|
|
free(clist->expirestr);
|
|
- free(clist->version);
|
|
free(clist->maxage);
|
|
|
|
*clist = *co; /* then store all the new data */
|
|
@@ -1166,9 +1160,6 @@ struct CookieInfo *Curl_cookie_init(struct Curl_easy *data,
|
|
c = calloc(1, sizeof(struct CookieInfo));
|
|
if(!c)
|
|
return NULL; /* failed to get memory */
|
|
- c->filename = strdup(file?file:"none"); /* copy the name just in case */
|
|
- if(!c->filename)
|
|
- goto fail; /* failed to get memory */
|
|
}
|
|
else {
|
|
/* we got an already existing one, use that */
|
|
@@ -1313,7 +1304,6 @@ static struct Cookie *dup_cookie(struct Cookie *src)
|
|
CLONE(name);
|
|
CLONE(value);
|
|
CLONE(maxage);
|
|
- CLONE(version);
|
|
d->expires = src->expires;
|
|
d->tailmatch = src->tailmatch;
|
|
d->secure = src->secure;
|
|
@@ -1523,7 +1513,6 @@ void Curl_cookie_cleanup(struct CookieInfo *c)
|
|
{
|
|
if(c) {
|
|
unsigned int i;
|
|
- free(c->filename);
|
|
for(i = 0; i < COOKIE_HASH_SIZE; i++)
|
|
Curl_cookie_freelist(c->cookies[i]);
|
|
free(c); /* free the base struct as well */
|
|
diff --git a/Utilities/cmcurl/lib/cookie.h b/Utilities/cmcurl/lib/cookie.h
|
|
index 460bbb10..33a0e23d 100644
|
|
--- a/Utilities/cmcurl/lib/cookie.h
|
|
+++ b/Utilities/cmcurl/lib/cookie.h
|
|
@@ -35,8 +35,6 @@ struct Cookie {
|
|
curl_off_t expires; /* expires = <this> */
|
|
char *expirestr; /* the plain text version */
|
|
|
|
- /* RFC 2109 keywords. Version=1 means 2109-compliant cookie sending */
|
|
- char *version; /* Version = <value> */
|
|
char *maxage; /* Max-Age = <value> */
|
|
|
|
bool tailmatch; /* whether we do tail-matching of the domain name */
|
|
@@ -54,17 +52,17 @@ struct Cookie {
|
|
#define COOKIE_PREFIX__SECURE (1<<0)
|
|
#define COOKIE_PREFIX__HOST (1<<1)
|
|
|
|
-#define COOKIE_HASH_SIZE 256
|
|
+#define COOKIE_HASH_SIZE 63
|
|
|
|
struct CookieInfo {
|
|
/* linked list of cookies we know of */
|
|
struct Cookie *cookies[COOKIE_HASH_SIZE];
|
|
|
|
- char *filename; /* file we read from/write to */
|
|
- long numcookies; /* number of cookies in the "jar" */
|
|
+ curl_off_t next_expiration; /* the next time at which expiration happens */
|
|
+ int numcookies; /* number of cookies in the "jar" */
|
|
+ int lastct; /* last creation-time used in the jar */
|
|
bool running; /* state info, for cookie adding information */
|
|
bool newsession; /* new session, discard session cookies on load */
|
|
- int lastct; /* last creation-time used in the jar */
|
|
};
|
|
|
|
/* This is the maximum line length we accept for a cookie line. RFC 2109
|
|
diff --git a/Utilities/cmcurl/lib/easy.c b/Utilities/cmcurl/lib/easy.c
|
|
index 530b7c73..1303b61a 100644
|
|
--- a/Utilities/cmcurl/lib/easy.c
|
|
+++ b/Utilities/cmcurl/lib/easy.c
|
|
@@ -848,10 +848,8 @@ struct Curl_easy *curl_easy_duphandle(struct Curl_easy *data)
|
|
if(data->cookies) {
|
|
/* If cookies are enabled in the parent handle, we enable them
|
|
in the clone as well! */
|
|
- outcurl->cookies = Curl_cookie_init(data,
|
|
- data->cookies->filename,
|
|
- outcurl->cookies,
|
|
- data->set.cookiesession);
|
|
+ outcurl->cookies = Curl_cookie_init(data, NULL, outcurl->cookies,
|
|
+ data->set.cookiesession);
|
|
if(!outcurl->cookies)
|
|
goto fail;
|
|
}
|
|
--
|
|
2.25.1
|
|
|