代码拉取完成,页面将自动刷新
同步操作将从 src-openEuler/curl 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
From 5c7da89d404bf59c8dd82a001119a16d18365917 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 9 May 2022 10:07:15 +0200
Subject: [PATCH] nss: return error if seemingly stuck in a cert loop
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
CVE-2022-27781
Reported-by: Florian Kohnhäuser
Bug: https://curl.se/docs/CVE-2022-27781.html
Closes #8822
---
lib/vtls/nss.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index 5b7de9f81895..569c0628feb5 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -983,6 +983,9 @@ static void display_cert_info(struct Curl_easy *data,
PR_Free(common_name);
}
+/* A number of certs that will never occur in a real server handshake */
+#define TOO_MANY_CERTS 300
+
static CURLcode display_conn_info(struct Curl_easy *data, PRFileDesc *sock)
{
CURLcode result = CURLE_OK;
@@ -1018,6 +1021,11 @@ static CURLcode display_conn_info(struct Curl_easy *data, PRFileDesc *sock)
cert2 = CERT_FindCertIssuer(cert, now, certUsageSSLCA);
while(cert2) {
i++;
+ if(i >= TOO_MANY_CERTS) {
+ CERT_DestroyCertificate(cert2);
+ failf(data, "certificate loop");
+ return CURLE_SSL_CERTPROBLEM;
+ }
if(cert2->isRoot) {
CERT_DestroyCertificate(cert2);
break;
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。