core.git: Branch 'libreoffice-24-2' - external/libcmis

Michael Stahl (via logerrit) Thu, 27 Jun 2024 09:30:15 -0700

 external/libcmis/UnpackedTarball_libcmis.mk   |    1 
 external/libcmis/http-session-cleanup.patch.1 |   82 ++++++++++++++++++++++++++
 2 files changed, 83 insertions(+)


New commits:
commit 3b013c6006640adf9de4609c92b7b45ac0849d6c
Author:     Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Wed Jun 19 18:24:25 2024 +0200
Commit:     Christian Lohmaier <lohmaier+libreoff...@googlemail.com>
CommitDate: Thu Jun 27 18:29:47 2024 +0200

    libcmis: fix UAF on invalid certificate
    
    headers_slist may be used again on the 2nd call to curl_easy_perform()
    in the CURLE_SSL_CACERT case.
    
    Change-Id: I146d7f5dd72e2abd580a68c8ea4c9e56b7adeca3
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169267
    Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
    Tested-by: Jenkins
    (cherry picked from commit 31ac510f0d8e8cb79d564c147ccf7265894cdcda)
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169281
    Reviewed-by: Christian Lohmaier <lohmaier+libreoff...@googlemail.com>

diff --git a/external/libcmis/UnpackedTarball_libcmis.mk 
b/external/libcmis/UnpackedTarball_libcmis.mk
index 5e31b8939fcb..744fcdaa84d3 100644
--- a/external/libcmis/UnpackedTarball_libcmis.mk
+++ b/external/libcmis/UnpackedTarball_libcmis.mk
@@ -14,6 +14,7 @@ $(eval $(call 
gb_UnpackedTarball_set_tarball,libcmis,$(LIBCMIS_TARBALL)))
 $(eval $(call gb_UnpackedTarball_set_patchlevel,libcmis,1))
 
 $(eval $(call gb_UnpackedTarball_add_patches,libcmis,\
+       external/libcmis/http-session-cleanup.patch.1 \
 ))
 
 # vim: set noet sw=4 ts=4:
diff --git a/external/libcmis/http-session-cleanup.patch.1 
b/external/libcmis/http-session-cleanup.patch.1
new file mode 100644
index 000000000000..0c7b352d4407
--- /dev/null
+++ b/external/libcmis/http-session-cleanup.patch.1
@@ -0,0 +1,82 @@
+--- libcmis/src/libcmis/http-session.cxx.orig  2024-06-19 18:04:14.198691623 
+0200
++++ libcmis/src/libcmis/http-session.cxx       2024-06-19 18:09:08.853234764 
+0200
+@@ -670,16 +670,17 @@
+     curl_easy_setopt( m_curlHandle, CURLOPT_URL, url.c_str() );
+ 
+     // Set the headers
+-    struct curl_slist *headers_slist = NULL;
++    struct deleter { void operator()(curl_slist* p) const { 
curl_slist_free_all(p); } };
++    unique_ptr<struct curl_slist, deleter> headers_slist;
+     for ( vector< string >::iterator it = headers.begin( ); it != 
headers.end( ); ++it )
+-        headers_slist = curl_slist_append( headers_slist, it->c_str( ) );
++        headers_slist.reset(curl_slist_append(headers_slist.release(), 
it->c_str()));
+ 
+     // If we are using OAuth2, then add the proper header with token to 
authenticate
+     // Otherwise, just set the credentials normally using in libcurl options
+     if ( m_oauth2Handler != NULL && !m_oauth2Handler->getHttpHeader( 
).empty() )
+     {
+-        headers_slist = curl_slist_append( headers_slist,
+-                                           m_oauth2Handler->getHttpHeader( 
).c_str( ) );
++        headers_slist.reset(curl_slist_append(headers_slist.release(),
++                                           
m_oauth2Handler->getHttpHeader().c_str()));
+     }
+     else if ( !getUsername().empty() )
+     {
+@@ -693,7 +693,7 @@
+ #endif
+     }
+ 
+-    curl_easy_setopt( m_curlHandle, CURLOPT_HTTPHEADER, headers_slist );
++    curl_easy_setopt(m_curlHandle, CURLOPT_HTTPHEADER, headers_slist.get());
+ 
+     // Set the proxy configuration if any
+     if ( !libcmis::SessionFactory::getProxy( ).empty() )
+@@ -747,9 +747,6 @@
+     // Perform the query
+     CURLcode errCode = curl_easy_perform( m_curlHandle );
+ 
+-    // Free the headers list
+-    curl_slist_free_all( headers_slist );
+-
+     // Process the response
+     bool isHttpError = errCode == CURLE_HTTP_RETURNED_ERROR;
+     if ( CURLE_OK != errCode && !( m_noHttpErrors && isHttpError ) )
+--- libcmis/src/libcmis/sharepoint-session.cxx.orig    2024-06-19 
18:04:35.761804551 +0200
++++ libcmis/src/libcmis/sharepoint-session.cxx 2024-06-19 18:08:44.563107553 
+0200
+@@ -200,12 +200,13 @@
+     curl_easy_setopt( m_curlHandle, CURLOPT_URL, url.c_str() );
+ 
+     // Set the headers
+-    struct curl_slist *headers_slist = NULL;
++    struct deleter { void operator()(curl_slist* p) const { 
curl_slist_free_all(p); } };
++    unique_ptr<struct curl_slist, deleter> headers_slist;
+     for ( vector< string >::iterator it = headers.begin( ); it != 
headers.end( ); ++it )
+-        headers_slist = curl_slist_append( headers_slist, it->c_str( ) );
++        headers_slist.reset(curl_slist_append(headers_slist.release(), 
it->c_str()));
+ 
+-    headers_slist = curl_slist_append( headers_slist, 
"accept:application/json; odata=verbose" );
+-    headers_slist = curl_slist_append( headers_slist, ( "x-requestdigest:" + 
m_digestCode ).c_str( ) );
++    headers_slist.reset(curl_slist_append(headers_slist.release(), 
"accept:application/json; odata=verbose"));
++    headers_slist.reset(curl_slist_append(headers_slist.release(), 
("x-requestdigest:" + m_digestCode).c_str()));
+ 
+     if ( !getUsername().empty() && !getPassword().empty() )
+     {
+@@ -220,7 +219,7 @@
+ #endif
+     }
+ 
+-    curl_easy_setopt( m_curlHandle, CURLOPT_HTTPHEADER, headers_slist );
++    curl_easy_setopt(m_curlHandle, CURLOPT_HTTPHEADER, headers_slist.get());
+ 
+     // Set the proxy configuration if any
+     if ( !libcmis::SessionFactory::getProxy( ).empty() )
+@@ -274,9 +273,6 @@
+     // Perform the query
+     CURLcode errCode = curl_easy_perform( m_curlHandle );
+ 
+-    // Free the headers list
+-    curl_slist_free_all( headers_slist );
+-
+     // Process the response
+     bool isHttpError = errCode == CURLE_HTTP_RETURNED_ERROR;
+     if ( CURLE_OK != errCode && !( m_noHttpErrors && isHttpError ) )

core.git: Branch 'libreoffice-24-2' - external/libcmis

Reply via email to