[Feature][ZXW-130]merge P50U02 version
Only Configure: No
Affected branch: master
Affected module: unknow
Is it affected on both ZXIC and MTK: only ZXIC
Self-test: Yes
Doc Update: No
Change-Id: I4f29ec5bb7c59385f23738d2b7ca84e67c100f69
diff --git a/ap/lib/libcurl/curl-7.86.0/include/curl/curl.h b/ap/lib/libcurl/curl-7.86.0/include/curl/curl.h
index e28dd0b..a5a5a0a 100755
--- a/ap/lib/libcurl/curl-7.86.0/include/curl/curl.h
+++ b/ap/lib/libcurl/curl-7.86.0/include/curl/curl.h
@@ -2885,6 +2885,7 @@
CURL_LOCK_DATA_SSL_SESSION,
CURL_LOCK_DATA_CONNECT,
CURL_LOCK_DATA_PSL,
+ CURL_LOCK_DATA_HSTS,//BDSA-2023-0305 //BDSA-2023-0312
CURL_LOCK_DATA_LAST
} curl_lock_data;
diff --git a/ap/lib/libcurl/curl-7.86.0/lib/content_encoding.c b/ap/lib/libcurl/curl-7.86.0/lib/content_encoding.c
index bfc13e2..75ec574 100755
--- a/ap/lib/libcurl/curl-7.86.0/lib/content_encoding.c
+++ b/ap/lib/libcurl/curl-7.86.0/lib/content_encoding.c
@@ -1045,7 +1045,6 @@
const char *enclist, int maybechunked)
{
struct SingleRequest *k = &data->req;
- int counter = 0;
do {
const char *name;
@@ -1079,10 +1078,10 @@
if(!encoding)
encoding = &error_encoding; /* Defer error at stack use. */
-
- if(++counter >= MAX_ENCODE_STACK) {
- failf(data, "Reject response due to %u content encodings",
- counter);
+//BDSA-2023-0316
+ if(k->writer_stack_depth++ >= MAX_ENCODE_STACK) {
+ failf(data, "Reject response due to more than %u content encodings",
+ MAX_ENCODE_STACK);
return CURLE_BAD_CONTENT_ENCODING;
}
/* Stack the unencoding stage. */
diff --git a/ap/lib/libcurl/curl-7.86.0/lib/hsts.c b/ap/lib/libcurl/curl-7.86.0/lib/hsts.c
index e3b686e..a5c13e6 100755
--- a/ap/lib/libcurl/curl-7.86.0/lib/hsts.c
+++ b/ap/lib/libcurl/curl-7.86.0/lib/hsts.c
@@ -40,6 +40,7 @@
#include "fopen.h"
#include "rename.h"
#include "strtoofft.h"
+#include "share.h"//BDSA-2023-0305
/* The last 3 #include files should be in this order */
#include "curl_printf.h"
@@ -426,14 +427,23 @@
if(2 == rc) {
time_t expires = strcmp(date, UNLIMITED) ? Curl_getdate_capped(date) :
TIME_T_MAX;
- CURLcode result;
+ CURLcode result = CURLE_OK;//BDSA-2023-0312
char *p = host;
bool subdomain = FALSE;
+ struct stsentry *e;
if(p[0] == '.') {
p++;
subdomain = TRUE;
}
- result = hsts_create(h, p, subdomain, expires);
+ /* only add it if not already present */
+ e = Curl_hsts(h, p, subdomain);
+ if(!e)
+ result = hsts_create(h, p, subdomain, expires);
+ else {
+ /* the same host name, use the largest expire time */
+ if(expires > e->expires)
+ e->expires = expires;
+ }
if(result)
return result;
}
@@ -551,5 +561,19 @@
return hsts_pull(data, h);
return CURLE_OK;
}
+//BDSA-2023-0305
+void Curl_hsts_loadfiles(struct Curl_easy *data)
+{
+ struct curl_slist *l = data->set.hstslist;
+ if(l) {
+ Curl_share_lock(data, CURL_LOCK_DATA_HSTS, CURL_LOCK_ACCESS_SINGLE);
+
+ while(l) {
