hoelee/curl-impersonate
1
0
Fork 0
mirror of https://github.com/lwthiker/curl-impersonate.git synced 2025-04-27 07:36:47 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Patch CVE-2023-38545

Browse Source 
CVE-2023-38545 is a high severity heap overflow affecting curl 7.69.0 to
8.3.0, including 8.1.1 which we use for curl-impersonate. Patches were
released for older versions. Apply the patch for our version.

For more details, see https://curl.se/docs/CVE-2023-38545.html
This commit is contained in:
lwthiker 2024-03-03 13:44:12 +02:00
parent 6620b0821e
commit e7b90a0d9c
2 changed files with 34 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
chrome/patches/curl-CVE-2023-38545.patch Normal file
View File

@ -0,0 +1,17 @@
diff -u1 -Nar curl-8.1.1/lib/socks.c curl-8.1.1-patched/lib/socks.c
--- curl-8.1.1/lib/socks.c 2023-05-22 19:15:11.000000000 +0300
+++ curl-8.1.1-patched/lib/socks.c 2024-03-03 13:32:42.814284316 +0200
@@ -590,5 +590,5 @@
if(!socks5_resolve_local && hostname_len > 255) {
- infof(data, "SOCKS5: server resolving disabled for hostnames of "
- "length > 255 [actual len=%zu]", hostname_len);
- socks5_resolve_local = TRUE;
+ failf(data, "SOCKS5: the destination hostname is too long to be "
+ "resolved remotely by the proxy.");
+ return CURLPX_LONG_HOSTNAME;
}
@@ -906,3 +906,3 @@
socksreq[len++] = 3;
- socksreq[len++] = (char) hostname_len; /* one byte address length */
+ socksreq[len++] = (unsigned char) hostname_len; /* one byte length */
memcpy(&socksreq[len], sx->hostname, hostname_len); /* w/o NULL */

17
firefox/patches/curl-CVE-2023-38545.patch Normal file
View File

@ -0,0 +1,17 @@
diff -u1 -Nar curl-8.1.1/lib/socks.c curl-8.1.1-patched/lib/socks.c
--- curl-8.1.1/lib/socks.c 2023-05-22 19:15:11.000000000 +0300
+++ curl-8.1.1-patched/lib/socks.c 2024-03-03 13:32:42.814284316 +0200
@@ -590,5 +590,5 @@
if(!socks5_resolve_local && hostname_len > 255) {
- infof(data, "SOCKS5: server resolving disabled for hostnames of "
- "length > 255 [actual len=%zu]", hostname_len);
- socks5_resolve_local = TRUE;
+ failf(data, "SOCKS5: the destination hostname is too long to be "
+ "resolved remotely by the proxy.");
+ return CURLPX_LONG_HOSTNAME;
}
@@ -906,3 +906,3 @@
socksreq[len++] = 3;
- socksreq[len++] = (char) hostname_len; /* one byte address length */
+ socksreq[len++] = (unsigned char) hostname_len; /* one byte length */
memcpy(&socksreq[len], sx->hostname, hostname_len); /* w/o NULL */