Browse code
curl : Fix CVE-2017-1000257
Change-Id: I94976ae89d9c4ae6c6ad4a1fb732eb3c423305a0
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/4393
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Anish Swaminathan <anishs@vmware.com>
xiaolin-vmware authored on 2017/11/28 15:05:02Showing 2 changed files
| 1 | 1 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,37 @@ |
| 0 |
+From 13c9a9ded3ae744a1e11cbc14e9146d9fa427040 Mon Sep 17 00:00:00 2001 |
|
| 1 |
+From: Daniel Stenberg <daniel@haxx.se> |
|
| 2 |
+Date: Sat, 7 Oct 2017 00:11:31 +0200 |
|
| 3 |
+Subject: [PATCH] imap: if a FETCH response has no size, don't call write |
|
| 4 |
+ callback |
|
| 5 |
+ |
|
| 6 |
+CVE-2017-1000257 |
|
| 7 |
+ |
|
| 8 |
+Reported-by: Brian Carpenter and 0xd34db347 |
|
| 9 |
+Also detected by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3586 |
|
| 10 |
+--- |
|
| 11 |
+ lib/imap.c | 5 +++++ |
|
| 12 |
+ 1 file changed, 5 insertions(+) |
|
| 13 |
+ |
|
| 14 |
+diff --git a/lib/imap.c b/lib/imap.c |
|
| 15 |
+index 954d18f37..baa31a2f8 100644 |
|
| 16 |
+--- a/lib/imap.c |
|
| 17 |
+@@ -1124,10 +1124,15 @@ static CURLcode imap_state_fetch_resp(struct connectdata *conn, int imapcode, |
|
| 18 |
+ |
|
| 19 |
+ if(chunk > (size_t)size) |
|
| 20 |
+ /* The conversion from curl_off_t to size_t is always fine here */ |
|
| 21 |
+ chunk = (size_t)size; |
|
| 22 |
+ |
|
| 23 |
++ if(!chunk) {
|
|
| 24 |
++ /* no size, we're done with the data */ |
|
| 25 |
++ state(conn, IMAP_STOP); |
|
| 26 |
++ return CURLE_OK; |
|
| 27 |
++ } |
|
| 28 |
+ result = Curl_client_write(conn, CLIENTWRITE_BODY, pp->cache, chunk); |
|
| 29 |
+ if(result) |
|
| 30 |
+ return result; |
|
| 31 |
+ |
|
| 32 |
+ data->req.bytecount += chunk; |
|
| 33 |
+-- |
|
| 34 |
+2.15.0.rc1 |
|
| 35 |
+ |
| ... | ... |
@@ -1,7 +1,7 @@ |
| 1 | 1 |
Summary: An URL retrieval utility and library |
| 2 | 2 |
Name: curl |
| 3 | 3 |
Version: 7.54.1 |
| 4 |
-Release: 3%{?dist}
|
|
| 4 |
+Release: 4%{?dist}
|
|
| 5 | 5 |
License: MIT |
| 6 | 6 |
URL: http://curl.haxx.se |
| 7 | 7 |
Group: System Environment/NetworkingLibraries |
| ... | ... |
@@ -13,6 +13,7 @@ Patch0: curl-CVE-2017-1000099.patch |
| 13 | 13 |
Patch1: curl-CVE-2017-1000100.patch |
| 14 | 14 |
Patch2: curl-CVE-2017-1000101.patch |
| 15 | 15 |
Patch3: curl-CVE-2017-1000254.patch |
| 16 |
+Patch4: curl-CVE-2017-1000257.patch |
|
| 16 | 17 |
BuildRequires: ca-certificates |
| 17 | 18 |
BuildRequires: openssl-devel |
| 18 | 19 |
BuildRequires: krb5-devel |
| ... | ... |
@@ -49,6 +50,7 @@ This package contains minimal set of shared curl libraries. |
| 49 | 49 |
%patch1 -p1 |
| 50 | 50 |
%patch2 -p1 |
| 51 | 51 |
%patch3 -p1 |
| 52 |
+%patch4 -p1 |
|
| 52 | 53 |
%build |
| 53 | 54 |
./configure \ |
| 54 | 55 |
CFLAGS="%{optflags}" \
|
| ... | ... |
@@ -96,6 +98,8 @@ rm -rf %{buildroot}/*
|
| 96 | 96 |
%{_libdir}/libcurl.so.*
|
| 97 | 97 |
|
| 98 | 98 |
%changelog |
| 99 |
+* Mon Nov 27 2017 Xiaolin Li <xiaolinl@vmware.com> 7.54.1-4 |
|
| 100 |
+- Fix CVE-2017-1000257 |
|
| 99 | 101 |
* Mon Nov 06 2017 Xiaolin Li <xiaolinl@vmware.com> 7.54.1-3 |
| 100 | 102 |
- Fix CVE-2017-1000254 |
| 101 | 103 |
* Thu Nov 02 2017 Xiaolin Li <xiaolinl@vmware.com> 7.54.1-2 |