+ (void)Curl_hsts_loadfile(data, data->hsts, l->data);
+ l = l->next;
+ }
+ Curl_share_unlock(data, CURL_LOCK_DATA_HSTS);
+ }
+}
#endif /* CURL_DISABLE_HTTP || CURL_DISABLE_HSTS */
diff --git a/ap/lib/libcurl/curl-7.86.0/lib/hsts.h b/ap/lib/libcurl/curl-7.86.0/lib/hsts.h
index 0e36a77..fd7ae77 100755
--- a/ap/lib/libcurl/curl-7.86.0/lib/hsts.h
+++ b/ap/lib/libcurl/curl-7.86.0/lib/hsts.h
@@ -59,9 +59,11 @@
struct hsts *h, const char *file);
CURLcode Curl_hsts_loadcb(struct Curl_easy *data,
struct hsts *h);
+void Curl_hsts_loadfiles(struct Curl_easy *data);//BDSA-2023-0305 //BDSA-2023-0312
#else
#define Curl_hsts_cleanup(x)
#define Curl_hsts_loadcb(x,y) CURLE_OK
#define Curl_hsts_save(x,y,z)
+#define Curl_hsts_loadfiles(x)
#endif /* CURL_DISABLE_HTTP || CURL_DISABLE_HSTS */
#endif /* HEADER_CURL_HSTS_H */
diff --git a/ap/lib/libcurl/curl-7.86.0/lib/http.c b/ap/lib/libcurl/curl-7.86.0/lib/http.c
index f57859e..1063598 100755
--- a/ap/lib/libcurl/curl-7.86.0/lib/http.c
+++ b/ap/lib/libcurl/curl-7.86.0/lib/http.c
@@ -3724,8 +3724,8 @@
#endif
)) {
CURLcode check =
- Curl_hsts_parse(data->hsts, data->state.up.hostname,
- headp + strlen("Strict-Transport-Security:"));
+ Curl_hsts_parse(data->hsts, conn->host.name,
+ headp + strlen("Strict-Transport-Security:"));//CVE-2022-43551(BDSA-2022-3659)
if(check)
infof(data, "Illegal STS header skipped");
#ifdef DEBUGBUILD
diff --git a/ap/lib/libcurl/curl-7.86.0/lib/setopt.c b/ap/lib/libcurl/curl-7.86.0/lib/setopt.c
index 5b59754..a83dc3d 100755
--- a/ap/lib/libcurl/curl-7.86.0/lib/setopt.c
+++ b/ap/lib/libcurl/curl-7.86.0/lib/setopt.c
@@ -2250,10 +2250,15 @@
if(data->share->cookies == data->cookies)
data->cookies = NULL;
#endif
-
+//BDSA-2023-0305
+#ifndef CURL_DISABLE_HSTS
+ if(data->share->hsts == data->hsts)
+ data->hsts = NULL;
+#endif
+#ifdef USE_SSL
if(data->share->sslsession == data->state.session)
data->state.session = NULL;
-
+#endif
#ifdef USE_LIBPSL
if(data->psl == &data->share->psl)
data->psl = data->multi? &data->multi->psl: NULL;
@@ -2287,10 +2292,20 @@
data->cookies = data->share->cookies;
}
#endif /* CURL_DISABLE_HTTP */
+//BDSA-2023-0305
+#ifndef CURL_DISABLE_HSTS
+ if(data->share->hsts) {
+ /* first free the private one if any */
+ Curl_hsts_cleanup(&data->hsts);
+ data->hsts = data->share->hsts;
+ }
+#endif /* CURL_DISABLE_HTTP */
+#ifdef USE_SSL
if(data->share->sslsession) {
data->set.general_ssl.max_ssl_sessions = data->share->max_ssl_sessions;
data->state.session = data->share->sslsession;
}
+#endif
#ifdef USE_LIBPSL
if(data->share->specifier & (1 << CURL_LOCK_DATA_PSL))
data->psl = &data->share->psl;
@@ -2505,7 +2520,15 @@
result = Curl_setstropt(&data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5],
va_arg(param, char *));
break;
-
+//BDSA-2023-0018
+ case CURLOPT_SSH_KNOWNHOSTS:
+ /*
+ * Store the file name to read known hosts from.
