Wind River Support Network

HomeDefectsLIN9-7712
Fixed

LIN9-7712 : curl ftp broken by RCPL27 CVE fix - Missing Commits

Created: Nov 9, 2018    Updated: Nov 22, 2018
Resolved Date: Nov 12, 2018
Previous ID: LIN8-10035
Found In Version: 9.0.0.18
Fix Version: 9.0.0.19
Severity: Standard
Applicable for: Wind River Linux 9
Component/s: Userspace

Description

The patch  .../prj/layers/oe-core/meta/recipes-support/curl/curl/0001-pingpong-use-the-set-buffer-size.patch changes the way of the source of the buffer size from "BUFSIZE" to "(size_t)data->set.buffer_size".

Community: https://github.com/curl/curl/commit/b8191e975faa7810ed3d858205b0b3f0d297f0b2#diff-8ab345f485cd21d3a25dc52b3cf19af3

(size_t)data->set.buffer_size Is allways zero, causing an infinite loop.

Need to backport the rest of the commits (need to be determined) where "set.buffer_size" is set.
https://github.com/curl/curl/blob/b8191e975faa7810ed3d858205b0b3f0d297f0b2/lib/easy.c#L868



Backtrace
========================
Breakpoint 2, Curl_pp_readresp (sockfd=5, pp=pp@entry=0x65b7a0,
    code=code@entry=0x7fffffffe4e0, size=size@entry=0x7fffffffe4d8)
    at /usr/src/debug/curl/7.44.0-r0/curl-7.44.0/lib/pingpong.c:286
286       while((pp->nread_resp < (size_t)data->set.buffer_size) &&
(gdb) bt
#0  Curl_pp_readresp (sockfd=5, pp=pp@entry=0x65b7a0,
    code=code@entry=0x7fffffffe4e0, size=size@entry=0x7fffffffe4d8)
    at /usr/src/debug/curl/7.44.0-r0/curl-7.44.0/lib/pingpong.c:286
#1  0x00007ffff7b918cd in ftp_readresp (size=0x7fffffffe4d8,
    ftpcode=, pp=0x65b7a0, sockfd=)
    at /usr/src/debug/curl/7.44.0-r0/curl-7.44.0/lib/ftp.c:616
#2  ftp_statemach_act (conn=0x65b260)
    at /usr/src/debug/curl/7.44.0-r0/curl-7.44.0/lib/ftp.c:2708
#3  0x00007ffff7b8e7bd in ftp_multi_statemach (done=0x7fffffffe5f1,
    conn=0x65b260) at /usr/src/debug/curl/7.44.0-r0/curl-7.44.0/lib/ftp.c:3146
#4  ftp_connect (conn=0x65b260, done=0x7fffffffe5f1)
    at /usr/src/debug/curl/7.44.0-r0/curl-7.44.0/lib/ftp.c:3209
#5  0x00007ffff7b99ac1 in Curl_protocol_connect (conn=0x65b260,
    protocol_done=protocol_done@entry=0x7fffffffe5f1)
    at /usr/src/debug/curl/7.44.0-r0/curl-7.44.0/lib/url.c:3623
#6  0x00007ffff7babd8e in multi_runsingle (multi=multi@entry=0x651cb0,
    now=..., data=data@entry=0x646880)
    at /usr/src/debug/curl/7.44.0-r0/curl-7.44.0/lib/multi.c:1251
#7  0x00007ffff7bac80e in curl_multi_perform (
    multi_handle=multi_handle@entry=0x651cb0,
    running_handles=running_handles@entry=0x7fffffffe6c4)
    at /usr/src/debug/curl/7.44.0-r0/curl-7.44.0/lib/multi.c:1808
#8  0x00007ffff7ba4f6b in easy_transfer (multi=0x651cb0)
    at /usr/src/debug/curl/7.44.0-r0/curl-7.44.0/lib/easy.c:715
#9  easy_perform (events=false, data=0x646880, data@entry=0x1)
    at /usr/src/debug/curl/7.44.0-r0/curl-7.44.0/lib/easy.c:803
#10 curl_easy_perform (easy=easy@entry=0x646880)
    at /usr/src/debug/curl/7.44.0-r0/curl-7.44.0/lib/easy.c:822
#11 0x000000000040b25b in operate_do (global=global@entry=0x7fffffffeab0,
    config=0x6464b0)
    at /usr/src/debug/curl/7.44.0-r0/curl-7.44.0/src/tool_operate.c:1409
#12 0x000000000040cc6d in operate (config=config@entry=0x7fffffffeab0,
    argc=argc@entry=11, argv=argv@entry=0x7fffffffec18)
    at /usr/src/debug/curl/7.44.0-r0/curl-7.44.0/src/tool_operate.c:1890
#13 0x0000000000402303 in main (argc=11, argv=0x7fffffffec18)
    at /usr/src/debug/curl/7.44.0-r0/curl-7.44.0/src/tool_main.c:252

Steps to Reproduce

HOST
=========
1. Setup FTP server
2. Create user "test" with password "test" (doesn't care the username and/or password, but need to match in the testing step)

BUILD
=========
1. /wrlinux-8/wrlinux/configure --enable-board=intel-x86-64 --enable-kernel=standard --enable-rootfs=glibc-std --with-template=feature/build_libc,feature/package-management --with-package=curl --enable-reconfig --enable-ccache --enable-internet-download=yes --enable-test --with-rcpl-version=0027

2. make
3. make start-target
4. touch x
5. curl --disable-epsv --connect-timeout 5 --upload-file x --verbose --user test:test --url ftp://IPV4_FTP_SERVER_HOST/
6. Wait for the timeout

DEBUG
=========
1. Configure same as above (can be re-used the same project)
2. make -C build curl-dbg.addpkg
3. make -C build gdb.addpkg
4. make -C build curl.clean && make -C build curl && make fs && make start-target
5. touch x 
6. gdb --args curl --disable-epsv --connect-timeout 5 --upload-file x --verbose --user test:test --url ftp://IPV4_FTP_SERVER_HOST/
7. b Curl_pp_readresp
8. run
9. bt

Other Downloads


Live chat
Online