From 9b0959167aa40a67996e98fef1d6c4096aadd0d9 Mon Sep 17 00:00:00 2001
From: sherlock2010 <15151851377@163.com>
Date: Sat, 30 Nov 2024 10:22:59 +0000
Subject: [PATCH] multi: check that the multi handle is valid in
 curl_multi_assign

---
 ...-the-multi-handle-is-valid-in-curl_m.patch | 37 +++++++++++++++++++
 curl.spec                                     |  9 ++++-
 2 files changed, 45 insertions(+), 1 deletion(-)
 create mode 100644 backport-multi-check-that-the-multi-handle-is-valid-in-curl_m.patch

diff --git a/backport-multi-check-that-the-multi-handle-is-valid-in-curl_m.patch b/backport-multi-check-that-the-multi-handle-is-valid-in-curl_m.patch
new file mode 100644
index 0000000..7d9ec76
--- /dev/null
+++ b/backport-multi-check-that-the-multi-handle-is-valid-in-curl_m.patch
@@ -0,0 +1,37 @@
+From 48f61e781a01e6a8dbc4a347e280644b1c68ab6a Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Wed, 11 Sep 2024 14:12:41 +0200
+Subject: [PATCH] multi: check that the multi handle is valid in
+ curl_multi_assign
+
+By requiring that the multi handle is fine, it can detect bad usage
+better and by that avoid crashes. Like in the #14860 case, which is an
+application calling curl_multi_assign() with a NULL pointer multi
+handle.
+
+Reported-by: Carlo Cabrera
+Fixes #14860
+Closes #14862
+
+Conflict:Context adapt
+Reference:https://github.com/curl/curl/commit/48f61e781a01e6a8dbc4a347e280644b1c68ab6a
+---
+ lib/multi.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/lib/multi.c b/lib/multi.c
+index 062d09cc0..78e5c0a1e 100644
+--- a/lib/multi.c
++++ b/lib/multi.c
+@@ -3688,6 +3688,8 @@ CURLMcode curl_multi_assign(struct Curl_multi *multi, curl_socket_t s,
+                             void *hashp)
+ {
+   struct Curl_sh_entry *there = NULL;
++  if(!GOOD_MULTI_HANDLE(multi))
++    return CURLM_BAD_HANDLE;
+ 
+   if(multi->in_callback)
+     return CURLM_RECURSIVE_API_CALL;
+-- 
+2.33.0
+
diff --git a/curl.spec b/curl.spec
index a3203e5..e503375 100644
--- a/curl.spec
+++ b/curl.spec
@@ -6,7 +6,7 @@
 
 Name:           curl
 Version:        7.71.1
-Release:        37
+Release:        38
 Summary:        Curl is used in command lines or scripts to transfer data
 License:        MIT
 URL:            https://curl.haxx.se/
@@ -86,6 +86,7 @@ Patch173:       backport-0001-CVE-2024-7264.patch
 Patch174:       backport-0002-CVE-2024-7264.patch
 Patch175:       backport-CVE-2024-8096-gtls-fix-OCSP-stapling-management.patch
 Patch176:       backport-url-allow-DoH-transfers-to-override-max-connection-limit.patch
+Patch177:       backport-multi-check-that-the-multi-handle-is-valid-in-curl_m.patch
 
 BuildRequires:  automake brotli-devel coreutils gcc groff krb5-devel
 BuildRequires:  libidn2-devel libnghttp2-devel libpsl-devel
@@ -250,6 +251,12 @@ rm -rf ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %{_mandir}/man3/*
 
 %changelog
+* Sat Nov 30 2024 zhouyihang <zhouyihang3@h-partners.com> - 7.71.1-38
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:multi: check that the multi handle is valid in curl_multi_assign
+
 * Fri Sep 20 2024 zhouyihang <zhouyihang3@h-partners.com> - 7.71.1-37
 - Type:bugfix
 - CVE:NA
-- 
Gitee