diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2017-08-11 08:59:36 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2017-08-14 11:03:25 +0200 |
commit | 4a60b4d3583938cdd36c82d763ac5167d7720079 (patch) | |
tree | 79dc54a9e0abfe065b3d131eb14f82078f8adf4c | |
parent | f32755ccd03c74ba9c57c503d84621a17986b9a0 (diff) |
main/curl: security upgrade to 7.55.0
-rw-r--r-- | main/curl/0001-vtls-s-SSLEAY-OPENSSL.patch | 39 | ||||
-rw-r--r-- | main/curl/APKBUILD | 39 | ||||
-rw-r--r-- | main/curl/CVE-2017-2629.patch | 42 | ||||
-rw-r--r-- | main/curl/CVE-2017-7407.patch | 110 | ||||
-rw-r--r-- | main/curl/CVE-2017-7468.patch | 264 | ||||
-rw-r--r-- | main/curl/curl-do-bounds-check-using-a-double-comparison.patch | 32 |
6 files changed, 45 insertions, 481 deletions
diff --git a/main/curl/0001-vtls-s-SSLEAY-OPENSSL.patch b/main/curl/0001-vtls-s-SSLEAY-OPENSSL.patch deleted file mode 100644 index 9cff3d73382..00000000000 --- a/main/curl/0001-vtls-s-SSLEAY-OPENSSL.patch +++ /dev/null @@ -1,39 +0,0 @@ -From a7b38c9dc98481e4a5fc37e51a8690337c674dfb Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg <daniel@haxx.se> -Date: Mon, 26 Dec 2016 00:06:33 +0100 -Subject: [PATCH] vtls: s/SSLEAY/OPENSSL - -Fixed an old leftover use of the USE_SSLEAY define which would make a -socket get removed from the applications sockets to monitor when the -multi_socket API was used, leading to timeouts. - -Bug: #1174 ---- - lib/vtls/vtls.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c -index b808e1c5fef8..707f24b02373 100644 ---- a/lib/vtls/vtls.c -+++ b/lib/vtls/vtls.c -@@ -484,7 +484,7 @@ void Curl_ssl_close_all(struct Curl_easy *data) - curlssl_close_all(data); - } - --#if defined(USE_SSLEAY) || defined(USE_GNUTLS) || defined(USE_SCHANNEL) || \ -+#if defined(USE_OPENSSL) || defined(USE_GNUTLS) || defined(USE_SCHANNEL) || \ - defined(USE_DARWINSSL) || defined(USE_NSS) - /* This function is for OpenSSL, GnuTLS, darwinssl, and schannel only. */ - int Curl_ssl_getsock(struct connectdata *conn, curl_socket_t *socks, -@@ -518,7 +518,7 @@ int Curl_ssl_getsock(struct connectdata *conn, - (void)numsocks; - return GETSOCK_BLANK; - } --/* USE_SSLEAY || USE_GNUTLS || USE_SCHANNEL || USE_DARWINSSL || USE_NSS */ -+/* USE_OPENSSL || USE_GNUTLS || USE_SCHANNEL || USE_DARWINSSL || USE_NSS */ - #endif - - void Curl_ssl_close(struct connectdata *conn, int sockindex) --- -2.8.3 - diff --git a/main/curl/APKBUILD b/main/curl/APKBUILD index 4d0a237dccc..5708d411ed8 100644 --- a/main/curl/APKBUILD +++ b/main/curl/APKBUILD @@ -3,8 +3,8 @@ # Contributor: Ćukasz Jendrysik <scadu@yandex.com> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=curl -pkgver=7.52.1 -pkgrel=2 +pkgver=7.55.0 +pkgrel=0 pkgdesc="An URL retrival utility and library" url="http://curl.haxx.se" arch="all" @@ -13,14 +13,15 @@ depends="ca-certificates" depends_dev="zlib-dev openssl-dev libssh2-dev" makedepends="$depends_dev groff perl" source="http://curl.haxx.se/download/$pkgname-$pkgver.tar.bz2 - 0001-vtls-s-SSLEAY-OPENSSL.patch - CVE-2017-2629.patch - CVE-2017-7407.patch - CVE-2017-7468.patch + curl-do-bounds-check-using-a-double-comparison.patch " subpackages="$pkgname-doc $pkgname-dev libcurl" # secfixes: +# 7.55.0-r0: +# - CVE-2017-1000099 +# - CVE-2017-1000100 +# - CVE-2017-1000101 # 7.52.1-r2: # - CVE-2017-7468 # - CVE-2017-7407 @@ -62,13 +63,12 @@ prepare() { done } -prepare() { - cd "$builddir" - default_prepare || return 1 -} - build() { cd "$_builddir" + + # see https://curl.haxx.se/mail/lib-2017-08/0050.html + rm docs/libcurl/opts/CURLOPT_STRIP_PATH_SLASH.3 + ./configure \ --build=$CBUILD \ --host=$CHOST \ @@ -95,18 +95,5 @@ libcurl() { mv "$pkgdir"/usr/lib "$subpkgdir"/usr } -md5sums="dd014df06ff1d12e173de86873f9f77a curl-7.52.1.tar.bz2 -22bff656c24c85df60e745f2c0847905 0001-vtls-s-SSLEAY-OPENSSL.patch -d2809e105e897b106428909a2e08bd2b CVE-2017-2629.patch -50cc3a2d1577fc0876aa6baf04a679ff CVE-2017-7407.patch -0e80ef6bc62f62a0d0fd23a03dc54089 CVE-2017-7468.patch" -sha256sums="d16185a767cb2c1ba3d5b9096ec54e5ec198b213f45864a38b3bda4bbf87389b curl-7.52.1.tar.bz2 -c28962b414caba7d4a097081c276dd108a8406d63da09177dcc0aa5eaf2cdffa 0001-vtls-s-SSLEAY-OPENSSL.patch -33b55a4e4e88c8589e50fa377cad599df80a6841386f8e872d8eff8c8a970585 CVE-2017-2629.patch -a10711694c64ce77b9528d3b5bfefbf0e4083d1046d7c84952f5728bf431ecc0 CVE-2017-7407.patch -9438f2ee4d9542e492bc31ca1e667c7c4dc534e2503f5d8115b0283e75376f40 CVE-2017-7468.patch" -sha512sums="cf36563c77d096f2c6084354ed6d45ccca7c557828ceab21204e4e8be0d4f0d287839c8cfac906174b86d51a1ee816c2769fc78ef88f039c9645bd2c27982a75 curl-7.52.1.tar.bz2 -9c18a692ddbc6fcdae84f1c496905b5f1d2fb76458f8f6ea29ba9ecede53dc5c210e8691b07d0ab56832074e529fd2670ae1301e2cd6693d50bd55ef0e331565 0001-vtls-s-SSLEAY-OPENSSL.patch -94b3419b4366f1c404d2f2634485e05d45c9e2ad3bed4a7eba53c17253373ce9b848fc6123b55561f8dac471ab0b2a77f12e22dba8bee9a11d5c531f22fb4b18 CVE-2017-2629.patch -f156c791a8439a4314555ca06c5ee3a23fae77d87d32a19df3c57ea605f9284b66f4a5dcaa5d2c598e93e69bb16c0e51a930c5b39fc8034b517d7b428cdaaf8d CVE-2017-7407.patch -9e620bac1b92d452992df1388c3b93228bcd6db490bc9f0c93480468a9189c85f20b31f27ec1c79e63cd5ee127c40c416542f4b02ed21af490d2938dcd9215b5 CVE-2017-7468.patch" +sha512sums="4975864621219e937585aaf5a9a54bba112b58bbf5a8acd92e1e972ea747a15a5564143548c5d8930b8c0d0e9d27d28225d0c81e52a1ba71e4c6f9e3859c978b curl-7.55.0.tar.bz2 +d0f102fdbc2174169b2fea9248c3187d8c546d3a788447769dceec5fb7e063adbebbc967b88d208af1355cfda600f837abdae6d2e057a096eededc1857d2b8d3 curl-do-bounds-check-using-a-double-comparison.patch" diff --git a/main/curl/CVE-2017-2629.patch b/main/curl/CVE-2017-2629.patch deleted file mode 100644 index 1682d167ed7..00000000000 --- a/main/curl/CVE-2017-2629.patch +++ /dev/null @@ -1,42 +0,0 @@ -From a00a42b4abe8363a46071bb3b43b1b7138f5259b Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg <daniel@haxx.se> -Date: Sun, 22 Jan 2017 18:11:55 +0100 -Subject: [PATCH] TLS: make SSL_VERIFYSTATUS work again - -The CURLOPT_SSL_VERIFYSTATUS option was not properly handled by libcurl -and thus even if the status couldn't be verified, the connection would -be allowed and the user would not be told about the failed verification. - -Regression since cb4e2be7c6d42ca - -CVE-2017-2629 -Bug: https://curl.haxx.se/docs/adv_20170222.html - -Reported-by: Marcus Hoffmann ---- - lib/url.