+ */
+ result = Curl_setstropt(&data->set.str[STRING_SSH_KNOWNHOSTS],
+ va_arg(param, char *));
+ break;
+#ifdef USE_LIBSSH2
case CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256:
/*
* Option to allow for the SHA256 of the host public key to be checked
@@ -2515,14 +2538,6 @@
va_arg(param, char *));
break;
- case CURLOPT_SSH_KNOWNHOSTS:
- /*
- * Store the file name to read known hosts from.
- */
- result = Curl_setstropt(&data->set.str[STRING_SSH_KNOWNHOSTS],
- va_arg(param, char *));
- break;
-#ifdef USE_LIBSSH2
case CURLOPT_SSH_HOSTKEYFUNCTION:
/* the callback to check the hostkey without the knownhost file */
data->set.ssh_hostkeyfunc = va_arg(param, curl_sshhostkeycallback);
@@ -3040,19 +3055,39 @@
case CURLOPT_HSTSWRITEDATA:
data->set.hsts_write_userp = va_arg(param, void *);
break;
- case CURLOPT_HSTS:
+ case CURLOPT_HSTS: {
+ struct curl_slist *h;
if(!data->hsts) {
data->hsts = Curl_hsts_init();
if(!data->hsts)
return CURLE_OUT_OF_MEMORY;
}
argptr = va_arg(param, char *);
- result = Curl_setstropt(&data->set.str[STRING_HSTS], argptr);
- if(result)
- return result;
- if(argptr)
- (void)Curl_hsts_loadfile(data, data->hsts, argptr);
+ if(argptr) {
+ result = Curl_setstropt(&data->set.str[STRING_HSTS], argptr);
+ if(result)
+ return result;
+ /* this needs to build a list of file names to read from, so that it can
+ read them later, as we might get a shared HSTS handle to load them
+ into */
+ h = curl_slist_append(data->set.hstslist, argptr);
+ if(!h) {
+ curl_slist_free_all(data->set.hstslist);
+ data->set.hstslist = NULL;
+ return CURLE_OUT_OF_MEMORY;
+ }
+ data->set.hstslist = h; /* store the list for later use */
+ }
+ else {
+ /* clear the list of HSTS files */
+ curl_slist_free_all(data->set.hstslist);
+ data->set.hstslist = NULL;
+ if(!data->share || !data->share->hsts)
+ /* throw away the HSTS cache unless shared */
+ Curl_hsts_cleanup(&data->hsts);
+ }
break;
+ }//BDSA-2023-0305
case CURLOPT_HSTS_CTRL:
arg = va_arg(param, long);
if(arg & CURLHSTS_ENABLE) {
diff --git a/ap/lib/libcurl/curl-7.86.0/lib/share.c b/ap/lib/libcurl/curl-7.86.0/lib/share.c
index 1a083e7..22bd4fd 100755
--- a/ap/lib/libcurl/curl-7.86.0/lib/share.c
+++ b/ap/lib/libcurl/curl-7.86.0/lib/share.c
@@ -29,6 +29,10 @@
#include "share.h"
#include "psl.h"
#include "vtls/vtls.h"
+#include "hsts.h"//BDSA-2023-0305
+
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
#include "curl_memory.h"
/* The last #include file should be: */
@@ -88,6 +92,18 @@
res = CURLSHE_NOT_BUILT_IN;
#endif
break;
+//BDSA-2023-0305
+ case CURL_LOCK_DATA_HSTS:
+#ifndef CURL_DISABLE_HSTS
+ if(!share->hsts) {
+ share->hsts = Curl_hsts_init();
+ if(!share->hsts)
+ res = CURLSHE_NOMEM;
+ }
+#else /* CURL_DISABLE_HTTP */
+ res = CURLSHE_NOT_BUILT_IN;
+#endif
+ break;
case CURL_LOCK_DATA_SSL_SESSION:
#ifdef USE_SSL
@@ -140,6 +156,16 @@
res = CURLSHE_NOT_BUILT_IN;
