Browse code
curl: Fix for CVE-2018-0500
Change-Id: If33ad00cdd96b15fc97ee36533a9b1dfce1aedc8
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/5720
Reviewed-by: Anish Swaminathan <anishs@vmware.com>
Tested-by: Anish Swaminathan <anishs@vmware.com>
Keerthana K authored on 2018/09/18 22:51:44Showing 2 changed files
| 1 | 1 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,34 @@ |
| 0 |
+From ba1dbd78e5f1ed67c1b8d37ac89d90e5e330b628 Mon Sep 17 00:00:00 2001 |
|
| 1 |
+From: Daniel Stenberg <daniel@haxx.se> |
|
| 2 |
+Date: Wed, 13 Jun 2018 12:24:40 +0200 |
|
| 3 |
+Subject: [PATCH] smtp: use the upload buffer size for scratch buffer malloc |
|
| 4 |
+ |
|
| 5 |
+... not the read buffer size, as that can be set smaller and thus cause |
|
| 6 |
+a buffer overflow! CVE-2018-0500 |
|
| 7 |
+ |
|
| 8 |
+Reported-by: Peter Wu |
|
| 9 |
+Bug: https://curl.haxx.se/docs/adv_2018-70a2.html |
|
| 10 |
+--- |
|
| 11 |
+ lib/smtp.c | 3 ++- |
|
| 12 |
+ 1 file changed, 2 insertions(+), 1 deletion(-) |
|
| 13 |
+ |
|
| 14 |
+diff --git a/lib/smtp.c b/lib/smtp.c |
|
| 15 |
+index e6872badb8..ecf10a41ac 100644 |
|
| 16 |
+--- a/lib/smtp.c |
|
| 17 |
+@@ -1563,13 +1563,14 @@ CURLcode Curl_smtp_escape_eob(struct connectdata *conn, const ssize_t nread) |
|
| 18 |
+ if(!scratch || data->set.crlf) {
|
|
| 19 |
+ oldscratch = scratch; |
|
| 20 |
+ |
|
| 21 |
+- scratch = newscratch = malloc(2 * data->set.buffer_size); |
|
| 22 |
++ scratch = newscratch = malloc(2 * UPLOAD_BUFSIZE); |
|
| 23 |
+ if(!newscratch) {
|
|
| 24 |
+ failf(data, "Failed to alloc scratch buffer!"); |
|
| 25 |
+ |
|
| 26 |
+ return CURLE_OUT_OF_MEMORY; |
|
| 27 |
+ } |
|
| 28 |
+ } |
|
| 29 |
++ DEBUGASSERT(UPLOAD_BUFSIZE >= nread); |
|
| 30 |
+ |
|
| 31 |
+ /* Have we already sent part of the EOB? */ |
|
| 32 |
+ eob_sent = smtp->eob; |
| ... | ... |
@@ -1,7 +1,7 @@ |
| 1 | 1 |
Summary: An URL retrieval utility and library |
| 2 | 2 |
Name: curl |
| 3 | 3 |
Version: 7.59.0 |
| 4 |
-Release: 2%{?dist}
|
|
| 4 |
+Release: 3%{?dist}
|
|
| 5 | 5 |
License: MIT |
| 6 | 6 |
URL: http://curl.haxx.se |
| 7 | 7 |
Group: System Environment/NetworkingLibraries |
| ... | ... |
@@ -11,6 +11,7 @@ Source0: http://curl.haxx.se/download/%{name}-%{version}.tar.gz
|
| 11 | 11 |
%define sha1 curl=1a9bd7e201e645207b23a4b4dc38a32cc494a638 |
| 12 | 12 |
Patch0: curl-CVE-2018-1000300.patch |
| 13 | 13 |
Patch1: curl-CVE-2018-1000301.patch |
| 14 |
+Patch2: curl-CVE-2018-0500.patch |
|
| 14 | 15 |
BuildRequires: ca-certificates |
| 15 | 16 |
BuildRequires: openssl-devel |
| 16 | 17 |
BuildRequires: krb5-devel |
| ... | ... |
@@ -45,6 +46,7 @@ This package contains minimal set of shared curl libraries. |
| 45 | 45 |
%setup -q |
| 46 | 46 |
%patch0 -p1 |
| 47 | 47 |
%patch1 -p1 |
| 48 |
+%patch2 -p1 |
|
| 48 | 49 |
%build |
| 49 | 50 |
./configure \ |
| 50 | 51 |
CFLAGS="%{optflags}" \
|
| ... | ... |
@@ -92,6 +94,8 @@ rm -rf %{buildroot}/*
|
| 92 | 92 |
%{_libdir}/libcurl.so.*
|
| 93 | 93 |
|
| 94 | 94 |
%changelog |
| 95 |
+* Tue Sep 18 2018 Keerthana K <keerthanak@vmware.com> 7.59.0-3 |
|
| 96 |
+- Fix for CVE-2018-0500 |
|
| 95 | 97 |
* Thu Jul 05 2018 Keerthana K <keerthanak@vmware.com> 7.59.0-2 |
| 96 | 98 |
- Fix for CVE-2018-1000300, CVE-2018-1000301. |
| 97 | 99 |
* Wed Apr 04 2018 Dheeraj Shetty <dheerajs@vmware.com> 7.59.0-1 |