Ukuba sengozini (CVE-2023-38545) kukhonjwe ekusetshenzisweni kokwamukela nokuthumela idatha ngenethiwekhi ye-curl kanye nelabhulali ye-libcurl, ethuthukiswayo ngokufana, okungaholela ekuchichimeni kwebhafa kanye nokwenziwa kwekhodi yomhlaseli ku- uhlangothi lweklayenti lapho lufinyelelwa kusetshenziswa insiza ye-curl noma uhlelo lokusebenza olusebenzisa i-libcurl, kuseva ye-HTTPS elawulwa umhlaseli. Inkinga ivela kuphela uma ukufinyelela ngommeleli we-SOCKS5 kunikwe amandla ku-curl. Uma ufinyelela ngokuqondile ngaphandle kommeleli, ukuba sengozini akubonakali. Ukuba sengozini kugxilile ekukhishweni kwe-curl 8.4.0. Umcwaningi wezokuphepha othole isiphazamisi uthole umklomelo ka-$4660 njengengxenye yesinyathelo se-Hackerone's Internet Bug Bounty.
Ukuba sengozini kubangelwa iphutha kukhodi yokuxazulula igama lomethuleli ngaphambi kokufinyelela ummeleli we-SOCKS5. Uma igama lomsingathi lifinyelela ezinhlamvini ezingu-256 ubude, i-curl idlulisela ngokushesha igama kummeleli we-SOCKS5 ukuze ixazululwe ohlangothini lwayo, futhi uma igama lingaphezu kwezinhlamvu ezingu-255, ishintshela kusixazululi sendawo futhi idlulisele ikheli eselichaziwe kakade ku-SOCKS5. . Ngenxa yephutha kukhodi, ifulegi elibonisa isidingo sokulungiswa kwendawo lingasethwa libe inani elingalungile phakathi nezingxoxo ezihamba kancane zoxhumano nge-SOCKS5, okuholele ekurekhodweni kwegama lomsingathi omude kubhafa eyabiwa ngokulindelekile. yokugcina ikheli le-IP noma igama , elingadluli izinhlamvu ezingu-255.
Umnikazi wesayithi okufinyelelwe kulo nge-curl ngommeleli we-SOCKS5 angaqalisa ukuchichima kwebhafa yohlangothi lweklayenti ngokubuyisela ikhodi yokuqondisa kabusha yesicelo (HTTP 30x) nokusetha isihloko esithi "Indawo:" ku-URL enegama lomethuleli kububanzi obungu-16 ukuya phezulu. ukuya ku-64 KB (16 KB ubuncane bosayizi odingekayo ukuze uchichime ibhafa enikeziwe, futhi u-65 KB ubude obuvunyelwe begama lomethuleli ku-URL). Uma ukuqondisa kabusha kwesicelo kunikwe amandla kuzilungiselelo ze-libcurl futhi ummeleli we-SOCKS5 osetshenzisiwe uhamba kancane ngokwanele, khona-ke igama lomsingathi omude lizobhalwa kubhafa encane, ngokusobala enosayizi omncane.
Ukuba sengozini kuthinta kakhulu izinhlelo zokusebenza ezisuselwe ku-libcurl futhi zivela kuhlelo lokugoqa kuphela uma usebenzisa inketho ethi “--limit-rate” enenani elingaphansi kuka-65541 - i-libcurl ngokuzenzakalelayo inika isigcinalwazi esingu-16 KB ngosayizi, kanye nasendaweni esetshenziswayo yokugoba. ingu-100 KB, kodwa lokhu usayizi uyashintsha kuye ngenani lepharamitha “yesilinganiso-umkhawulo”.
UDaniel Stenberg, umbhali wale phrojekthi, uveze ukuthi ubungozi buhlala bungaziwa izinsuku eziyi-1315. Iphinde ithi u-41% wokuba sengozini okuhlonzwe ngaphambilini ku-curl bekungenzeka ukuthi kugwenywe ukube i-curl ibibhalwe ngolimi oluvikela inkumbulo, kodwa azikho izinhlelo zokuphinda ubhale i-curl ngolunye ulimi esikhathini esizayo. Njengezinyathelo zokuthuthukisa ukuphepha kwesisekelo sekhodi, kuhlongozwa ukuthi kwandiswe amathuluzi ekhodi yokuhlola futhi kusetshenziswe ngokugcwele okuncika okubhalwe ngezilimi zokuhlela eziqinisekisa ukusebenza okuphephile ngenkumbulo. Iphinde icubungule ithuba lokushintsha kancane kancane izingxenye ze-curl ngezinketho ezibhalwe ngezilimi ezivikelekile, njenge-hyper HTTP backend yokuhlola esetshenziswa ku-Rust.
Source: opennet.ru