#endif
break;
+//BDSA-2023-0305
+ case CURL_LOCK_DATA_HSTS:
+#ifndef CURL_DISABLE_HSTS
+ if(share->hsts) {
+ Curl_hsts_cleanup(&share->hsts);
+ }
+#else /* CURL_DISABLE_HTTP */
+ res = CURLSHE_NOT_BUILT_IN;
+#endif
+ break;
case CURL_LOCK_DATA_SSL_SESSION:
#ifdef USE_SSL
@@ -206,6 +232,10 @@
#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES)
Curl_cookie_cleanup(share->cookies);
#endif
+//BDSA-2023-0305
+#ifndef CURL_DISABLE_HSTS
+ Curl_hsts_cleanup(&share->hsts);
+#endif
#ifdef USE_SSL
if(share->sslsession) {
diff --git a/ap/lib/libcurl/curl-7.86.0/lib/share.h b/ap/lib/libcurl/curl-7.86.0/lib/share.h
index 32be416..18c79af 100755
--- a/ap/lib/libcurl/curl-7.86.0/lib/share.h
+++ b/ap/lib/libcurl/curl-7.86.0/lib/share.h
@@ -59,10 +59,15 @@
#ifdef USE_LIBPSL
struct PslCache psl;
#endif
-
+//BDSA-2023-0305
+#ifndef CURL_DISABLE_HSTS
+ struct hsts *hsts;
+#endif
+#ifdef USE_SSL
struct Curl_ssl_session *sslsession;
size_t max_ssl_sessions;
long sessionage;
+#endif
};
CURLSHcode Curl_share_lock(struct Curl_easy *, curl_lock_data,
diff --git a/ap/lib/libcurl/curl-7.86.0/lib/smb.c b/ap/lib/libcurl/curl-7.86.0/lib/smb.c
index a62e858..4a44f5f 100755
--- a/ap/lib/libcurl/curl-7.86.0/lib/smb.c
+++ b/ap/lib/libcurl/curl-7.86.0/lib/smb.c
@@ -62,8 +62,6 @@
static CURLcode smb_connection_state(struct Curl_easy *data, bool *done);
static CURLcode smb_do(struct Curl_easy *data, bool *done);
static CURLcode smb_request_state(struct Curl_easy *data, bool *done);
-static CURLcode smb_done(struct Curl_easy *data, CURLcode status,
- bool premature);
static CURLcode smb_disconnect(struct Curl_easy *data,
struct connectdata *conn, bool dead);
static int smb_getsock(struct Curl_easy *data, struct connectdata *conn,
@@ -78,7 +76,7 @@
"SMB", /* scheme */
smb_setup_connection, /* setup_connection */
smb_do, /* do_it */
- smb_done, /* done */
+ ZERO_NULL, /* done */ //BDSA-2022-3660
ZERO_NULL, /* do_more */
smb_connect, /* connect_it */
smb_connection_state, /* connecting */
@@ -105,7 +103,7 @@
"SMBS", /* scheme */
smb_setup_connection, /* setup_connection */
smb_do, /* do_it */
- smb_done, /* done */
+ ZERO_NULL, /* done */ //BDSA-2022-3660
ZERO_NULL, /* do_more */
smb_connect, /* connect_it */
smb_connection_state, /* connecting */
@@ -941,14 +939,6 @@
return CURLE_OK;
}
-static CURLcode smb_done(struct Curl_easy *data, CURLcode status,
- bool premature)
-{
- (void) premature;
- Curl_safefree(data->req.p.smb);
- return status;
-}
-
static CURLcode smb_disconnect(struct Curl_easy *data,
struct connectdata *conn, bool dead)
{
diff --git a/ap/lib/libcurl/curl-7.86.0/lib/telnet.c b/ap/lib/libcurl/curl-7.86.0/lib/telnet.c
index 923c7f8..e2157d8 100755
--- a/ap/lib/libcurl/curl-7.86.0/lib/telnet.c
+++ b/ap/lib/libcurl/curl-7.86.0/lib/telnet.c
@@ -1248,9 +1248,7 @@
curl_slist_free_all(tn->telnet_vars);
tn->telnet_vars = NULL;