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/lib/url.c b/lib/url.c -index 8d1c0cc7f..7a2274d50 100644 ---- a/lib/url.c -+++ b/lib/url.c -@@ -4169,12 +4169,15 @@ static struct connectdata *allocate_conn(struct Curl_easy *data) - - conn->bits.user_passwd = (data->set.str[STRING_USERNAME]) ? TRUE : FALSE; - conn->bits.ftp_use_epsv = data->set.ftp_use_epsv; - conn->bits.ftp_use_eprt = data->set.ftp_use_eprt; - -+ conn->ssl_config.verifystatus = data->set.ssl.primary.verifystatus; - conn->ssl_config.verifypeer = data->set.ssl.primary.verifypeer; - conn->ssl_config.verifyhost = data->set.ssl.primary.verifyhost; -+ conn->proxy_ssl_config.verifystatus = -+ data->set.proxy_ssl.primary.verifystatus; - conn->proxy_ssl_config.verifypeer = data->set.proxy_ssl.primary.verifypeer; - conn->proxy_ssl_config.verifyhost = data->set.proxy_ssl.primary.verifyhost; - - conn->ip_version = data->set.ipver; - --- -2.11.0 - diff --git a/main/curl/CVE-2017-7407.patch b/main/curl/CVE-2017-7407.patch deleted file mode 100644 index b82df43ee81..00000000000 --- a/main/curl/CVE-2017-7407.patch +++ /dev/null @@ -1,110 +0,0 @@ -From 1890d59905414ab84a35892b2e45833654aa5c13 Mon Sep 17 00:00:00 2001 -From: Dan Fandrich <dan@coneharvesters.com> -Date: Sat, 11 Mar 2017 10:59:34 +0100 -Subject: [PATCH] tool_writeout: fixed a buffer read overrun on --write-out - -If a % ended the statement, the string's trailing NUL would be skipped -and memory past the end of the buffer would be accessed and potentially -displayed as part of the --write-out output. Added tests 1440 and 1441 -to check for this kind of condition. - -Reported-by: Brian Carpenter ---- - src/tool_writeout.c | 2 +- - tests/data/Makefile.inc | 2 +- - tests/data/test1440 | 31 +++++++++++++++++++++++++++++++ - tests/data/test1441 | 31 +++++++++++++++++++++++++++++++ - 4 files changed, 64 insertions(+), 2 deletions(-) - create mode 100644 tests/data/test1440 - create mode 100644 tests/data/test1441 - ---- a/src/tool_writeout.c -+++ b/src/tool_writeout.c -@@ -113,7 +113,7 @@ - double doubleinfo; - - while(ptr && *ptr) { -- if('%' == *ptr) { -+ if('%' == *ptr && ptr[1]) { - if('%' == ptr[1]) { - /* an escaped %-letter */ - fputc('%', stream); ---- a/tests/data/Makefile.inc -+++ b/tests/data/Makefile.inc -@@ -150,7 +150,7 @@ - test1416 test1417 test1418 test1419 test1420 test1421 test1422 test1423 \ - test1424 \ - test1428 test1429 test1430 test1431 test1432 test1433 test1434 test1435 \ --test1436 test1437 test1438 test1439 \ -+test1436 test1437 test1438 test1439 test1440 test1441 \ - \ - test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 \ - test1508 test1509 test1510 test1511 test1512 test1513 test1514 test1515 \ ---- /dev/null -+++ b/tests/data/test1440 -@@ -0,0 +1,31 @@ -+<testcase> -+<info> -+<keywords> -+--write-out -+</keywords> -+</info> -+# Server-side -+<reply> -+</reply> -+ -+# Client-side -+<client> -+<server> -+file -+</server> -+ -+<name> -+Check --write-out with trailing %{ -+</name> -+<command> -+file://localhost/%PWD/log/ --write-out '%{' -+</command> -+</client> -+ -+# Verify data -+<verify> -+<stdout nonewline="yes"> -+%{ -+</stdout> -+</verify> -+</testcase> ---- /dev/null -+++ b/tests/data/test1441 -@@ -0,0 +1,31 @@ -+<testcase> -+<info> -+<keywords> -+--write-out -+</keywords> -+</info> -+# Server-side -+<reply> -+</reply> -+ -+# Client-side -+<client> -+<server> -+file -+</server> -+ -+<name> -+Check --write-out with trailing % -+</name> -+<command> -+file://localhost/%PWD/log/ --write-out '%' -+</command> -+</client> -+ -+# Verify data -+<verify> -+<stdout nonewline="yes"> -+% -+</stdout> -+</verify> -+</testcase> diff --git a/main/curl/CVE-2017-7468.patch b/main/curl/CVE-2017-7468.patch deleted file mode 100644 index 3135ec3fe5e..00000000000 --- a/main/curl/CVE-2017-7468.patch +++ /dev/null @@ -1,264 +0,0 @@ -From 8166b637bce299f4ac64d371c20cd5afea72c364 Mon Sep 17 00:00:00 2001 -From: Jay Satiro <raysatiro@yahoo.com> -Date: Wed, 22 Mar 2017 01:59:49 -0400 -Subject: [PATCH] TLS: Fix switching off SSL session id when client cert is - used - -- Move the sessionid flag to ssl_primary_config so that ssl and - proxy_ssl will each have their own sessionid flag. - -Regression since HTTPS-Proxy support was added in cb4e2be. Prior to that -this issue had been fixed in 247d890, CVE-2016-5419. - -Bug: https://github.com/curl/curl/issues/1341 -Reported-by: lijian996@users.noreply.github.com ---- - lib/url.c | 5 +++-- - lib/urldata.h | 2 +- - lib/vtls/axtls.c | 4 ++-- - lib/vtls/cyassl.c | 4 ++-- - lib/vtls/darwinssl.c | 2 +- - lib/vtls/gtls.c | 4 ++-- - lib/vtls/mbedtls.c | 4 ++-- - lib/vtls/nss.c | 2 +- - lib/vtls/openssl.c | 4 ++-- - lib/vtls/polarssl.c | 4 ++-- - lib/vtls/schannel.c | 4 ++-- - lib/vtls/vtls.c | 9 ++++++--- - 12 files changed, 26 insertions(+), 22 deletions(-) - ---- a/lib/url.c -+++ b/lib/url.c -@@ -548,7 +548,7 @@ - #endif - set->ssh_auth_types = CURLSSH_AUTH_DEFAULT; /* defaults to any auth - type */ -- set->general_ssl.sessionid = TRUE; /* session ID caching enabled by -+ set->ssl.primary.sessionid = TRUE; /* session ID caching enabled by - default */ - set->proxy_ssl = set->ssl; - -@@ -2470,8 +2470,9 @@ - break; - - case CURLOPT_SSL_SESSIONID_CACHE: -- data->set.general_ssl.sessionid = (0 != va_arg(param, long)) ? -+ data->set.ssl.primary.sessionid = (0 != va_arg(param, long)) ? - TRUE : FALSE; -+ data->set.proxy_ssl.primary.sessionid = data->set.ssl.primary.sessionid; - break; - - #ifdef USE_LIBSSH2 ---- a/lib/urldata.h -+++ b/lib/urldata.h -@@ -354,6 +354,7 @@ - char *random_file; /* path to file containing "random" data */ - char *egdsocket; /* path to file containing the EGD daemon socket */ - char *cipher_list; /* list of ciphers to use */ -+ bool sessionid; /* cache session IDs or not */ - }; - - struct ssl_config_data { -@@ -383,7 +384,6 @@ - }; - - struct ssl_general_config { -- bool sessionid; /* cache session IDs or not */ - size_t max_ssl_sessions; /* SSL session id cache size */ - }; - ---- a/lib/vtls/axtls.c -+++ b/lib/vtls/axtls.c -@@ -256,7 +256,7 @@ - * 2) setting up callbacks. these seem gnutls specific - */ - -- if(data->set.general_ssl.sessionid) { -+ if(SSL_SET_OPTION(primary.sessionid)) { - const uint8_t *ssl_sessionid; - size_t ssl_idsize; - -@@ -386,7 +386,7 @@ - conn->send[sockindex] = axtls_send; - - /* Put our freshly minted SSL session in cache */ -- if(data->set.general_ssl.sessionid) { -+ if(SSL_SET_OPTION(primary.sessionid)) { - const uint8_t *ssl_sessionid = ssl_get_session_id_size(ssl); - size_t ssl_idsize = ssl_get_session_id(ssl); - Curl_ssl_sessionid_lock(conn); ---- a/lib/vtls/cyassl.c -+++ b/lib/vtls/cyassl.c -@@ -383,7 +383,7 @@ - #endif /* HAVE_ALPN */ - - /* Check if there's a cached ID we can/should use here! */ -- if(data->set.general_ssl.sessionid) { -+ if(SSL_SET_OPTION(primary.sessionid)) { - void *ssl_sessionid = NULL; - - Curl_ssl_sessionid_lock(conn); -@@ -597,7 +597,7 @@ - - DEBUGASSERT(ssl_connect_3 == connssl->connecting_state); - -- if(data->set.general_ssl.sessionid) { -+ if(SSL_SET_OPTION(primary.sessionid)) { - bool incache; - SSL_SESSION *our_ssl_sessionid; - void *old_ssl_sessionid = NULL; ---- a/lib/vtls/darwinssl.c -+++ b/lib/vtls/darwinssl.c -@@ -1541,7 +1541,7 @@ - #endif /* CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7 */ - - /* Check if there's a cached ID we can/should use here! */ -- if(data->set.general_ssl.sessionid) { -+ if(SSL_SET_OPTION(primary.sessionid)) { - char *ssl_sessionid; - size_t ssl_sessionid_len; - ---- a/lib/vtls/gtls.c -+++ b/lib/vtls/gtls.c -@@ -782,7 +782,7 @@ - - /* This might be a reconnect, so we check for a session ID in the cache - to speed up things */ -- if(data->set.general_ssl.sessionid) { -+ if(SSL_SET_OPTION(primary.sessionid)) { - void *ssl_sessionid; - size_t ssl_idsize; - -@@ -1311,7 +1311,7 @@ - conn->recv[sockindex] = gtls_recv; - conn->send[sockindex] = gtls_send; - -- if(data->set.general_ssl.sessionid) { -+ if(SSL_SET_OPTION(primary.sessionid)) { - /* we always unconditionally get the session id here, as even if we - already got it from the cache and asked to use it in the connection, it - might've been rejected and then a new one is in use now and we need to ---- a/lib/vtls/mbedtls.c -+++ b/lib/vtls/mbedtls.c -@@ -374,7 +374,7 @@ - mbedtls_ssl_list_ciphersuites()); - - /* Check if there's a cached ID we can/should use here! */ -- if(data->set.general_ssl.sessionid) { -+ if(SSL_SET_OPTION(primary.sessionid)) { - void *old_session = NULL; - - Curl_ssl_sessionid_lock(conn); -@@ -618,7 +618,7 @@ - - DEBUGASSERT(ssl_connect_3 == connssl->connecting_state); - -- if(data->set.general_ssl.sessionid) { -+ if(SSL_SET_OPTION(primary.sessionid)) { - int ret; - mbedtls_ssl_session *our_ssl_sessionid; - void *old_ssl_sessionid = NULL; ---- a/lib/vtls/nss.c -+++ b/lib/vtls/nss.c -@@ -1696,7 +1696,7 @@ - goto error; - - /* do not use SSL cache if disabled or we are not going to verify peer */ -- ssl_no_cache = (data->set.general_ssl.sessionid -+ ssl_no_cache = (SSL_SET_OPTION(primary.sessionid) - && SSL_CONN_CONFIG(verifypeer)) ? PR_FALSE : PR_TRUE; - if(SSL_OptionSet(model, SSL_NO_CACHE, ssl_no_cache) != SECSuccess) - goto error; ---- a/lib/vtls/openssl.c -+++ b/lib/vtls/openssl.c -@@ -2161,7 +2161,7 @@ - #endif - - /* Check if there's a cached ID we can/should use here! */ -- if(data->set.general_ssl.sessionid) { -+ if(SSL_SET_OPTION(primary.sessionid)) { - void *ssl_sessionid = NULL; - - Curl_ssl_sessionid_lock(conn); -@@ -2915,7 +2915,7 @@ - - DEBUGASSERT(ssl_connect_3 == connssl->connecting_state); - -- if(data->set.general_ssl.sessionid) { -+ if(SSL_SET_OPTION(primary.sessionid)) { - bool incache; - SSL_SESSION *our_ssl_sessionid; - void *old_ssl_sessionid = NULL; ---- a/lib/vtls/polarssl.c -+++ b/lib/vtls/polarssl.c -@@ -327,7 +327,7 @@ - ssl_set_ciphersuites(&connssl->ssl, ssl_list_ciphersuites()); - - /* Check if there's a cached ID we can/should use here! */ -- if(data->set.general_ssl.sessionid) { -+ if(SSL_SET_OPTION(primary.sessionid)) { - void *old_session = NULL; - - Curl_ssl_sessionid_lock(conn); -@@ -555,7 +555,7 @@ - - DEBUGASSERT(ssl_connect_3 == connssl->connecting_state); - -- if(data->set.general_ssl.sessionid) { -+ if(SSL_SET_OPTION(primary.sessionid)) { - int ret; - ssl_session *our_ssl_sessionid; - void *old_ssl_sessionid = NULL; ---- a/lib/vtls/schannel.c -+++ b/lib/vtls/schannel.c -@@ -145,7 +145,7 @@ - connssl->cred = NULL; - - /* check for an existing re-usable credential handle */ -- if(data->set.general_ssl.sessionid) { -+ if(SSL_SET_OPTION(primary.sessionid)) { - Curl_ssl_sessionid_lock(conn); - if(!Curl_ssl_getsessionid(conn, (void **)&old_cred, NULL, sockindex)) { - connssl->cred = old_cred; -@@ -714,7 +714,7 @@ - #endif - - /* save the current session data for possible re-use */ -- if(data->set.general_ssl.sessionid) { -+ if(SSL_SET_OPTION(primary.sessionid)) { - bool incache; - struct curl_schannel_cred *old_cred = NULL; - ---- a/lib/vtls/vtls.c -+++ b/lib/vtls/vtls.c -@@ -120,6 +120,9 @@ - CLONE_STRING(egdsocket); - CLONE_STRING(random_file); - CLONE_STRING(clientcert); -+ -+ /* Disable dest sessionid cache if a client cert is used, CVE-2016-5419. */ -+ dest->sessionid = (dest->clientcert ? false : source->sessionid); - return TRUE; - } - -@@ -293,9 +296,9 @@ - int port = isProxy ? (int)conn->port : conn->remote_port; - *ssl_sessionid = NULL; - -- DEBUGASSERT(data->set.general_ssl.sessionid); -+ DEBUGASSERT(SSL_SET_OPTION(primary.sessionid)); - -- if(!data->set.general_ssl.sessionid) -+ if(!SSL_SET_OPTION(primary.sessionid)) - /* session ID re-use is disabled */ - return TRUE; - -@@ -397,7 +400,7 @@ - &conn->proxy_ssl_config : - &conn->ssl_config; - -- DEBUGASSERT(data->set.general_ssl.sessionid); -+ DEBUGASSERT(SSL_SET_OPTION(primary.sessionid)); - - clone_host = strdup(isProxy ? conn->http_proxy.host.name : conn->host.name); - if(!clone_host) diff --git a/main/curl/curl-do-bounds-check-using-a-double-comparison.patch b/main/curl/curl-do-bounds-check-using-a-double-comparison.patch new file mode 100644 index 00000000000..34e2b6c7170 --- /dev/null +++ b/main/curl/curl-do-bounds-check-using-a-double-comparison.patch @@ -0,0 +1,32 @@ +From 45a560390c4356bcb81d933bbbb229c8ea2acb63 Mon Sep 17 00:00:00 2001 +From: Adam Sampson <ats@offog.org> +Date: Wed, 9 Aug 2017 14:11:17 +0100 +Subject: [PATCH] curl: do bounds check using a double comparison + +The fix for this in 8661a0aacc01492e0436275ff36a21734f2541bb wasn't +complete: if the parsed number in num is larger than will fit in a long, +the conversion is undefined behaviour (causing test1427 to fail for me +on IA32 with GCC 7.1, although it passes on AMD64 and ARMv7). Getting +rid of the cast means the comparison will be done using doubles. + +It might make more sense for the max argument to also be a double... + +Fixes #1750 +Closes #1749 +--- + src/tool_paramhlp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/tool_paramhlp.c b/src/tool_paramhlp.c +index b9dedc989e..85c5e79a7e 100644 +--- a/src/tool_paramhlp.c ++++ b/src/tool_paramhlp.c +@@ -218,7 +218,7 @@ static ParameterError str2double(double *val, const char *str, long max) + num = strtod(str, &endptr); + if(errno == ERANGE) + return PARAM_NUMBER_TOO_LARGE; +- if((long)num > max) { ++ if(num > max) { + /* too large */ + return PARAM_NUMBER_TOO_LARGE; + } |