rpms/curl/FC-4 curl-7.13.1-cve-2005-4077.patch, NONE, 1.1 curl.spec, 1.25, 1.26
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Thu Dec 8 13:22:19 UTC 2005
Author: varekova
Update of /cvs/dist/rpms/curl/FC-4
In directory cvs.devel.redhat.com:/tmp/cvs-serv9223
Modified Files:
curl.spec
Added Files:
curl-7.13.1-cve-2005-4077.patch
Log Message:
- fix bug 175265 - CVE-2005-4077 SA17907 cURL/libcURL
URL Parsing Off-By-One Vulnerability
curl-7.13.1-cve-2005-4077.patch:
url.c | 10 ++++++++--
1 files changed, 8 insertions(+), 2 deletions(-)
--- NEW FILE curl-7.13.1-cve-2005-4077.patch ---
--- curl-7.13.1/lib/url.c.cve-2005-4077 2005-12-08 13:08:03.000000000 +0100
+++ curl-7.13.1/lib/url.c 2005-12-08 13:15:56.565790336 +0100
@@ -2313,12 +2313,18 @@
if(urllen < LEAST_PATH_ALLOC)
urllen=LEAST_PATH_ALLOC;
- conn->pathbuffer=(char *)malloc(urllen);
+ /*
+ * We malloc() the buffers below urllen+2 to make room for to possibilities:
+ * 1 - an extra terminating zero
+ * 2 - an extra slash (in case a syntax like "www.host.com?moo" is used)
+ */
+
+ conn->pathbuffer=(char *)malloc(urllen+2);
if(NULL == conn->pathbuffer)
return CURLE_OUT_OF_MEMORY; /* really bad error */
conn->path = conn->pathbuffer;
- conn->host.rawalloc=(char *)malloc(urllen);
+ conn->host.rawalloc=(char *)malloc(urllen+2);
if(NULL == conn->host.rawalloc)
return CURLE_OUT_OF_MEMORY;
conn->host.name = conn->host.rawalloc;
Index: curl.spec
===================================================================
RCS file: /cvs/dist/rpms/curl/FC-4/curl.spec,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- curl.spec 19 Oct 2005 13:42:57 -0000 1.25
+++ curl.spec 8 Dec 2005 13:22:17 -0000 1.26
@@ -1,7 +1,7 @@
Summary: A utility for getting files from remote servers (FTP, HTTP, and others).
Name: curl
Version: 7.13.1
-Release: 4
+Release: 4.fc4
License: MIT
Group: Applications/Internet
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.bz2
@@ -9,6 +9,7 @@
Patch1: curl-7.10.4-path.patch
Patch2: curl-7.13.1-auth.patch
Patch3: curl-7.13.1-2005-3185.patch
+Patch4: curl-7.13.1-cve-2005-4077.patch
URL: http://curl.haxx.se/
BuildRoot: %{_tmppath}/%{name}-%{version}-root
BuildRequires: openssl-devel, libtool, pkgconfig, libidn-devel
@@ -40,6 +41,7 @@
%patch1 -p1
%patch2 -p1 -b .auth
%patch3 -p1 -b .2005-3185
+%patch4 -p1 -b .2005-4077
%build
aclocal
@@ -94,6 +96,10 @@
%{_mandir}/man3/*
%changelog
+* Thu Dec 8 2005 Ivana Varekova <varekova at redhat.com> 7.13.1-4.fc4
+- fix bug 175265 - CVE-2005-4077 SA17907 cURL/libcURL
+ URL Parsing Off-By-One Vulnerability
+
* Wed Oct 19 2005 Ivana Varekova <varekova at redhat.com> 7.13.1-4
- fix bug 170682 - CAN-2005-3185 NTLM buffer overflow
(this change is only in cvs - not build and not create update)
More information about the fedora-cvs-commits
mailing list