-
- Curl_safefree(data->req.p.telnet);
-
+ //BDSA-2022-3660
return CURLE_OK;
}
diff --git a/ap/lib/libcurl/curl-7.86.0/lib/transfer.c b/ap/lib/libcurl/curl-7.86.0/lib/transfer.c
index 441da73..c16f336 100755
--- a/ap/lib/libcurl/curl-7.86.0/lib/transfer.c
+++ b/ap/lib/libcurl/curl-7.86.0/lib/transfer.c
@@ -1469,6 +1469,9 @@
/* If there is a list of host pairs to deal with */
if(data->state.resolve)
result = Curl_loadhostpairs(data);
+//BDSA-2023-0305
+ /* If there is a list of hsts files to read */
+ Curl_hsts_loadfiles(data);
if(!result) {
/* Allow data->set.use_port to set which port to use. This needs to be
diff --git a/ap/lib/libcurl/curl-7.86.0/lib/url.c b/ap/lib/libcurl/curl-7.86.0/lib/url.c
index be5ffca..62b86e0 100755
--- a/ap/lib/libcurl/curl-7.86.0/lib/url.c
+++ b/ap/lib/libcurl/curl-7.86.0/lib/url.c
@@ -445,7 +445,12 @@
Curl_altsvc_save(data, data->asi, data->set.str[STRING_ALTSVC]);
Curl_altsvc_cleanup(&data->asi);
Curl_hsts_save(data, data->hsts, data->set.str[STRING_HSTS]);
- Curl_hsts_cleanup(&data->hsts);
+ //BDSA-2023-0305
+#ifndef CURL_DISABLE_HSTS
+ if(!data->share || !data->share->hsts)
+ Curl_hsts_cleanup(&data->hsts);
+ curl_slist_free_all(data->set.hstslist); /* clean up list */
+#endif
#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_CRYPTO_AUTH)
Curl_http_auth_cleanup_digest(data);
#endif
diff --git a/ap/lib/libcurl/curl-7.86.0/lib/urldata.h b/ap/lib/libcurl/curl-7.86.0/lib/urldata.h
index 1d430b5..7b40cd9 100755
--- a/ap/lib/libcurl/curl-7.86.0/lib/urldata.h
+++ b/ap/lib/libcurl/curl-7.86.0/lib/urldata.h
@@ -709,6 +709,7 @@
struct dohdata *doh; /* DoH specific data for this request */
#endif
unsigned char setcookies;
+ unsigned char writer_stack_depth; /* Unencoding stack depth. */ //BDSA-2023-0316
BIT(header); /* incoming data has HTTP header */
BIT(content_range); /* set TRUE if Content-Range: was found */
BIT(upload_done); /* set to TRUE when doing chunked transfer-encoding
@@ -1700,6 +1701,9 @@
void *seek_client; /* pointer to pass to the seek callback */
#ifndef CURL_DISABLE_HSTS
+//BDSA-2023-0305
+ struct curl_slist *hstslist; /* list of HSTS files set by
+ curl_easy_setopt(HSTS) calls */
curl_hstsread_callback hsts_read;
void *hsts_read_userp;
curl_hstswrite_callback hsts_write;
diff --git a/ap/lib/libcurl/curl-7.86.0/src/tool_operate.c b/ap/lib/libcurl/curl-7.86.0/src/tool_operate.c
index 43c1c5e..662bc55 100755
--- a/ap/lib/libcurl/curl-7.86.0/src/tool_operate.c
+++ b/ap/lib/libcurl/curl-7.86.0/src/tool_operate.c
@@ -2691,6 +2691,7 @@
curl_share_setopt(share, CURLSHOPT_SHARE, CURL_LOCK_DATA_SSL_SESSION);
curl_share_setopt(share, CURLSHOPT_SHARE, CURL_LOCK_DATA_CONNECT);
curl_share_setopt(share, CURLSHOPT_SHARE, CURL_LOCK_DATA_PSL);
+ curl_share_setopt(share, CURLSHOPT_SHARE, CURL_LOCK_DATA_HSTS);//BDSA-2023-0312
/* Get the required arguments for each operation */
do {