From 35e92aa084da9d26ff24aaeb1a4838f0935a2b5f Mon Sep 17 00:00:00 2001 From: Leo Date: Wed, 9 Dec 2020 18:22:03 -0300 Subject: [PATCH] main/curl: fix CVE-2020-8231 --- main/curl/APKBUILD | 10 ++- main/curl/CVE-2020-8231.patch | 123 ++++++++++++++++++++++++++++++++++ 2 files changed, 130 insertions(+), 3 deletions(-) create mode 100644 main/curl/CVE-2020-8231.patch diff --git a/main/curl/APKBUILD b/main/curl/APKBUILD index adc14c8de54..b66d0f385b9 100644 --- a/main/curl/APKBUILD +++ b/main/curl/APKBUILD @@ -4,7 +4,7 @@ # Maintainer: Natanael Copa pkgname=curl pkgver=7.66.0 -pkgrel=1 +pkgrel=2 pkgdesc="URL retrival utility and library" url="https://curl.haxx.se/" arch="all" @@ -17,9 +17,12 @@ subpackages="$pkgname-dbg $pkgname-static $pkgname-doc $pkgname-dev libcurl" source="https://curl.haxx.se/download/$pkgname-$pkgver.tar.xz CVE-2020-8169.patch CVE-2020-8177.patch + CVE-2020-8231.patch " # secfixes: +# 7.66.0-r2: +# - CVE-2020-8231 # 7.66.0-r1: # - CVE-2020-8169 # - CVE-2020-8177 @@ -94,7 +97,7 @@ prepare() { default_prepare autoreconf -vfi } - + build() { ./configure \ --build=$CBUILD \ @@ -131,4 +134,5 @@ libcurl() { sha512sums="81170e7e4fa9d99ee2038d96d7f2ab10dcf52435331c818c7565c1a733891720f845a08029915e52ba532c6a344c346e1678474624aac1cc333aea6d1eacde35 curl-7.66.0.tar.xz 4950975d59bdf8398dd5f4b8338e5f76ae3752247be9054a28753351bcddb46f71a8bd601dba31da1b6b3fbbfbe6192f33a6500144d89f2cfdfb47161e3addba CVE-2020-8169.patch -964b6bece2d748ac5dca6afe4689341e677b3c0961237485167157567526a898b8371104a7e075cd3c255ead50ea8658d8760d4a2eab4e5de11558372c4d189c CVE-2020-8177.patch" +964b6bece2d748ac5dca6afe4689341e677b3c0961237485167157567526a898b8371104a7e075cd3c255ead50ea8658d8760d4a2eab4e5de11558372c4d189c CVE-2020-8177.patch +d5f4421e5ac6f89220d00fb156c803edbb64679e9064ca8328269eea3582ee7780f77522b5069a1288cc09e968567175c94139249cc337906243c95d0bc3e684 CVE-2020-8231.patch" diff --git a/main/curl/CVE-2020-8231.patch b/main/curl/CVE-2020-8231.patch new file mode 100644 index 00000000000..0d6a76d94d1 --- /dev/null +++ b/main/curl/CVE-2020-8231.patch @@ -0,0 +1,123 @@ +Based on https://github.com/curl/curl/commit/3c9e021f86872baae412a427e807fbfa2f3e8 + +Didn't apply cleanly, fixed up lib/urldata.h and lib/url.c, ignored 2 changes in lib/multi.c +that refer to things that do not yet exist in this version of curl + +diff --git a/lib/connect.c b/lib/connect.c +index 0a7475c..b3d4057 100644 +--- a/lib/connect.c ++++ b/lib/connect.c +@@ -1356,15 +1356,15 @@ CURLcode Curl_connecthost(struct connectdata *conn, /* context */ + } + + struct connfind { +- struct connectdata *tofind; +- bool found; ++ long id_tofind; ++ struct connectdata *found; + }; + + static int conn_is_conn(struct connectdata *conn, void *param) + { + struct connfind *f = (struct connfind *)param; +- if(conn == f->tofind) { +- f->found = TRUE; ++ if(conn->connection_id == f->id_tofind) { ++ f->found = conn; + return 1; + } + return 0; +@@ -1386,21 +1386,22 @@ curl_socket_t Curl_getconnectinfo(struct Curl_easy *data, + * - that is associated with a multi handle, and