File curl-CVE-2023-28322.patch of Package curl-mini.30929
From 7815647d6582c0a4900be2e1de6c5e61272c496b Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 25 Apr 2023 08:28:01 +0200
Subject: [PATCH] lib: unify the upload/method handling
By making sure we set state.upload based on the set.method value and not
independently as set.upload, we reduce confusion and mixup risks, both
internally and externally.
Closes #11017
---
lib/curl_rtmp.c | 4 ++--
lib/file.c | 4 ++--
lib/ftp.c | 8 ++++----
lib/http.c | 4 ++--
lib/imap.c | 6 +++---
lib/rtsp.c | 4 ++--
lib/setopt.c | 6 ++----
lib/smb.c | 6 +++---
lib/smtp.c | 4 ++--
lib/tftp.c | 8 ++++----
lib/transfer.c | 4 ++--
lib/urldata.h | 2 +-
lib/vssh/libssh.c | 6 +++---
lib/vssh/libssh2.c | 6 +++---
lib/vssh/wolfssh.c | 2 +-
15 files changed, 36 insertions(+), 38 deletions(-)
Index: curl-7.60.0/lib/curl_rtmp.c
===================================================================
--- curl-7.60.0.orig/lib/curl_rtmp.c
+++ curl-7.60.0/lib/curl_rtmp.c
@@ -211,7 +211,7 @@ static CURLcode rtmp_connect(struct conn
/* We have to know if it's a write before we send the
* connect request packet
*/
- if(conn->data->set.upload)
+ if(conn->data->state.upload)
r->Link.protocol |= RTMP_FEATURE_WRITE;
/* For plain streams, use the buffer toggle trick to keep data flowing */
@@ -242,7 +242,7 @@ static CURLcode rtmp_do(struct connectda
if(!RTMP_ConnectStream(r, 0))
return CURLE_FAILED_INIT;
- if(conn->data->set.upload) {
+ if(conn->data->state.upload) {
Curl_pgrsSetUploadSize(conn->data, conn->data->state.infilesize);
Curl_setup_transfer(conn, -1, -1, FALSE, NULL, FIRSTSOCKET, NULL);
}
Index: curl-7.60.0/lib/file.c
===================================================================
--- curl-7.60.0.orig/lib/file.c
+++ curl-7.60.0/lib/file.c
@@ -196,7 +196,7 @@ static CURLcode file_connect(struct conn
file->freepath = real_path; /* free this when done */
file->fd = fd;
- if(!data->set.upload && (fd == -1)) {
+ if(!data->state.upload && (fd == -1)) {
failf(data, "Couldn't open file %s", data->state.path);
file_done(conn, CURLE_FILE_COULDNT_READ_FILE, FALSE);
return CURLE_FILE_COULDNT_READ_FILE;
@@ -390,7 +390,7 @@ static CURLcode file_do(struct connectda
Curl_initinfo(data);
Curl_pgrsStartNow(data);
- if(data->set.upload)
+ if(data->state.upload)
return file_upload(conn);
file = conn->data->req.protop;
Index: curl-7.60.0/lib/ftp.c
===================================================================
--- curl-7.60.0.orig/lib/ftp.c
+++ curl-7.60.0/lib/ftp.c
@@ -1385,7 +1385,7 @@ static CURLcode ftp_state_prepare_transf
data->set.str[STRING_CUSTOMREQUEST]:
(data->set.ftp_list_only?"NLST":"LIST"));
}
- else if(data->set.upload) {
+ else if(data->state.upload) {
PPSENDF(&conn->proto.ftpc.pp, "PRET STOR %s", conn->proto.ftpc.file);
}
else {
@@ -3311,7 +3311,7 @@ static CURLcode ftp_done(struct connectd
/* the response code from the transfer showed an error already so no
use checking further */
;
- else if(data->set.upload) {
+ else if(data->state.upload) {
if((-1 != data->state.infilesize) &&
(data->state.infilesize != *ftp->bytecountp) &&
!data->set.crlf &&
@@ -3579,7 +3579,7 @@ static CURLcode ftp_do_more(struct conne
connected back to us */
}
}
- else if(data->set.upload) {
+ else if(data->state.upload) {
result = ftp_nb_type(conn, data->set.prefer_ascii, FTP_STOR_TYPE);
if(result)
return result;
@@ -4263,7 +4263,7 @@ CURLcode ftp_parse_url_path(struct conne
