Blame SOURCES/0075-curl-7.29.0-CVE-2020-8177.patch

dcd8c1
From a6fcd8a32f3b1c5d80e524f8b2c1de32e6ecdb2b Mon Sep 17 00:00:00 2001
dcd8c1
From: Daniel Stenberg <daniel@haxx.se>
dcd8c1
Date: Sun, 31 May 2020 23:09:59 +0200
dcd8c1
Subject: [PATCH] tool_getparam: -i is not OK if -J is used
dcd8c1
dcd8c1
Reported-by: sn on hackerone
dcd8c1
Bug: https://curl.haxx.se/docs/CVE-2020-8177.html
dcd8c1
dcd8c1
Upstream-commit: 8236aba58542c5f89f1d41ca09d84579efb05e22
dcd8c1
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
dcd8c1
---
dcd8c1
 src/tool_cb_hdr.c   | 6 ++++++
dcd8c1
 src/tool_getparam.c | 5 +++++
dcd8c1
 2 files changed, 11 insertions(+)
dcd8c1
dcd8c1
diff --git a/src/tool_cb_hdr.c b/src/tool_cb_hdr.c
dcd8c1
index 3b10238..b80707f 100644
dcd8c1
--- a/src/tool_cb_hdr.c
dcd8c1
+++ b/src/tool_cb_hdr.c
dcd8c1
@@ -112,6 +112,12 @@ size_t tool_header_cb(void *ptr, size_t size, size_t nmemb, void *userdata)
dcd8c1
       len = (ssize_t)cb - (p - str);
dcd8c1
       filename = parse_filename(p, len);
dcd8c1
       if(filename) {
dcd8c1
+        if(outs->stream) {
dcd8c1
+          /* indication of problem, get out! */
dcd8c1
+          free(filename);
dcd8c1
+          return failure;
dcd8c1
+        }
dcd8c1
+
dcd8c1
         outs->filename = filename;
dcd8c1
         outs->alloc_filename = TRUE;
dcd8c1
         outs->is_cd_filename = TRUE;
dcd8c1
diff --git a/src/tool_getparam.c b/src/tool_getparam.c
dcd8c1
index 764caa2..c5c7429 100644
dcd8c1
--- a/src/tool_getparam.c
dcd8c1
+++ b/src/tool_getparam.c
dcd8c1
@@ -1404,6 +1404,11 @@ ParameterError getparameter(char *flag,    /* f or -long-flag */
dcd8c1
         return err;
dcd8c1
       break;
dcd8c1
     case 'i':
dcd8c1
+      if(config->content_disposition) {
dcd8c1
+        warnf(config,
dcd8c1
+              "--include and --remote-header-name cannot be combined.\n");
dcd8c1
+        return PARAM_BAD_USE;
dcd8c1
+      }
dcd8c1
       config->include_headers = toggle; /* include the headers as well in the
dcd8c1
                                            general output stream */
dcd8c1
       break;
dcd8c1
-- 
dcd8c1
2.21.3
dcd8c1