Patch for CVE-2023-27538 and CVE-2023-27535 - v3

microsoft · Nov 14, 2024 · 5d2528b · 5d2528b
1 parent e074bb0
commit 5d2528b
Show file tree

Hide file tree

Showing 4 changed files with 67 additions and 32 deletions.
diff --git a/SPECS/cmake/CVE-2023-27535.patch b/SPECS/cmake/CVE-2023-27535.patch
@@ -6,46 +6,40 @@ Subject: [PATCH] Patch for CVE-2023-27535
 Upstream patch: https://github.com/curl/curl/commit/8f4608468b890dc
 
 ---
- Utilities/cmcurl/lib/ftp.c     | 30 ++++++++++++++++++++++++++++--
+ Utilities/cmcurl/lib/ftp.c     | 29 +++++++++++++++++++++++++++--
  Utilities/cmcurl/lib/ftp.h     |  5 +++++
  Utilities/cmcurl/lib/setopt.c  |  1 +
+ Utilities/cmcurl/lib/strcase.c | 22 ++++++++++++++++++++++
+ Utilities/cmcurl/lib/strcase.h |  2 ++
  Utilities/cmcurl/lib/url.c     | 16 +++++++++++++++-
  Utilities/cmcurl/lib/urldata.h |  4 ++--
- 5 files changed, 51 insertions(+), 5 deletions(-)
+ 7 files changed, 74 insertions(+), 5 deletions(-)
 
 diff --git a/Utilities/cmcurl/lib/ftp.c b/Utilities/cmcurl/lib/ftp.c
-index 425b0afec6..5839296ec2 100644
+index 425b0afec6..776a65f956 100644
 --- a/Utilities/cmcurl/lib/ftp.c
 +++ b/Utilities/cmcurl/lib/ftp.c
 @@ -4084,6 +4084,8 @@ static CURLcode ftp_disconnect(struct Curl_easy *data,
    }
-
+ 
    freedirs(ftpc);
 +  Curl_safefree(ftpc->account);
 +  Curl_safefree(ftpc->alternative_to_user);
    Curl_safefree(ftpc->prevpath);
    Curl_safefree(ftpc->server_os);
    Curl_pp_disconnect(pp);
-@@ -4108,6 +4110,7 @@ CURLcode ftp_parse_url_path(struct Curl_easy *data)
-   const char *slashPos = NULL;
-   const char *fileName = NULL;
-   CURLcode result = CURLE_OK;
-+  struct ftp_conn *ftpc = &conn->proto.ftpc;
-   char *rawPath = NULL; /* url-decoded "raw" path */
-   size_t pathLen = 0;
-
-@@ -4344,11 +4347,32 @@ static CURLcode ftp_setup_connection(struct Curl_easy *data,
+@@ -4344,11 +4346,32 @@ static CURLcode ftp_setup_connection(struct Curl_easy *data,
  {
    char *type;
    struct FTP *ftp;
 +  CURLcode result = CURLE_OK;
 +  struct ftp_conn *ftpc = &conn->proto.ftpc;
-
+ 
 -  data->req.p.ftp = ftp = calloc(sizeof(struct FTP), 1);
 +  ftp = calloc(sizeof(struct FTP), 1);
    if(NULL == ftp)
      return CURLE_OUT_OF_MEMORY;
-
+ 
 +  /* clone connection related data that is FTP specific */
 +  if(data->set.str[STRING_FTP_ACCOUNT]) {
 +    ftpc->account = strdup(data->set.str[STRING_FTP_ACCOUNT]);
@@ -66,17 +60,17 @@ index 425b0afec6..5839296ec2 100644
 +  data->req.p.ftp = ftp;
 +
    ftp->path = &data->state.up.path[1]; /* don't include the initial slash */
-
+ 
    /* FTP URLs support an extension like ";type=<typecode>" that
-@@ -4383,7 +4407,9 @@ static CURLcode ftp_setup_connection(struct Curl_easy *data,
+@@ -4383,7 +4406,9 @@ static CURLcode ftp_setup_connection(struct Curl_easy *data,
    /* get some initial data into the ftp struct */
    ftp->transfer = PPTRANSFER_BODY;
    ftp->downloadsize = 0;
 -  conn->proto.ftpc.known_filesize = -1; /* unknown size for now */
 +  ftpc->known_filesize = -1; /* unknown size for now */
 +  ftpc->use_ssl = data->set.use_ssl;
 +  ftpc->ccc = data->set.ftp_ccc;
-
+ 
    return CURLE_OK;
  }
 diff --git a/Utilities/cmcurl/lib/ftp.h b/Utilities/cmcurl/lib/ftp.h
@@ -112,16 +106,60 @@ index fb8b86d474..10c6872bb3 100644
      data->set.use_ssl = (curl_usessl)arg;
 +    data->set.use_ssl = (unsigned char)arg;
      break;
-
+ 
    case CURLOPT_SSL_OPTIONS:
+diff --git a/Utilities/cmcurl/lib/strcase.c b/Utilities/cmcurl/lib/strcase.c
+index 955e3c79ea..29cc539cdf 100644
+--- a/Utilities/cmcurl/lib/strcase.c
++++ b/Utilities/cmcurl/lib/strcase.c
+@@ -251,6 +251,28 @@ void Curl_strntolower(char *dest, const char *src, size_t n)
+   } while(*src++ && --n);
+ }
+
++/*
++ * Curl_timestrcmp() returns 0 if the two strings are identical. The time this
++ * function spends is a function of the shortest string, not of the contents.
++ */
++int Curl_timestrcmp(const char *a, const char *b)
++{
++  int match = 0;
++  int i = 0;
++
++  if(a && b) {
++    while(1) {
++      match |= a[i]^b[i];
++      if(!a[i] || !b[i])
++        break;
++      i++;
++    }
++  }
++  else
++    return a || b;
++  return match;
++}
++
+ /* --- public functions --- */
+
+ int curl_strequal(const char *first, const char *second)
+diff --git a/Utilities/cmcurl/lib/strcase.h b/Utilities/cmcurl/lib/strcase.h
+index 10dc698817..6fdb32ed08 100644
+--- a/Utilities/cmcurl/lib/strcase.h
++++ b/Utilities/cmcurl/lib/strcase.h
+@@ -48,4 +48,6 @@ char Curl_raw_toupper(char in);
+ void Curl_strntoupper(char *dest, const char *src, size_t n);
+ void Curl_strntolower(char *dest, const char *src, size_t n);
+
++int Curl_timestrcmp(const char *first, const char *second);
++
+ #endif /* HEADER_CURL_STRCASE_H */
 diff --git a/Utilities/cmcurl/lib/url.c b/Utilities/cmcurl/lib/url.c
 index ca40322504..e00c56300b 100644
 --- a/Utilities/cmcurl/lib/url.c
 +++ b/Utilities/cmcurl/lib/url.c
 @@ -1334,10 +1334,24 @@ ConnectionExists(struct Curl_easy *data,
           (data->state.httpwant < CURL_HTTP_VERSION_2_0))
          continue;
-
+ 
 -      if(get_protocol_family(needle->handler) & PROTO_FAMILY_SSH) {
 +#ifdef USE_SSH
 +      else if(get_protocol_family(needle->handler) & PROTO_FAMILY_SSH) {
@@ -141,7 +179,7 @@ index ca40322504..e00c56300b 100644
 +          continue;
 +      }
 +#endif
-
+ 
        if((needle->handler->flags&PROTOPT_SSL)
  #ifndef CURL_DISABLE_PROXY
 diff --git a/Utilities/cmcurl/lib/urldata.h b/Utilities/cmcurl/lib/urldata.h
@@ -166,5 +204,5 @@ index 365b6821b1..ef3a58e55a 100644
    BIT(is_fread_set); /* has read callback been set to non-NULL? */
    BIT(is_fwrite_set); /* has write callback been set to non-NULL? */
    BIT(free_referer); /* set TRUE if 'referer' points to a string we
---
+-- 
 2.45.2
diff --git a/SPECS/cmake/cmake.spec b/SPECS/cmake/cmake.spec
@@ -2,7 +2,7 @@
 Summary:        Cmake
 Name:           cmake
 Version:        3.21.4
-Release:        14%{?dist}
+Release:        13%{?dist}
 License:        BSD AND LGPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -92,11 +92,8 @@ bin/ctest --force-new-ctest-process --rerun-failed --output-on-failure
 %{_prefix}/doc/%{name}-*/*
 