ftpc->file = NULL; /* instead of point to a zero byte, we make it a NULL
pointer */
- if(data->set.upload && !ftpc->file && (ftp->transfer == FTPTRANSFER_BODY)) {
+ if(data->state.upload && !ftpc->file && (ftp->transfer == FTPTRANSFER_BODY)) {
/* We need a file name when uploading. Return error! */
failf(data, "Uploading to a URL without a file name!");
return CURLE_URL_MALFORMAT;
Index: curl-7.60.0/lib/http.c
===================================================================
--- curl-7.60.0.orig/lib/http.c
+++ curl-7.60.0/lib/http.c
@@ -1877,7 +1877,7 @@ CURLcode Curl_http(struct connectdata *c
http->writebytecount = http->readbytecount = 0;
if((conn->handler->protocol&(PROTO_FAMILY_HTTP|CURLPROTO_FTP)) &&
- data->set.upload) {
+ data->state.upload) {
httpreq = HTTPREQ_PUT;
}
@@ -2046,7 +2046,7 @@ CURLcode Curl_http(struct connectdata *c
if((conn->handler->protocol & PROTO_FAMILY_HTTP) &&
(((httpreq == HTTPREQ_POST_MIME || httpreq == HTTPREQ_POST_FORM) &&
http->postsize < 0) ||
- (data->set.upload && data->state.infilesize == -1))) {
+ (data->state.upload && data->state.infilesize == -1))) {
if(conn->bits.authneg)
/* don't enable chunked during auth neg */
;
Index: curl-7.60.0/lib/imap.c
===================================================================
--- curl-7.60.0.orig/lib/imap.c
+++ curl-7.60.0/lib/imap.c
@@ -1466,10 +1466,10 @@ static CURLcode imap_done(struct connect
result = status; /* use the already set error code */
}
else if(!data->set.connect_only && !imap->custom &&
- (imap->uid || data->set.upload ||
+ (imap->uid || data->state.upload ||
data->set.mimepost.kind != MIMEKIND_NONE)) {
/* Handle responses after FETCH or APPEND transfer has finished */
- if(!data->set.upload && data->set.mimepost.kind == MIMEKIND_NONE)
+ if(!data->state.upload && data->set.mimepost.kind == MIMEKIND_NONE)
state(conn, IMAP_FETCH_FINAL);
else {
/* End the APPEND command first by sending an empty line */
@@ -1539,7 +1539,7 @@ static CURLcode imap_perform(struct conn
selected = TRUE;
/* Start the first command in the DO phase */
- if(conn->data->set.upload || data->set.mimepost.kind != MIMEKIND_NONE)
+ if(conn->data->state.upload || data->set.mimepost.kind != MIMEKIND_NONE)
/* APPEND can be executed directly */
result = imap_perform_append(conn);
else if(imap->custom && (selected || !imap->mailbox))
Index: curl-7.60.0/lib/rtsp.c
===================================================================
--- curl-7.60.0.orig/lib/rtsp.c
+++ curl-7.60.0/lib/rtsp.c
@@ -527,7 +527,7 @@ static CURLcode rtsp_do(struct connectda
rtspreq == RTSPREQ_SET_PARAMETER ||
rtspreq == RTSPREQ_GET_PARAMETER) {
- if(data->set.upload) {
+ if(data->state.upload) {
putsize = data->state.infilesize;
data->set.httpreq = HTTPREQ_PUT;
@@ -545,7 +545,7 @@ static CURLcode rtsp_do(struct connectda
if(!Curl_checkheaders(conn, "Content-Length")) {
result = Curl_add_bufferf(req_buffer,
"Content-Length: %" CURL_FORMAT_CURL_OFF_T"\r\n",
- (data->set.upload ? putsize : postsize));
+ (data->state.upload ? putsize : postsize));
if(result)
return result;
}
Index: curl-7.60.0/lib/setopt.c
===================================================================
--- curl-7.60.0.orig/lib/setopt.c
+++ curl-7.60.0/lib/setopt.c
@@ -227,8 +227,8 @@ CURLcode Curl_vsetopt(struct Curl_easy *
* We want to sent data to the remote host. If this is HTTP, that equals
* using the PUT request.
