hcq/openGauss-third_party
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
openGauss-third_party/dependency/libcurl/19-CVE-2022-32207_3.patch
buter 8fb94206ac fix CVEs
2022-07-18 19:42:20 +08:00

74 lines
2.1 KiB
Diff
Raw Permalink Blame History

commit e55e32eb40619a2476b93196ed82c82179f85b82
Author: Daniel Stenberg <daniel@haxx.se>
Date: Wed May 25 10:09:54 2022 +0200
[Backport] hsts: use Curl_fopen()
Offering: RTOS
CVE: CVE-2022-32207
Reference: upstream_commit_id=d64115d7bb8ae4c136b620912da523c063f1d2ee
DTS/AR: DTS2022062910035
type: LTS
reason: fix CVE-2022-32207 for curl.
weblink:https://github.com/curl/curl/commit/d64115d7bb8ae4c136b620912da523c063f1d2ee
Signed-off-by: laiyuanyuan <laiyuanyuan.lai@huawei.com>
diff --git a/lib/hsts.c b/lib/hsts.c
index 0d5a58401..1d0263cdf 100644
--- a/lib/hsts.c
+++ b/lib/hsts.c
@@ -35,7 +35,7 @@
#include "sendf.h"
#include "strtoofft.h"
#include "parsedate.h"
-#include "rand.h"
+#include "fopen.h"
#include "rename.h"
#include "strtoofft.h"
@@ -325,8 +325,7 @@ CURLcode Curl_hsts_save(struct Curl_easy *data, struct hsts *h,
struct Curl_llist_element *n;
CURLcode result = CURLE_OK;
FILE *out;
- char *tempstore;
- unsigned char randsuffix[9];
+ char *tempstore = NULL;
if(!h)
/* no cache activated */
@@ -340,17 +339,8 @@ CURLcode Curl_hsts_save(struct Curl_easy *data, struct hsts *h,
/* marked as read-only, no file or zero length file name */
goto skipsave;
- if(Curl_rand_hex(data, randsuffix, sizeof(randsuffix)))
- return CURLE_FAILED_INIT;
-
- tempstore = aprintf("%s.%s.tmp", file, randsuffix);
- if(!tempstore)
- return CURLE_OUT_OF_MEMORY;
-
- out = fopen(tempstore, FOPEN_WRITETEXT);
- if(!out)
- result = CURLE_WRITE_ERROR;
- else {
+ result = Curl_fopen(data, file, &out, &tempstore);
+ if(!result) {
fputs("# Your HSTS cache. https://curl.se/docs/hsts.html\n"
"# This file was generated by libcurl! Edit at your own risk.\n",
out);
@@ -362,10 +352,10 @@ CURLcode Curl_hsts_save(struct Curl_easy *data, struct hsts *h,
break;
}
fclose(out);
- if(!result && Curl_rename(tempstore, file))
+ if(!result && tempstore && Curl_rename(tempstore, file))
result = CURLE_WRITE_ERROR;
- if(result)
+ if(result && tempstore)
unlink(tempstore);
}
free(tempstore);
Reference in New Issue View Git Blame Copy Permalink