summaryrefslogtreecommitdiff
path: root/backport-0002-CVE-2023-46219.patch
diff options
context:
space:
mode:
Diffstat (limited to 'backport-0002-CVE-2023-46219.patch')
-rw-r--r--backport-0002-CVE-2023-46219.patch80
1 files changed, 80 insertions, 0 deletions
diff --git a/backport-0002-CVE-2023-46219.patch b/backport-0002-CVE-2023-46219.patch
new file mode 100644
index 0000000..c9c08ec
--- /dev/null
+++ b/backport-0002-CVE-2023-46219.patch
@@ -0,0 +1,80 @@
+From f27b8dba73295cb5296a50f2c19c0739b502eb94 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Fri, 24 Nov 2023 09:46:32 +0100
+Subject: [PATCH] fopen: allocate the dir after fopen
+
+Move the allocation of the directory name down to after the fopen() call
+to allow that shortcut code path to avoid a superfluous malloc+free
+cycle.
+
+Follow-up to 73b65e94f35311
+
+Closes #12398
+
+Conflict:NA
+Reference:https://github.com/curl/curl/commit/f27b8dba73295cb5296a50f2c19c0739b502eb94
+---
+ lib/fopen.c | 20 +++++++++-----------
+ 1 file changed, 9 insertions(+), 11 deletions(-)
+
+diff --git a/lib/fopen.c b/lib/fopen.c
+index 2e726cc95..851279fe1 100644
+--- a/lib/fopen.c
++++ b/lib/fopen.c
+@@ -99,18 +99,13 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename,
+ char *tempstore = NULL;
+ struct_stat sb;
+ int fd = -1;
+- char *dir;
++ char *dir = NULL;
+ *tempname = NULL;
+
+- dir = dirslash(filename);
+- if(!dir)
+- goto fail;
+-
+ *fh = fopen(filename, FOPEN_WRITETEXT);
+ if(!*fh)
+ goto fail;
+ if(fstat(fileno(*fh), &sb) == -1 || !S_ISREG(sb.st_mode)) {
+- free(dir);
+ return CURLE_OK;
+ }
+ fclose(*fh);
+@@ -120,9 +115,14 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename,
+ if(result)
+ goto fail;
+
+- /* The temp file name should not end up too long for the target file
+- system */
+- tempstore = aprintf("%s%s.tmp", dir, randbuf);
++ dir = dirslash(filename);
++ if(dir) {
++ /* The temp file name should not end up too long for the target file
++ system */
++ tempstore = aprintf("%s%s.tmp", dir, randbuf);
++ free(dir);
++ }
++
+ if(!tempstore) {
+ result = CURLE_OUT_OF_MEMORY;
+ goto fail;
+@@ -137,7 +137,6 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename,
+ if(!*fh)
+ goto fail;
+
+- free(dir);
+ *tempname = tempstore;
+ return CURLE_OK;
+
+@@ -148,7 +147,6 @@ fail:
+ }
+
+ free(tempstore);
+- free(dir);
+ return result;
+ }
+
+--
+2.33.0
+
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-29 21:44:24 +0000