 %changelog
-* Wed Nov 13 2024 Sharath Srikanth Chellappa <[email protected]> - 3.21.4-14
-- Patch CVE-2023-27535 and CVE-2023-27538
-
-* Tue Nov 12 2024 Sharath Srikanth Chellappa <[email protected]> - 3.21.4-13
-- Patch CVE-2022-43552 and CVE-2023-27536
+* Thu Nov 14 2024 Sharath Srikanth Chellappa <[email protected]> - 3.21.4-13
+- Patch CVE-2022-43552, CVE-2023-27536, CVE-2023-27535 and CVE-2023-27538
 
 * Wed Sep 18 2024 Suresh Thelkar <[email protected]> - 3.21.4-12
 - Patch CVE-2023-27533 and CVE-2023-27534

diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt
@@ -30,8 +30,8 @@ check-debuginfo-0.15.2-1.cm2.aarch64.rpm
 chkconfig-1.20-4.cm2.aarch64.rpm
 chkconfig-debuginfo-1.20-4.cm2.aarch64.rpm
 chkconfig-lang-1.20-4.cm2.aarch64.rpm
-cmake-3.21.4-14.cm2.aarch64.rpm
-cmake-debuginfo-3.21.4-14.cm2.aarch64.rpm
+cmake-3.21.4-13.cm2.aarch64.rpm
+cmake-debuginfo-3.21.4-13.cm2.aarch64.rpm
 coreutils-8.32-7.cm2.aarch64.rpm
 coreutils-debuginfo-8.32-7.cm2.aarch64.rpm
 coreutils-lang-8.32-7.cm2.aarch64.rpm

diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt
@@ -31,8 +31,8 @@ check-debuginfo-0.15.2-1.cm2.x86_64.rpm
 chkconfig-1.20-4.cm2.x86_64.rpm
 chkconfig-debuginfo-1.20-4.cm2.x86_64.rpm
 chkconfig-lang-1.20-4.cm2.x86_64.rpm
-cmake-3.21.4-14.cm2.x86_64.rpm
-cmake-debuginfo-3.21.4-14.cm2.x86_64.rpm
+cmake-3.21.4-13.cm2.x86_64.rpm
+cmake-debuginfo-3.21.4-13.cm2.x86_64.rpm
 coreutils-8.32-7.cm2.x86_64.rpm
 coreutils-debuginfo-8.32-7.cm2.x86_64.rpm
 coreutils-lang-8.32-7.cm2.x86_64.rpm