diff options
Diffstat (limited to 'recipes-support/curl/curl/CVE-2017-8817.patch')
-rw-r--r-- | recipes-support/curl/curl/CVE-2017-8817.patch | 135 |
1 files changed, 0 insertions, 135 deletions
diff --git a/recipes-support/curl/curl/CVE-2017-8817.patch b/recipes-support/curl/curl/CVE-2017-8817.patch deleted file mode 100644 index e8429b2..0000000 --- a/recipes-support/curl/curl/CVE-2017-8817.patch +++ /dev/null | |||
@@ -1,135 +0,0 @@ | |||
1 | From 438a9ebfe9c4dc850ca2ed858bf5b8c31ce15ef5 Mon Sep 17 00:00:00 2001 | ||
2 | From: Sona Sarmadi <sona.sarmadi@enea.com> | ||
3 | Date: Fri, 2 Mar 2018 08:48:05 +0100 | ||
4 | Subject: [PATCH] curl: fix for CVE-2017-8817 | ||
5 | |||
6 | wildcardmatch: fix heap buffer overflow in setcharset | ||
7 | |||
8 | The code would previous read beyond the end of the pattern string if the | ||
9 | match pattern ends with an open bracket when the default pattern | ||
10 | matching function is used. | ||
11 | |||
12 | Detected by OSS-Fuzz: | ||
13 | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4161 | ||
14 | |||
15 | CVE: CVE-2017-8817 | ||
16 | Upstream-Status: Backport [https://curl.haxx.se/CVE-2017-8817.patch] | ||
17 | |||
18 | Bug: https://curl.haxx.se/docs/adv_2017-ae72.html | ||
19 | |||
20 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
21 | --- | ||
22 | lib/curl_fnmatch.c | 9 +++------ | ||
23 | tests/data/Makefile.inc | 2 +- | ||
24 | tests/data/test1163 | 52 +++++++++++++++++++++++++++++++++++++++++++++++++ | ||
25 | 3 files changed, 56 insertions(+), 7 deletions(-) | ||
26 | create mode 100644 tests/data/test1163 | ||
27 | |||
28 | diff --git a/lib/curl_fnmatch.c b/lib/curl_fnmatch.c | ||
29 | index 46d3ada..5dd5323 100644 | ||
30 | --- a/lib/curl_fnmatch.c | ||
31 | +++ b/lib/curl_fnmatch.c | ||
32 | @@ -133,6 +133,9 @@ static int setcharset(unsigned char **p, unsigned char *charset) | ||
33 | unsigned char c; | ||
34 | for(;;) { | ||
35 | c = **p; | ||
36 | + if(!c) | ||
37 | + return SETCHARSET_FAIL; | ||
38 | + | ||
39 | switch(state) { | ||
40 | case CURLFNM_SCHS_DEFAULT: | ||
41 | if(ISALNUM(c)) { /* ASCII value */ | ||
42 | @@ -196,9 +199,6 @@ static int setcharset(unsigned char **p, unsigned char *charset) | ||
43 | else | ||
44 | return SETCHARSET_FAIL; | ||
45 | } | ||
46 | - else if(c == '\0') { | ||
47 | - return SETCHARSET_FAIL; | ||
48 | - } | ||
49 | else { | ||
50 | charset[c] = 1; | ||
51 | (*p)++; | ||
52 | @@ -277,9 +277,6 @@ static int setcharset(unsigned char **p, unsigned char *charset) | ||
53 | else if(c == ']') { | ||
54 | return SETCHARSET_OK; | ||
55 | } | ||
56 | - else if(c == '\0') { | ||
57 | - return SETCHARSET_FAIL; | ||
58 | - } | ||
59 | else if(ISPRINT(c)) { | ||
60 | charset[c] = 1; | ||
61 | (*p)++; | ||
62 | diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc | ||
63 | index 5284654..942f9ee 100644 | ||
64 | --- a/tests/data/Makefile.inc | ||
65 | +++ b/tests/data/Makefile.inc | ||
66 | @@ -122,7 +122,7 @@ test1128 test1129 test1130 test1131 test1132 test1133 test1134 test1135 \ | ||
67 | test1136 test1137 test1138 test1139 test1140 test1141 test1142 test1143 \ | ||
68 | test1144 test1145 test1146 \ | ||
69 | test1152 \ | ||
70 | -\ | ||
71 | +test1163 \ | ||
72 | test1200 test1201 test1202 test1203 test1204 test1205 test1206 test1207 \ | ||
73 | test1208 test1209 test1210 test1211 test1212 test1213 test1214 test1215 \ | ||
74 | test1216 test1217 test1218 test1219 \ | ||
75 | diff --git a/tests/data/test1163 b/tests/data/test1163 | ||
76 | new file mode 100644 | ||
77 | index 0000000..3266fa8 | ||
78 | --- /dev/null | ||
79 | +++ b/tests/data/test1163 | ||
80 | @@ -0,0 +1,52 @@ | ||
81 | +<testcase> | ||
82 | +<info> | ||
83 | +<keywords> | ||
84 | +FTP | ||
85 | +RETR | ||
86 | +LIST | ||
87 | +wildcardmatch | ||
88 | +ftplistparser | ||
89 | +flaky | ||
90 | +</keywords> | ||
91 | +</info> | ||
92 | + | ||
93 | +# | ||
94 | +# Server-side | ||
95 | +<reply> | ||
96 | +<data> | ||
97 | +</data> | ||
98 | +</reply> | ||
99 | + | ||
100 | +# Client-side | ||
101 | +<client> | ||
102 | +<server> | ||
103 | +ftp | ||
104 | +</server> | ||
105 | +<tool> | ||
106 | +lib576 | ||
107 | +</tool> | ||
108 | +<name> | ||
109 | +FTP wildcard with pattern ending with an open-bracket | ||
110 | +</name> | ||
111 | +<command> | ||
112 | +"ftp://%HOSTIP:%FTPPORT/fully_simulated/DOS/*[][" | ||
113 | +</command> | ||
114 | +</client> | ||
115 | +<verify> | ||
116 | +<protocol> | ||
117 | +USER anonymous | ||
118 | +PASS ftp@example.com | ||
119 | +PWD | ||
120 | +CWD fully_simulated | ||
121 | +CWD DOS | ||
122 | +EPSV | ||
123 | +TYPE A | ||
124 | +LIST | ||
125 | +QUIT | ||
126 | +</protocol> | ||
127 | +# 78 == CURLE_REMOTE_FILE_NOT_FOUND | ||
128 | +<errorcode> | ||
129 | +78 | ||
130 | +</errorcode> | ||
131 | +</verify> | ||
132 | +</testcase> | ||
133 | -- | ||
134 | 1.9.1 | ||
135 | |||