Mercurial Mercurial > upstream > oracle > userland-gate / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/curl/patches/011-CVE-2016-5421.patch
branchs11u3-sru
changeset 7255 c7815ed3b336 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/curl/patches/011-CVE-2016-5421.patch	Tue Oct 25 14:43:21 2016 -0700
@@ -0,0 +1,33 @@
+From ccb7d79b62c8b15a6be446f9c9fd3767c01eb5b6 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <[email protected]>
+Date: Sun, 31 Jul 2016 01:09:04 +0200
+Subject: [PATCH] curl_multi_cleanup: clear connection pointer for easy handles
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+CVE-2016-5421
+Bug: https://curl.haxx.se/docs/adv_20160803C.html
+Reported-by: Marcelo Echeverria and Fernando Muñoz
+---
+ lib/multi.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- lib/multi.c
++++ lib/multi.c
+@@ -2155,10 +2155,12 @@ static void close_all_connections(struct Curl_multi *multi)
+   while(conn) {
+     SIGPIPE_VARIABLE(pipe_st);
+     conn->data = multi->closure_handle;
+ 
+     sigpipe_ignore(conn->data, &pipe_st);
++    conn->data->easy_conn = NULL; /* clear the easy handle's connection
++                                     pointer */
+     /* This will remove the connection from the cache */
+     (void)Curl_disconnect(conn, FALSE);
+     sigpipe_restore(&pipe_st);
+ 
+     conn = Curl_conncache_find_first_connection(&multi->conn_cache);
+-- 
+2.8.1
+
upstream/oracle/userland-gate