rpms/curl/FC-4 curl-7.13.1-cve-2005-4077.patch, NONE, 1.1 curl.spec, 1.25, 1.26

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Thu Dec 8 13:22:19 UTC 2005


Author: varekova

Update of /cvs/dist/rpms/curl/FC-4
In directory cvs.devel.redhat.com:/tmp/cvs-serv9223

Modified Files:
	curl.spec 
Added Files:
	curl-7.13.1-cve-2005-4077.patch 
Log Message:
- fix bug 175265 - CVE-2005-4077 SA17907 cURL/libcURL
  URL Parsing Off-By-One Vulnerability



curl-7.13.1-cve-2005-4077.patch:
 url.c |   10 ++++++++--
 1 files changed, 8 insertions(+), 2 deletions(-)

--- NEW FILE curl-7.13.1-cve-2005-4077.patch ---
--- curl-7.13.1/lib/url.c.cve-2005-4077	2005-12-08 13:08:03.000000000 +0100
+++ curl-7.13.1/lib/url.c	2005-12-08 13:15:56.565790336 +0100
@@ -2313,12 +2313,18 @@
   if(urllen < LEAST_PATH_ALLOC)
     urllen=LEAST_PATH_ALLOC;
 
-  conn->pathbuffer=(char *)malloc(urllen);
+  /*
+   * We malloc() the buffers below urllen+2 to make room for to possibilities:
+   * 1 - an extra terminating zero
+   * 2 - an extra slash (in case a syntax like "www.host.com?moo" is used)
+   */
+
+  conn->pathbuffer=(char *)malloc(urllen+2);
   if(NULL == conn->pathbuffer)
     return CURLE_OUT_OF_MEMORY; /* really bad error */
   conn->path = conn->pathbuffer;
 
-  conn->host.rawalloc=(char *)malloc(urllen);
+  conn->host.rawalloc=(char *)malloc(urllen+2);
   if(NULL == conn->host.rawalloc)
     return CURLE_OUT_OF_MEMORY;
   conn->host.name = conn->host.rawalloc;


Index: curl.spec
===================================================================
RCS file: /cvs/dist/rpms/curl/FC-4/curl.spec,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- curl.spec	19 Oct 2005 13:42:57 -0000	1.25
+++ curl.spec	8 Dec 2005 13:22:17 -0000	1.26
@@ -1,7 +1,7 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others).
 Name: curl 
 Version: 7.13.1
-Release: 4
+Release: 4.fc4
 License: MIT
 Group: Applications/Internet
 Source: http://curl.haxx.se/download/%{name}-%{version}.tar.bz2
@@ -9,6 +9,7 @@
 Patch1: curl-7.10.4-path.patch
 Patch2: curl-7.13.1-auth.patch
 Patch3: curl-7.13.1-2005-3185.patch
+Patch4: curl-7.13.1-cve-2005-4077.patch
 URL: http://curl.haxx.se/
 BuildRoot: %{_tmppath}/%{name}-%{version}-root
 BuildRequires: openssl-devel, libtool, pkgconfig, libidn-devel
@@ -40,6 +41,7 @@
 %patch1 -p1
 %patch2 -p1 -b .auth
 %patch3 -p1 -b .2005-3185
+%patch4 -p1 -b .2005-4077
 
 %build
 aclocal
@@ -94,6 +96,10 @@
 %{_mandir}/man3/*
 
 %changelog
+* Thu Dec  8 2005 Ivana Varekova <varekova at redhat.com> 7.13.1-4.fc4
+- fix bug 175265 - CVE-2005-4077 SA17907 cURL/libcURL 
+  URL Parsing Off-By-One Vulnerability
+
 * Wed Oct 19 2005 Ivana Varekova <varekova at redhat.com> 7.13.1-4
 - fix bug 170682 - CAN-2005-3185 NTLM buffer overflow 
   (this change is only in cvs - not build and not create update)




More information about the fedora-cvs-commits mailing list