*/
- data->set.upload = (0 != va_arg(param, long)) ? TRUE : FALSE;
- if(data->set.upload) {
+ arg = va_arg(param, long);
+ if(arg) {
/* If this is HTTP, PUT is what's needed to "upload" */
data->set.httpreq = HTTPREQ_PUT;
data->set.opt_no_body = FALSE; /* this is implied */
@@ -494,7 +494,6 @@ CURLcode Curl_vsetopt(struct Curl_easy *
}
else
data->set.httpreq = HTTPREQ_GET;
- data->set.upload = FALSE;
break;
case CURLOPT_COPYPOSTFIELDS:
@@ -804,7 +803,6 @@ CURLcode Curl_vsetopt(struct Curl_easy *
*/
if(va_arg(param, long)) {
data->set.httpreq = HTTPREQ_GET;
- data->set.upload = FALSE; /* switch off upload */
data->set.opt_no_body = FALSE; /* this is implied */
}
break;
Index: curl-7.60.0/lib/smb.c
===================================================================
--- curl-7.60.0.orig/lib/smb.c
+++ curl-7.60.0/lib/smb.c
@@ -513,7 +513,7 @@ static CURLcode smb_send_open(struct con
byte_count = strlen(req->path);
msg.name_length = smb_swap16((unsigned short)byte_count);
msg.share_access = smb_swap32(SMB_FILE_SHARE_ALL);
- if(conn->data->set.upload) {
+ if(conn->data->state.upload) {
msg.access = smb_swap32(SMB_GENERIC_READ | SMB_GENERIC_WRITE);
msg.create_disposition = smb_swap32(SMB_FILE_OVERWRITE_IF);
}
@@ -780,7 +780,7 @@ static CURLcode smb_request_state(struct
smb_m = (const struct smb_nt_create_response*) msg;
req->fid = smb_swap16(smb_m->fid);
conn->data->req.offset = 0;
- if(conn->data->set.upload) {
+ if(conn->data->state.upload) {
conn->data->req.size = conn->data->state.infilesize;
Curl_pgrsSetUploadSize(conn->data, conn->data->req.size);
next_state = SMB_UPLOAD;
Index: curl-7.60.0/lib/smtp.c
===================================================================
--- curl-7.60.0.orig/lib/smtp.c
+++ curl-7.60.0/lib/smtp.c
@@ -1211,7 +1211,7 @@ static CURLcode smtp_done(struct connect
result = status; /* use the already set error code */
}
else if(!data->set.connect_only && data->set.mail_rcpt &&
- (data->set.upload || data->set.mimepost.kind)) {
+ (data->state.upload || data->set.mimepost.kind)) {
/* Calculate the EOB taking into account any terminating CRLF from the
previous line of the email or the CRLF of the DATA command when there
is "no mail data". RFC-5321, sect. 4.1.1.4.
@@ -1303,7 +1303,7 @@ static CURLcode smtp_perform(struct conn
smtp->eob = 2;
/* Start the first command in the DO phase */
- if((data->set.upload || data->set.mimepost.kind) && data->set.mail_rcpt)
+ if((data->state.upload || data->set.mimepost.kind) && data->set.mail_rcpt)
/* MAIL transfer */
result = smtp_perform_mail(conn);
else
Index: curl-7.60.0/lib/tftp.c
===================================================================
--- curl-7.60.0.orig/lib/tftp.c
+++ curl-7.60.0/lib/tftp.c
@@ -391,7 +391,7 @@ static CURLcode tftp_parse_option_ack(tf
/* tsize should be ignored on upload: Who cares about the size of the
remote file? */
- if(!data->set.upload) {
+ if(!data->state.upload) {
if(!tsize) {
failf(data, "invalid tsize -:%s:- value in OACK packet", value);
return CURLE_TFTP_ILLEGAL;
@@ -471,7 +471,7 @@ static CURLcode tftp_send_first(tftp_sta
return result;
}
- if(data->set.upload) {
+ if(data->state.upload) {
/* If we are uploading, send an WRQ */
setpacketevent(&state->spacket, TFTP_EVENT_WRQ);
state->conn->data->req.upload_fromhere =
@@ -505,7 +505,7 @@ static CURLcode tftp_send_first(tftp_sta
/* optional addition of TFTP options */
if(!data->set.tftp_no_options) {
/* add tsize option */
- if(data->set.upload && (data->state.infilesize != -1))
+ if(data->state.upload && (data->state.infilesize != -1))
