File curl-CVE-2024-7264.patch of Package curl.37304
From 3c914bc680155b32178f1f15ca8d47c7f4640afe Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 30 Jul 2024 10:05:17 +0200
Subject: [PATCH] x509asn1: clean up GTime2str
Co-authored-by: Stefan Eissing
Reported-by: Dov Murik
Closes #14307
---
lib/vtls/x509asn1.c | 23 ++++++++++++++---------
1 file changed, 14 insertions(+), 9 deletions(-)
Index: curl-7.37.0/lib/x509asn1.c
===================================================================
--- curl-7.37.0.orig/lib/x509asn1.c
+++ curl-7.37.0/lib/x509asn1.c
@@ -447,7 +447,7 @@ static const char * GTime2str(const char
/* Convert an ASN.1 Generalized time to a printable string.
Return the dynamically allocated string, or NULL if an error occurs. */
- for(fracp = beg; fracp < end && *fracp >= '0' && *fracp <= '9'; fracp++)
+ for(fracp = beg; fracp < end && ISDIGIT(*fracp); fracp++)
;
/* Get seconds digits. */
@@ -465,32 +465,44 @@ static const char * GTime2str(const char
return (const char *) NULL;
}
- /* Scan for timezone, measure fractional seconds. */
+ /* timezone follows optional fractional seconds. */
tzp = fracp;
- fracl = 0;
+ fracl = 0; /* no fractional seconds detected so far */
if(fracp < end && (*fracp == '.' || *fracp == ',')) {
- fracp++;
- do
+ /* Have fractional seconds, e.g. "[.,]\d+". How many? */
+ fracp++; /* should be a digit char or BAD ARGUMENT */
+ tzp = fracp;
+ while(tzp < end && ISDIGIT(*tzp))
tzp++;
- while(tzp < end && *tzp >= '0' && *tzp <= '9');
- /* Strip leading zeroes in fractional seconds. */
- for(fracl = tzp - fracp - 1; fracl && fracp[fracl - 1] == '0'; fracl--)
- ;
+ if(tzp == fracp) /* never looped, no digit after [.,] */
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ fracl = tzp - fracp; /* number of fractional sec digits */
+ DEBUGASSERT(fracl > 0);
+ /* Strip trailing zeroes in fractional seconds.
+ * May reduce fracl to 0 if only '0's are present. */
+ while(fracl && fracp[fracl - 1] == '0')
+ fracl--;
}
/* Process timezone. */
- if(tzp >= end)
- ; /* Nothing to do. */
+ if(tzp >= end) {
+ tzp = "";
+ tzl = 0;
+ }
else if(*tzp == 'Z') {
- tzp = " GMT";
- end = tzp + 4;
+ sep = " ";
+ tzp = "GMT";
+ tzl = 3;
+ }
+ else if((*tzp == '+') || (*tzp == '-')) {
+ sep = " UTC";
+ tzl = end - tzp;
}
else {
sep = " ";
- tzp++;
+ tzl = end - tzp;
}
- tzl = end - tzp;
return curl_maprintf("%.4s-%.2s-%.2s %.2s:%.2s:%c%c%s%.*s%s%.*s",
beg, beg + 4, beg + 6,
beg + 8, beg + 10, sec1, sec2,
@@ -666,6 +678,15 @@ const char * Curl_DNtostr(curl_asn1Eleme
return (const char *) buf;
}
+#ifdef UNITTESTS
+/* used by unit1656.c */
+CURLcode Curl_x509_GTime2str(struct dynbuf *store,
+ const char *beg, const char *end)
+{
+ return GTime2str(store, beg, end);
+}
+#endif
+
/*
* X509 parser.
*/
Index: curl-7.37.0/lib/x509asn1.h
===================================================================
--- curl-7.37.0.orig/lib/x509asn1.h
+++ curl-7.37.0/lib/x509asn1.h
@@ -125,5 +125,15 @@ CURLcode Curl_extract_certinfo(struct co
CURLcode Curl_verifyhost(struct connectdata * conn,
const char * beg, const char * end);
+#ifdef UNITTESTS
+#if defined(USE_GNUTLS) || defined(USE_SCHANNEL) || defined(USE_SECTRANSP) || \
+ defined(USE_MBEDTLS)
+
+/* used by unit1656.c */
+CURLcode Curl_x509_GTime2str(struct dynbuf *store,
+ const char *beg, const char *end);
+#endif
+#endif
+
#endif /* USE_QSOSSL or USE_GSKIT or USE_NSS */
#endif /* HEADER_CURL_X509ASN1_H */
Index: curl-7.37.0/tests/data/test1656
===================================================================
--- /dev/null
+++ curl-7.37.0/tests/data/test1656
@@ -0,0 +1,22 @@
+<testcase>
+<info>
+<keywords>
+unittest
+Curl_x509_GTime2str
+</keywords>
+</info>
+
+#
+# Client-side
+<client>
+<server>
+none
+</server>
+<features>
+unittest
+</features>
+<name>
+Curl_x509_GTime2str unit tests
+</name>
+</client>
+</testcase>
Index: curl-7.37.0/tests/unit/unit1656.c
===================================================================
--- /dev/null
+++ curl-7.37.0/tests/unit/unit1656.c
@@ -0,0 +1,133 @@
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * SPDX-License-Identifier: curl
+ *
+ ***************************************************************************/
+#include "curlcheck.h"
+
+#include "vtls/x509asn1.h"
+
+static CURLcode unit_setup(void)
+{
+ return CURLE_OK;
+}
+
+static void unit_stop(void)
+{
+
+}
+
+#if defined(USE_GNUTLS) || defined(USE_SCHANNEL) || defined(USE_SECTRANSP) || \
+ defined(USE_MBEDTLS)
+
+#ifndef ARRAYSIZE
+#define ARRAYSIZE(A) (sizeof(A)/sizeof((A)[0]))
+#endif
+
+struct test_spec {
+ const char *input;
+ const char *exp_output;
+ CURLcode exp_result;
+};
+
+static struct test_spec test_specs[] = {
+ { "190321134340", "1903-21-13 43:40:00", CURLE_OK },
+ { "", NULL, CURLE_BAD_FUNCTION_ARGUMENT },
+ { "WTF", NULL, CURLE_BAD_FUNCTION_ARGUMENT },
+ { "0WTF", NULL, CURLE_BAD_FUNCTION_ARGUMENT },
+ { "19032113434", NULL, CURLE_BAD_FUNCTION_ARGUMENT },
+ { "19032113434WTF", NULL, CURLE_BAD_FUNCTION_ARGUMENT },
+ { "190321134340.", NULL, CURLE_BAD_FUNCTION_ARGUMENT },
+ { "190321134340.1", "1903-21-13 43:40:00.1", CURLE_OK },
+ { "19032113434017.0", "1903-21-13 43:40:17", CURLE_OK },
+ { "19032113434017.01", "1903-21-13 43:40:17.01", CURLE_OK },
+ { "19032113434003.001", "1903-21-13 43:40:03.001", CURLE_OK },
+ { "19032113434003.090", "1903-21-13 43:40:03.09", CURLE_OK },
+ { "190321134340Z", "1903-21-13 43:40:00 GMT", CURLE_OK },
+ { "19032113434017.0Z", "1903-21-13 43:40:17 GMT", CURLE_OK },
+ { "19032113434017.01Z", "1903-21-13 43:40:17.01 GMT", CURLE_OK },
+ { "19032113434003.001Z", "1903-21-13 43:40:03.001 GMT", CURLE_OK },
+ { "19032113434003.090Z", "1903-21-13 43:40:03.09 GMT", CURLE_OK },
+ { "190321134340CET", "1903-21-13 43:40:00 CET", CURLE_OK },
+ { "19032113434017.0CET", "1903-21-13 43:40:17 CET", CURLE_OK },
+ { "19032113434017.01CET", "1903-21-13 43:40:17.01 CET", CURLE_OK },
+ { "190321134340+02:30", "1903-21-13 43:40:00 UTC+02:30", CURLE_OK },
+ { "19032113434017.0+02:30", "1903-21-13 43:40:17 UTC+02:30", CURLE_OK },
+ { "19032113434017.01+02:30", "1903-21-13 43:40:17.01 UTC+02:30", CURLE_OK },
+ { "190321134340-3", "1903-21-13 43:40:00 UTC-3", CURLE_OK },
+ { "19032113434017.0-04", "1903-21-13 43:40:17 UTC-04", CURLE_OK },
+ { "19032113434017.01-01:10", "1903-21-13 43:40:17.01 UTC-01:10", CURLE_OK },
+};
+
+static bool do_test(struct test_spec *spec, size_t i, struct dynbuf *dbuf)
+{
+ CURLcode result;
+ const char *in = spec->input;
+
+ Curl_dyn_reset(dbuf);
+ result = Curl_x509_GTime2str(dbuf, in, in + strlen(in));
+ if(result != spec->exp_result) {
+ fprintf(stderr, "test %zu: expect result %d, got %d\n",
+ i, spec->exp_result, result);
+ return FALSE;
+ }
+ else if(!result && strcmp(spec->exp_output, Curl_dyn_ptr(dbuf))) {
+ fprintf(stderr, "test %zu: input '%s', expected output '%s', got '%s'\n",
+ i, in, spec->exp_output, Curl_dyn_ptr(dbuf));
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+UNITTEST_START
+{
+ size_t i;
+ struct dynbuf dbuf;
+ bool all_ok = TRUE;
+
+ Curl_dyn_init(&dbuf, 32*1024);
+
+ if(curl_global_init(CURL_GLOBAL_ALL) != CURLE_OK) {
+ fprintf(stderr, "curl_global_init() failed\n");
+ return TEST_ERR_MAJOR_BAD;
+ }
+
+ for(i = 0; i < ARRAYSIZE(test_specs); ++i) {
+ if(!do_test(&test_specs[i], i, &dbuf))
+ all_ok = FALSE;
+ }
+ fail_unless(all_ok, "some tests of Curl_x509_GTime2str() fails");
+
+ Curl_dyn_free(&dbuf);
+ curl_global_cleanup();
+}
+UNITTEST_STOP
+
+#else
+
+UNITTEST_START
+{
+ puts("not tested since Curl_x509_GTime2str() is not built-in");
+}
+UNITTEST_STOP
+
+#endif
Index: curl-7.37.0/tests/data/Makefile.am
===================================================================
--- curl-7.37.0.orig/tests/data/Makefile.am
+++ curl-7.37.0/tests/data/Makefile.am
@@ -140,6 +140,8 @@ test1516 \
\
test1525 test1526 test1527 test1528 \
\
+test1656 \
+\
test1900 test1901 test1902 test1903 \
\
test2000 test2001 test2002 test2003 test2004 test2005 test2006 test2007 \
Index: curl-7.37.0/tests/data/Makefile.in
===================================================================
--- curl-7.37.0.orig/tests/data/Makefile.in
+++ curl-7.37.0/tests/data/Makefile.in
@@ -448,6 +448,8 @@ test1516 \
\
test1525 test1526 test1527 test1528 \
\
+test1656 \
+\
test1900 test1901 test1902 test1903 \
\
test2000 test2001 test2002 test2003 test2004 test2005 test2006 test2007 \
Index: curl-7.37.0/tests/unit/Makefile.in
===================================================================
--- curl-7.37.0.orig/tests/unit/Makefile.in
+++ curl-7.37.0/tests/unit/Makefile.in
@@ -114,7 +114,8 @@ am__EXEEXT_1 = unit1300$(EXEEXT) unit130
unit1303$(EXEEXT) unit1304$(EXEEXT) unit1305$(EXEEXT) \
unit1307$(EXEEXT) unit1308$(EXEEXT) unit1309$(EXEEXT) \
unit1330$(EXEEXT) unit1394$(EXEEXT) unit1395$(EXEEXT) \
- unit1396$(EXEEXT) unit1397$(EXEEXT) unit1398$(EXEEXT)
+ unit1396$(EXEEXT) unit1397$(EXEEXT) unit1398$(EXEEXT) \
+ unit1656$(EXEEXT)
PROGRAMS = $(noinst_PROGRAMS)
am__dirstamp = $(am__leading_dot)dirstamp
am__objects_1 = ../libtest/unit1300-first.$(OBJEXT)
@@ -212,6 +213,12 @@ unit1398_OBJECTS = $(am_unit1398_OBJECTS
unit1398_LDADD = $(LDADD)
unit1398_DEPENDENCIES = $(top_builddir)/src/libcurltool.la \
$(top_builddir)/lib/libcurlu.la
+am__objects_16 = ../libtest/unit1656-first.$(OBJEXT)
+am_unit1656_OBJECTS = unit1656-unit1656.$(OBJEXT) $(am__objects_15)
+unit1656_OBJECTS = $(am_unit1656_OBJECTS)
+unit1656_LDADD = $(LDADD)
+unit1656_DEPENDENCIES = $(top_builddir)/src/libcurltool.la \
+ $(top_builddir)/lib/libcurlu.la
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
@@ -250,13 +257,14 @@ SOURCES = $(unit1300_SOURCES) $(unit1301
$(unit1303_SOURCES) $(unit1304_SOURCES) $(unit1305_SOURCES) \
$(unit1307_SOURCES) $(unit1308_SOURCES) $(unit1309_SOURCES) \
$(unit1330_SOURCES) $(unit1394_SOURCES) $(unit1395_SOURCES) \
- $(unit1396_SOURCES) $(unit1397_SOURCES) $(unit1398_SOURCES)
+ $(unit1396_SOURCES) $(unit1397_SOURCES) $(unit1398_SOURCES) \
+ $(unit1656_SOURCES)
DIST_SOURCES = $(unit1300_SOURCES) $(unit1301_SOURCES) \
$(unit1302_SOURCES) $(unit1303_SOURCES) $(unit1304_SOURCES) \
$(unit1305_SOURCES) $(unit1307_SOURCES) $(unit1308_SOURCES) \
$(unit1309_SOURCES) $(unit1330_SOURCES) $(unit1394_SOURCES) \
$(unit1395_SOURCES) $(unit1396_SOURCES) $(unit1397_SOURCES) \
- $(unit1398_SOURCES)
+ $(unit1398_SOURCES) $(unit1656_SOURCES)
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
@@ -536,7 +544,8 @@ UNITFILES = curlcheck.h \
# These are all unit test programs
UNITPROGS = unit1300 unit1301 unit1302 unit1303 unit1304 unit1305 unit1307 \
- unit1308 unit1309 unit1330 unit1394 unit1395 unit1396 unit1397 unit1398
+ unit1308 unit1309 unit1330 unit1394 unit1395 unit1396 unit1397 unit1398 \
+ unit1656
unit1300_SOURCES = unit1300.c $(UNITFILES)
unit1300_CPPFLAGS = $(AM_CPPFLAGS)
@@ -571,6 +580,8 @@ unit1397_SOURCES = unit1397.c $(UNITFILE
unit1397_CPPFLAGS = $(AM_CPPFLAGS)
unit1398_SOURCES = unit1398.c $(UNITFILES)
unit1398_CPPFLAGS = $(AM_CPPFLAGS)
+unit1656_SOURCES = unit1656.c $(UNITFILES)
+unit1656_CPPFLAGS = $(AM_CPPFLAGS)
all: all-am
.SUFFIXES:
@@ -710,8 +721,13 @@ unit1397$(EXEEXT): $(unit1397_OBJECTS) $
unit1398$(EXEEXT): $(unit1398_OBJECTS) $(unit1398_DEPENDENCIES) $(EXTRA_unit1398_DEPENDENCIES)
@rm -f unit1398$(EXEEXT)
+../libtest/unit1656-first.$(OBJEXT): ../libtest/$(am__dirstamp) \
$(AM_V_CCLD)$(LINK) $(unit1398_OBJECTS) $(unit1398_LDADD) $(LIBS)
+unit1656$(EXEEXT): $(unit1656_OBJECTS) $(unit1656_DEPENDENCIES) $(EXTRA_unit1656_DEPENDENCIES)
+ @rm -f unit1656$(EXEEXT)
+ $(AM_V_CCLD)$(LINK) $(unit1656_OBJECTS) $(unit1656_LDADD) $(LIBS)
+
mostlyclean-compile:
-rm -f *.$(OBJEXT)
-rm -f ../libtest/*.$(OBJEXT)
@@ -734,6 +750,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@../libtest/$(DEPDIR)/unit1396-first.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@../libtest/$(DEPDIR)/unit1397-first.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@../libtest/$(DEPDIR)/unit1398-first.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@../libtest/$(DEPDIR)/unit1656-first.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/unit1300-unit1300.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/unit1301-unit1301.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/unit1302-unit1302.Po@am__quote@
@@ -749,6 +766,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/unit1396-unit1396.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/unit1397-unit1397.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/unit1398-unit1398.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/unit1656-unit1656.Po@am__quote@
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
Index: curl-7.37.0/tests/unit/Makefile.inc
===================================================================
--- curl-7.37.0.orig/tests/unit/Makefile.inc
+++ curl-7.37.0/tests/unit/Makefile.inc
@@ -6,7 +6,8 @@ UNITFILES = curlcheck.h \
# These are all unit test programs
UNITPROGS = unit1300 unit1301 unit1302 unit1303 unit1304 unit1305 unit1307 \
- unit1308 unit1309 unit1330 unit1394 unit1395 unit1396 unit1397 unit1398
+ unit1308 unit1309 unit1330 unit1394 unit1395 unit1396 unit1397 unit1398 \
+ unit1656
unit1300_SOURCES = unit1300.c $(UNITFILES)
unit1300_CPPFLAGS = $(AM_CPPFLAGS)
@@ -56,3 +57,7 @@ unit1397_CPPFLAGS = $(AM_CPPFLAGS)
unit1398_SOURCES = unit1398.c $(UNITFILES)
unit1398_CPPFLAGS = $(AM_CPPFLAGS)
+unit1656_SOURCES = unit1656.c $(UNITFILES)
+unit1656_CPPFLAGS = $(AM_CPPFLAGS)
+
+
