openGauss-third_party/dependency/libcurl/1-CVE-2021-22945.patch

commit 398c6c8e13241ab9a216671f5c8f892a9e25d131
Author: z2_ on hackerone <>
Date:   Tue Aug 24 09:50:33 2021 +0200

    [Backport] mqtt: clear the leftovers pointer when sending succeeds
    
    Offering: RTOS
    CVE: CVE-2021-22945
    Reference: https://github.com/curl/curl/commit/43157490a5054bd
    
    DTS/AR: DTS2021091628899
    type: LTS
    reason: fix CVE-2021-22945 for version 7.78.0
    
    CVE-2021-22945
    
    Bug: https://curl.se/docs/CVE-2021-22945.html
    Signed-off-by: lijingyu <lijingyu21@huawei.com>

diff --git a/lib/mqtt.c b/lib/mqtt.c
index f077e6c3d..fcd40b41e 100644
--- a/lib/mqtt.c
+++ b/lib/mqtt.c
@@ -128,6 +128,10 @@ static CURLcode mqtt_send(struct Curl_easy *data,
     mq->sendleftovers = sendleftovers;
     mq->nsend = nsend;
   }
+  else {
+    mq->sendleftovers = NULL;
+    mq->nsend = 0;
+  }
   return result;
 }