snprintf(buf, sizeof(buf), "%" CURL_FORMAT_CURL_OFF_T,
data->state.infilesize);
else
@@ -546,7 +546,7 @@ static CURLcode tftp_send_first(tftp_sta
break;
case TFTP_EVENT_OACK:
- if(data->set.upload) {
+ if(data->state.upload) {
result = tftp_connect_for_tx(state, event);
}
else {
Index: curl-7.60.0/lib/transfer.c
===================================================================
--- curl-7.60.0.orig/lib/transfer.c
+++ curl-7.60.0/lib/transfer.c
@@ -1301,6 +1301,7 @@ void Curl_init_CONNECT(struct Curl_easy
{
data->state.fread_func = data->set.fread_func_set;
data->state.in = data->set.in_set;
+ data->state.upload = (data->set.httpreq == HTTPREQ_PUT);
}
/*
@@ -1964,7 +1965,7 @@ CURLcode Curl_retry_request(struct conne
/* if we're talking upload, we can't do the checks below, unless the protocol
is HTTP as when uploading over HTTP we will still get a response */
- if(data->set.upload &&
+ if(data->state.upload &&
!(conn->handler->protocol&(PROTO_FAMILY_HTTP|CURLPROTO_RTSP)))
return CURLE_OK;
Index: curl-7.60.0/lib/urldata.h
===================================================================
--- curl-7.60.0.orig/lib/urldata.h
+++ curl-7.60.0/lib/urldata.h
@@ -1336,6 +1336,7 @@ struct UrlState {
struct Curl_easy *stream_depends_on;
bool stream_depends_e; /* set or don't set the Exclusive bit */
int stream_weight;
+ bool upload; /* upload request */
#ifdef CURLDEBUG
bool conncache_lock;
#endif
@@ -1606,7 +1607,6 @@ struct UserDefined {
bool http_set_referer; /* is a custom referer used */
bool http_auto_referer; /* set "correct" referer when following location: */
bool opt_no_body; /* as set with CURLOPT_NOBODY */
- bool upload; /* upload request */
enum CURL_NETRC_OPTION
use_netrc; /* defined in include/curl.h */
bool verbose; /* output verbosity */
Index: curl-7.60.0/lib/ssh-libssh.c
===================================================================
--- curl-7.60.0.orig/lib/ssh-libssh.c
+++ curl-7.60.0/lib/ssh-libssh.c
@@ -1058,7 +1058,7 @@ static CURLcode myssh_statemach_act(stru
}
case SSH_SFTP_TRANS_INIT:
- if(data->set.upload)
+ if(data->state.upload)
state(conn, SSH_SFTP_UPLOAD_INIT);
else {
if(protop->path[strlen(protop->path)-1] == '/')
@@ -1669,7 +1669,7 @@ static CURLcode myssh_statemach_act(stru
/* Functions from the SCP subsystem cannot handle/return SSH_AGAIN */
ssh_set_blocking(sshc->ssh_session, 1);
- if(data->set.upload) {
+ if(data->state.upload) {
if(data->state.infilesize < 0) {
failf(data, "SCP requires a known file size for upload");
sshc->actualcode = CURLE_UPLOAD_FAILED;
@@ -1772,7 +1772,7 @@ static CURLcode myssh_statemach_act(stru
break;
}
case SSH_SCP_DONE:
- if(data->set.upload)
+ if(data->state.upload)
state(conn, SSH_SCP_SEND_EOF);
else
state(conn, SSH_SCP_CHANNEL_FREE);
Index: curl-7.60.0/lib/ssh.c
===================================================================
--- curl-7.60.0.orig/lib/ssh.c
+++ curl-7.60.0/lib/ssh.c
@@ -1642,7 +1642,7 @@ static CURLcode ssh_statemach_act(struct
}
case SSH_SFTP_TRANS_INIT:
- if(data->set.upload)
+ if(data->state.upload)
state(conn, SSH_SFTP_UPLOAD_INIT);
else {
if(sftp_scp->path[strlen(sftp_scp->path)-1] == '/')
@@ -2345,7 +2345,7 @@ static CURLcode ssh_statemach_act(struct
break;
}
- if(data->set.upload) {
+ if(data->state.upload) {
if(data->state.infilesize < 0) {
failf(data, "SCP requires a known file size for upload");
sshc->actualcode = CURLE_UPLOAD_FAILED;
@@ -2484,7 +2484,7 @@ static CURLcode ssh_statemach_act(struct
break;
case SSH_SCP_DONE:
- if(data->set.upload)
+ if(data->state.upload)
state(conn, SSH_SCP_SEND_EOF);
else
state(conn, SSH_SCP_CHANNEL_FREE);
