diff --git a/backport-multi-check-that-the-multi-handle-is-valid-in-curl_m.patch b/backport-multi-check-that-the-multi-handle-is-valid-in-curl_m.patch new file mode 100644 index 0000000000000000000000000000000000000000..e4087c43c70d407e3a3766269663d581e3302229 --- /dev/null +++ b/backport-multi-check-that-the-multi-handle-is-valid-in-curl_m.patch @@ -0,0 +1,33 @@ +From 48f61e781a01e6a8dbc4a347e280644b1c68ab6a Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Wed, 11 Sep 2024 14:12:41 +0200 +Subject: [PATCH] multi: check that the multi handle is valid in + curl_multi_assign + +By requiring that the multi handle is fine, it can detect bad usage +better and by that avoid crashes. Like in the #14860 case, which is an +application calling curl_multi_assign() with a NULL pointer multi +handle. + +Reported-by: Carlo Cabrera +Fixes #14860 +Closes #14862 +--- + lib/multi.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/lib/multi.c b/lib/multi.c +index 062d09cc0..78e5c0a1e 100644 +--- a/lib/multi.c ++++ b/lib/multi.c +@@ -3688,6 +3688,8 @@ CURLMcode curl_multi_assign(struct Curl_multi *multi, curl_socket_t s, + void *hashp) + { + struct Curl_sh_entry *there = NULL; ++ if(!GOOD_MULTI_HANDLE(multi)) ++ return CURLM_BAD_HANDLE; + + there = sh_getentry(&multi->sockhash, s); + +-- +2.33.0 diff --git a/curl.spec b/curl.spec index b110d07e564f81c18f4def2ce6a32ce0a0e7904f..9f701cccdc3f31e6b2e12d1ce8f79eee0802a849 100644 --- a/curl.spec +++ b/curl.spec @@ -7,7 +7,7 @@ Name: curl Version: 8.4.0 -Release: 11 +Release: 12 Summary: Curl is used in command lines or scripts to transfer data License: curl URL: https://curl.se/ @@ -36,6 +36,7 @@ Patch27: backport-CVE-2024-8096-gtls-fix-OCSP-stapling-management.patch Patch28: backport-url-allow-DoH-transfers-to-override-max-connection-limit.patch Patch29: backport-pre-CVE-2024-9681.patch Patch30: backport-CVE-2024-9681.patch +Patch31: backport-multi-check-that-the-multi-handle-is-valid-in-curl_m.patch BuildRequires: automake brotli-devel coreutils gcc groff krb5-devel BuildRequires: libidn2-devel libnghttp2-devel libpsl-devel @@ -221,6 +222,12 @@ rm -rf ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_mandir}/man3/* %changelog +* Wed Nov 27 2024 liningjie - 8.4.0-12 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:multi: check that the multi handle is valid in curl_multi_assign + * Mon Nov 11 2024 yanglu - 8.4.0-11 - Type:CVE - CVE:CVE-2024-9681