summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTudor Florea <tudor.florea@enea.com>2015-07-06 22:27:49 (GMT)
committerTudor Florea <tudor.florea@enea.com>2015-07-06 22:27:49 (GMT)
commite8be346c3a210a1b4da8b6943c5fe2e5556d29b9 (patch)
tree2ab32758d38996168b218b03cb5287bb2fe4f5a7
parent430207c9cf87ca0a1e82fcb9915ad890a8e5720f (diff)
downloadpoky-e8be346c3a210a1b4da8b6943c5fe2e5556d29b9.tar.gz
curl: CVE-2014-8150
CVE-2014-8150, URL request injection: When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. Reference http://curl.haxx.se/docs/adv_20150108B.html Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
-rw-r--r--meta/recipes-support/curl/curl/CVE-2014-8150.patch36
-rw-r--r--meta/recipes-support/curl/curl_7.35.0.bb1
2 files changed, 37 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2014-8150.patch b/meta/recipes-support/curl/curl/CVE-2014-8150.patch
new file mode 100644
index 0000000..b5945fb
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2014-8150.patch
@@ -0,0 +1,36 @@
1From 4e2ac2afa94f014a2a015c48c678e2367a63ae82 Mon Sep 17 00:00:00 2001
2From: Daniel Stenberg <daniel@haxx.se>
3Date: Thu, 25 Dec 2014 23:55:03 +0100
4Subject: [PATCH] url-parsing: reject CRLFs within URLs
5
6Bug: http://curl.haxx.se/docs/adv_20150108B.html
7Reported-by: Andrey Labunets
8---
9 lib/url.c | 7 +++++++
10 1 file changed, 7 insertions(+)
11
12diff --git a/lib/url.c b/lib/url.c
13index 788f048..d3bb5e0 100644
14--- a/lib/url.c
15+++ b/lib/url.c
16@@ -3840,10 +3840,17 @@ static CURLcode parseurlandfillconn(struct SessionHandle *data,
17 CURLcode result;
18 bool rebuild_url = FALSE;
19
20 *prot_missing = FALSE;
21
22+ /* We might pass the entire URL into the request so we need to make sure
23+ * there are no bad characters in there.*/
24+ if(strpbrk(data->change.url, "\r\n")) {
25+ failf(data, "Illegal characters found in URL");
26+ return CURLE_URL_MALFORMAT;
27+ }
28+
29 /*************************************************************
30 * Parse the URL.
31 *
32 * We need to parse the url even when using the proxy, because we will need
33 * the hostname and port in case we are trying to SSL connect through the
34--
352.1.4
36
diff --git a/meta/recipes-support/curl/curl_7.35.0.bb b/meta/recipes-support/curl/curl_7.35.0.bb
index 5fa7277..3eb6265 100644
--- a/meta/recipes-support/curl/curl_7.35.0.bb
+++ b/meta/recipes-support/curl/curl_7.35.0.bb
@@ -14,6 +14,7 @@ SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \
14 file://CVE-2014-3613.patch \ 14 file://CVE-2014-3613.patch \
15 file://CVE-2014-3620.patch \ 15 file://CVE-2014-3620.patch \
16 file://CVE-2014-3707.patch \ 16 file://CVE-2014-3707.patch \
17 file://CVE-2014-8150.patch \
17" 18"
18 19
19# curl likes to set -g0 in CFLAGS, so we stop it 20# curl likes to set -g0 in CFLAGS, so we stop it