main/curl: fix CVE-2020-8231

author: Leo <thinkabit.ukim@gmail.com> 2020-12-09 18:22:03 -0300
committer: Leo <thinkabit.ukim@gmail.com> 2020-12-09 18:36:35 -0300
commit: 4c3ef8b6f18d91744604cc74b666cffb224b24cd (patch)
tree: 27cf04e6b7f7d5ad731d49252150698f7be734b6
parent: 7ba7650582b38f2f6397ec3dd2fe8eb4235906f3 (diff)
download: aports-4c3ef8b6f18d91744604cc74b666cffb224b24cd.tar.gz
aports-4c3ef8b6f18d91744604cc74b666cffb224b24cd.tar.bz2
aports-4c3ef8b6f18d91744604cc74b666cffb224b24cd.tar.xz
2 files changed, 129 insertions, 2 deletions
diff --git a/main/curl/APKBUILD b/main/curl/APKBUILD
index 8af79f2f03..3431a71ebf 100644
--- a/main/curl/APKBUILD
+++ b/main/curl/APKBUILD
@@ -4,7 +4,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=curl
 pkgver=7.64.0
-pkgrel=4
+pkgrel=5
 pkgdesc="URL retrival utility and library"
 url="https://curl.haxx.se"
 arch="all"
@@ -22,11 +22,14 @@ source="https://curl.haxx.se/download/$pkgname-$pkgver.tar.xz
 	CVE-2019-5482.patch
 	CVE-2020-8169.patch
 	CVE-2020-8177.patch
+	CVE-2020-8231.patch
 	"
 options="!check" # sftp tests failing
 builddir="$srcdir/$pkgname-$pkgver"
 
 # secfixes:
+#   7.66.0-r5:
+#     - CVE-2020-8231
 #   7.64.0-r4:
 #     - CVE-2020-8169
 #     - CVE-2020-8177
@@ -139,4 +142,5 @@ c629a1b36920a3f8eab3321b0222e203f53f29e5947d39a0c32e0a7de2d8ab2182c3d6bbb0828847
 37161e4d94cdb1add2216b031f70d7ae84451229dffe48ca9856bb311e88678f0e11baab6bb4da0386ed31e8467aa51fabaf6122f876ef9bc0003638d07f22cf  CVE-2019-5481.patch
 6703658d9212bb87de22fabd996e8f8eb8c98aa4c015b1daa4c1a15f503c4a5530dafbcc1817032d973ef94ac29fe7b8ee16426e443b20d0bcdbe5d7f0209ffb  CVE-2019-5482.patch
 4950975d59bdf8398dd5f4b8338e5f76ae3752247be9054a28753351bcddb46f71a8bd601dba31da1b6b3fbbfbe6192f33a6500144d89f2cfdfb47161e3addba  CVE-2020-8169.patch
-250359963230de2970ab4a56d731312f0772d6f89672b4189e7d6aa8553cb9efd8808221f418a1b7778f7b9e52a45738451aec2d4a0e73e084a748cff1b3d6da  CVE-2020-8177.patch"
+250359963230de2970ab4a56d731312f0772d6f89672b4189e7d6aa8553cb9efd8808221f418a1b7778f7b9e52a45738451aec2d4a0e73e084a748cff1b3d6da  CVE-2020-8177.patch
+d5f4421e5ac6f89220d00fb156c803edbb64679e9064ca8328269eea3582ee7780f77522b5069a1288cc09e968567175c94139249cc337906243c95d0bc3e684  CVE-2020-8231.patch"
diff --git a/main/curl/CVE-2020-8231.patch b/main/curl/CVE-2020-8231.patch
new file mode 100644
index 0000000000..0d6a76d94d
--- /dev/null
+++ b/main/curl/CVE-2020-8231.patch
@@ -0,0 +1,123 @@
+Based on https://github.com/curl/curl/commit/3c9e021f86872baae412a427e807fbfa2f3e8
+
+Didn't apply cleanly, fixed up lib/urldata.h and lib/url.c, ignored 2 changes in lib/multi.c
+that refer to things that do not yet exist in this version of curl
+
+diff --git a/lib/connect.c b/lib/connect.c
+index 0a7475c..b3d4057 100644
+--- a/lib/connect.c
++++ b/lib/connect.c
+@@ -1356,15 +1356,15 @@ CURLcode Curl_connecthost(struct connectdata *conn,  /* context */
+ }
+ 
+ struct connfind {
+-  struct connectdata *tofind;
+-  bool found;
++  long id_tofind;
++  struct connectdata *found;
+ };
+ 
+ static int conn_is_conn(struct connectdata *conn, void *param)
+ {
+   struct connfind *f = (struct connfind *)param;
+-  if(conn == f->tofind) {
+-    f->found = TRUE;
++  if(conn->connection_id == f->id_tofind) {
++    f->found = conn;
+     return 1;
+   }
+   return 0;
+@@ -1386,21 +1386,22 @@ curl_socket_t Curl_getconnectinfo(struct Curl_easy *data,
+    * - that is associated with a multi handle, and whose connection
+    *   was detached with CURLOPT_CONNECT_ONLY
+    */
+-  if(data->state.lastconnect && (data->multi_easy || data->multi)) {
+-    struct connectdata *c = data->state.lastconnect;
++  if((data->state.lastconnect_id != -1) && (data->multi_easy || data->multi)) {
++    struct connectdata *c;
+     struct connfind find;
+-    find.tofind = data->state.lastconnect;
+-    find.found = FALSE;
++    find.id_tofind = data->state.lastconnect_id;
++    find.found = NULL;
+ 
+     Curl_conncache_foreach(data, data->multi_easy?
