From 9b0959167aa40a67996e98fef1d6c4096aadd0d9 Mon Sep 17 00:00:00 2001 From: sherlock2010 <15151851377@163.com> Date: Sat, 30 Nov 2024 10:22:59 +0000 Subject: [PATCH] multi: check that the multi handle is valid in curl_multi_assign --- ...-the-multi-handle-is-valid-in-curl_m.patch | 37 +++++++++++++++++++ curl.spec | 9 ++++- 2 files changed, 45 insertions(+), 1 deletion(-) create mode 100644 backport-multi-check-that-the-multi-handle-is-valid-in-curl_m.patch diff --git a/backport-multi-check-that-the-multi-handle-is-valid-in-curl_m.patch b/backport-multi-check-that-the-multi-handle-is-valid-in-curl_m.patch new file mode 100644 index 0000000..7d9ec76 --- /dev/null +++ b/backport-multi-check-that-the-multi-handle-is-valid-in-curl_m.patch @@ -0,0 +1,37 @@ +From 48f61e781a01e6a8dbc4a347e280644b1c68ab6a Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Wed, 11 Sep 2024 14:12:41 +0200 +Subject: [PATCH] multi: check that the multi handle is valid in + curl_multi_assign + +By requiring that the multi handle is fine, it can detect bad usage +better and by that avoid crashes. Like in the #14860 case, which is an +application calling curl_multi_assign() with a NULL pointer multi +handle. + +Reported-by: Carlo Cabrera +Fixes #14860 +Closes #14862 + +Conflict:Context adapt +Reference:https://github.com/curl/curl/commit/48f61e781a01e6a8dbc4a347e280644b1c68ab6a +--- + lib/multi.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/lib/multi.c b/lib/multi.c +index 062d09cc0..78e5c0a1e 100644 +--- a/lib/multi.c ++++ b/lib/multi.c +@@ -3688,6 +3688,8 @@ CURLMcode curl_multi_assign(struct Curl_multi *multi, curl_socket_t s, + void *hashp) + { + struct Curl_sh_entry *there = NULL; ++ if(!GOOD_MULTI_HANDLE(multi)) ++ return CURLM_BAD_HANDLE; + + if(multi->in_callback) + return CURLM_RECURSIVE_API_CALL; +-- +2.33.0 + diff --git a/curl.spec b/curl.spec index a3203e5..e503375 100644 --- a/curl.spec +++ b/curl.spec @@ -6,7 +6,7 @@ Name: curl Version: 7.71.1 -Release: 37 +Release: 38 Summary: Curl is used in command lines or scripts to transfer data License: MIT URL: https://curl.haxx.se/ @@ -86,6 +86,7 @@ Patch173: backport-0001-CVE-2024-7264.patch Patch174: backport-0002-CVE-2024-7264.patch Patch175: backport-CVE-2024-8096-gtls-fix-OCSP-stapling-management.patch Patch176: backport-url-allow-DoH-transfers-to-override-max-connection-limit.patch +Patch177: backport-multi-check-that-the-multi-handle-is-valid-in-curl_m.patch BuildRequires: automake brotli-devel coreutils gcc groff krb5-devel BuildRequires: libidn2-devel libnghttp2-devel libpsl-devel @@ -250,6 +251,12 @@ rm -rf ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_mandir}/man3/* %changelog +* Sat Nov 30 2024 zhouyihang - 7.71.1-38 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:multi: check that the multi handle is valid in curl_multi_assign + * Fri Sep 20 2024 zhouyihang - 7.71.1-37 - Type:bugfix - CVE:NA -- Gitee