whose connection + * was detached with CURLOPT_CONNECT_ONLY + */ +- if(data->state.lastconnect && (data->multi_easy || data->multi)) { +- struct connectdata *c = data->state.lastconnect; ++ if((data->state.lastconnect_id != -1) && (data->multi_easy || data->multi)) { ++ struct connectdata *c; + struct connfind find; +- find.tofind = data->state.lastconnect; +- find.found = FALSE; ++ find.id_tofind = data->state.lastconnect_id; ++ find.found = NULL; + + Curl_conncache_foreach(data, data->multi_easy? + &data->multi_easy->conn_cache: + &data->multi->conn_cache, &find, conn_is_conn); + + if(!find.found) { +- data->state.lastconnect = NULL; ++ data->state.lastconnect_id = -1; + return CURL_SOCKET_BAD; + } + ++ c = find.found; + if(connp) { + /* only store this if the caller cares for it */ + *connp = c; +diff --git a/lib/easy.c b/lib/easy.c +index b648e80..7b0ea9a 100644 +--- a/lib/easy.c ++++ b/lib/easy.c +@@ -831,8 +831,7 @@ struct Curl_easy *curl_easy_duphandle(struct Curl_easy *data) + + /* the connection cache is setup on demand */ + outcurl->state.conn_cache = NULL; +- +- outcurl->state.lastconnect = NULL; ++ outcurl->state.lastconnect_id = -1; + + outcurl->progress.flags = data->progress.flags; + outcurl->progress.callback = data->progress.callback; +diff --git a/lib/multi.c b/lib/multi.c +index e10e752..02687dd 100644 +--- a/lib/multi.c ++++ b/lib/multi.c +@@ -454,6 +454,7 @@ CURLMcode curl_multi_add_handle(struct Curl_multi *multi, + data->state.conn_cache = &data->share->conn_cache; + else + data->state.conn_cache = &multi->conn_cache; ++ data->state.lastconnect_id = -1; + + #ifdef USE_LIBPSL + /* Do the same for PSL. */ +@@ -669,11 +670,11 @@ static CURLcode multi_done(struct Curl_easy *data, + CONN_UNLOCK(data); + if(Curl_conncache_return_conn(data, conn)) { + /* remember the most recently used connection */ +- data->state.lastconnect = conn; ++ data->state.lastconnect_id = conn->connection_id; + infof(data, "%s\n", buffer); + } + else +- data->state.lastconnect = NULL; ++ data->state.lastconnect_id = -1; + } + + Curl_free_request_state(data); +diff --git a/lib/url.c b/lib/url.c +index 47fc66a..f0a880f 100644 +--- a/lib/url.c ++++ b/lib/url.c +@@ -617,7 +617,7 @@ CURLcode Curl_open(struct Curl_easy **curl) + Curl_initinfo(data); + + /* most recent connection is not yet defined */ +- data->state.lastconnect = NULL; ++ data->state.lastconnect_id = -1; + + data->progress.flags |= PGRS_HIDE; + data->state.current_speed = -1; /* init to negative == impossible */ +diff --git a/lib/urldata.h b/lib/urldata.h +index fbb8b64..6586986 100644 +--- a/lib/urldata.h ++++ b/lib/urldata.h +@@ -1332,7 +1332,7 @@ struct UrlState { + /* buffers to store authentication data in, as parsed from input options */ + struct curltime keeps_speed; /* for the progress meter really */ + +- struct connectdata *lastconnect; /* The last connection, NULL if undefined */ ++ long lastconnect_id; /* The last connection, -1 if undefined */ + + char *headerbuff; /* allocated buffer to store headers in */ + size_t headersize; /* size of the allocation */