+                            &data->multi_easy->conn_cache:
+                            &data->multi->conn_cache, &find, conn_is_conn);
+ 
+     if(!find.found) {
+-      data->state.lastconnect = NULL;
++      data->state.lastconnect_id = -1;
+       return CURL_SOCKET_BAD;
+     }
+ 
++    c = find.found;
+     if(connp) {
+       /* only store this if the caller cares for it */
+       *connp = c;
+diff --git a/lib/easy.c b/lib/easy.c
+index b648e80..7b0ea9a 100644
+--- a/lib/easy.c
++++ b/lib/easy.c
+@@ -831,8 +831,7 @@ struct Curl_easy *curl_easy_duphandle(struct Curl_easy *data)
+ 
+   /* the connection cache is setup on demand */
+   outcurl->state.conn_cache = NULL;
+-
+-  outcurl->state.lastconnect = NULL;
++  outcurl->state.lastconnect_id = -1;
+ 
+   outcurl->progress.flags    = data->progress.flags;
+   outcurl->progress.callback = data->progress.callback;
+diff --git a/lib/multi.c b/lib/multi.c
+index e10e752..02687dd 100644
+--- a/lib/multi.c
++++ b/lib/multi.c
+@@ -454,6 +454,7 @@ CURLMcode curl_multi_add_handle(struct Curl_multi *multi,
+     data->state.conn_cache = &data->share->conn_cache;
+   else
+     data->state.conn_cache = &multi->conn_cache;
++  data->state.lastconnect_id = -1;
+ 
+ #ifdef USE_LIBPSL
+   /* Do the same for PSL. */
+@@ -669,11 +670,11 @@ static CURLcode multi_done(struct Curl_easy *data,
+     CONN_UNLOCK(data);
+     if(Curl_conncache_return_conn(data, conn)) {
+       /* remember the most recently used connection */
+-      data->state.lastconnect = conn;
++      data->state.lastconnect_id = conn->connection_id;
+       infof(data, "%s\n", buffer);
+     }
+     else
+-      data->state.lastconnect = NULL;
++      data->state.lastconnect_id = -1;
+   }
+ 
+   Curl_free_request_state(data);
+diff --git a/lib/url.c b/lib/url.c
+index 47fc66a..f0a880f 100644
+--- a/lib/url.c
++++ b/lib/url.c
+@@ -617,7 +617,7 @@ CURLcode Curl_open(struct Curl_easy **curl)
+       Curl_initinfo(data);
+ 
+       /* most recent connection is not yet defined */
+-      data->state.lastconnect = NULL;
++      data->state.lastconnect_id = -1;
+ 
+       data->progress.flags |= PGRS_HIDE;
+       data->state.current_speed = -1; /* init to negative == impossible */
+diff --git a/lib/urldata.h b/lib/urldata.h
+index fbb8b64..6586986 100644
+--- a/lib/urldata.h
++++ b/lib/urldata.h
+@@ -1332,7 +1332,7 @@ struct UrlState {
+   /* buffers to store authentication data in, as parsed from input options */
+   struct curltime keeps_speed; /* for the progress meter really */
+ 
+-  struct connectdata *lastconnect; /* The last connection, NULL if undefined */
++  long lastconnect_id; /* The last connection, -1 if undefined */
+ 
+   char *headerbuff; /* allocated buffer to store headers in */
+   size_t headersize;   /* size of the allocation */
author	Leo <thinkabit.ukim@gmail.com>	2020-12-09 18:22:03 -0300
committer	Leo <thinkabit.ukim@gmail.com>	2020-12-09 18:36:35 -0300
commit	4c3ef8b6f18d91744604cc74b666cffb224b24cd (patch)
tree	27cf04e6b7f7d5ad731d49252150698f7be734b6
parent	7ba7650582b38f2f6397ec3dd2fe8eb4235906f3 (diff)
download	aports-4c3ef8b6f18d91744604cc74b666cffb224b24cd.tar.gz aports-4c3ef8b6f18d91744604cc74b666cffb224b24cd.tar.bz2 aports-4c3ef8b6f18d91744604cc74b666cffb224b24cd.tar.xz