[Bug Report]: Patch for CVE-2021-22901 in reused component curl

Contact Details
weitingcai2020@gmail.com

What happened?
我通过使用V1SCAN（一个扫描存在于复用代码中1-Day漏洞的工具），发现您的项目中Openharmonyv1.0/third_party/curl/lib文件夹下的multi.c文件可能存在漏洞, 具体参考链接如下：

> CVE-2021-22901 in multi.c:
> 相关触发逻辑类似https://github.com/advisories/GHSA-vjwf-ghhc-2p8q
> NVD说明链接：
> https://nvd.nist.gov/vuln/detail/CVE-2021-22901
> commit修复链接:
> https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479

修复方法：
replace the lines at 864-865:
```
if(conn) 
    Curl_llist_remove(&conn->easyq, &data->conn_queue, NULL);  
```
to the following code：
```
if(conn) {
    Curl_llist_remove(&conn->easyq, &data->conn_queue, NULL);
    Curl_ssl_detach_conn(data, conn);
  }
```

考虑到其可能存在的潜在风险，我愿意配合您以负责任的方式及时核实、解决和报告发现的漏洞。 如果您需要任何进一步的信息或帮助，请随时与我联系。如果需要，我也可以提交PR帮助您修复。 谢谢您，期待尽快收到您的回复！

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Bug Report]: Patch for CVE-2021-22901 in reused component curl #5

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

[Bug Report]: Patch for CVE-2021-22901 in reused component curl #5

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions