diff options
author | Lee Chee Yang <chee.yang.lee@intel.com> | 2023-12-19 13:16:06 +0800 |
---|---|---|
committer | Steve Sakoman <steve@sakoman.com> | 2023-12-29 05:29:13 -1000 |
commit | 39aad83070524ce9941e132cff08a3b83824ebdc (patch) | |
tree | 44ef526a8767bbd17d61feef5a8e5935aaa26abb | |
parent | ef0c19babe32355bd61a9dc3e99d8ec414f0e42a (diff) | |
download | poky-39aad83070524ce9941e132cff08a3b83824ebdc.tar.gz |
curl: fix CVE-2023-46218
import patch from ubuntu
http://archive.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.68.0-1ubuntu2.21.debian.tar.xz
upstream https://github.com/curl/curl/commit/2b0994c29a721c91c57
(From OE-Core rev: 7bf11847b18d2f9a7e5467d686af817cb504b206)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
-rw-r--r-- | meta/recipes-support/curl/curl/CVE-2023-46218.patch | 52 | ||||
-rw-r--r-- | meta/recipes-support/curl/curl_7.69.1.bb | 1 |
2 files changed, 53 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2023-46218.patch b/meta/recipes-support/curl/curl/CVE-2023-46218.patch new file mode 100644 index 0000000000..c9677b6a84 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2023-46218.patch | |||
@@ -0,0 +1,52 @@ | |||
1 | CVE: CVE-2023-46218 | ||
2 | Upstream-Status: Backport [ import from ubuntu http://archive.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.68.0-1ubuntu2.21.debian.tar.xz upstream https://github.com/curl/curl/commit/2b0994c29a721c91c57 ] | ||
3 | Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> | ||
4 | |||
5 | Backport of: | ||
6 | |||
7 | From 2b0994c29a721c91c572cff7808c572a24d251eb Mon Sep 17 00:00:00 2001 | ||
8 | From: Daniel Stenberg <daniel@haxx.se> | ||
9 | Date: Thu, 23 Nov 2023 08:15:47 +0100 | ||
10 | Subject: [PATCH] cookie: lowercase the domain names before PSL checks | ||
11 | |||
12 | Reported-by: Harry Sintonen | ||
13 | |||
14 | Closes #12387 | ||
15 | --- | ||
16 | lib/cookie.c | 24 ++++++++++++++++-------- | ||
17 | 1 file changed, 16 insertions(+), 8 deletions(-) | ||
18 | |||
19 | --- a/lib/cookie.c | ||
20 | +++ b/lib/cookie.c | ||
21 | @@ -967,15 +967,23 @@ Curl_cookie_add(struct Curl_easy *data, | ||
22 | #ifdef USE_LIBPSL | ||
23 | /* Check if the domain is a Public Suffix and if yes, ignore the cookie. */ | ||
24 | if(domain && co->domain && !isip(co->domain)) { | ||
25 | - const psl_ctx_t *psl = Curl_psl_use(data); | ||
26 | - int acceptable; | ||
27 | - | ||
28 | - if(psl) { | ||
29 | - acceptable = psl_is_cookie_domain_acceptable(psl, domain, co->domain); | ||
30 | - Curl_psl_release(data); | ||
31 | + bool acceptable = FALSE; | ||
32 | + char lcase[256]; | ||
33 | + char lcookie[256]; | ||
34 | + size_t dlen = strlen(domain); | ||
35 | + size_t clen = strlen(co->domain); | ||
36 | + if((dlen < sizeof(lcase)) && (clen < sizeof(lcookie))) { | ||
37 | + const psl_ctx_t *psl = Curl_psl_use(data); | ||
38 | + if(psl) { | ||
39 | + /* the PSL check requires lowercase domain name and pattern */ | ||
40 | + Curl_strntolower(lcase, domain, dlen + 1); | ||
41 | + Curl_strntolower(lcookie, co->domain, clen + 1); | ||
42 | + acceptable = psl_is_cookie_domain_acceptable(psl, lcase, lcookie); | ||
43 | + Curl_psl_release(data); | ||
44 | + } | ||
45 | + else | ||
46 | + acceptable = !bad_domain(domain); | ||
47 | } | ||
48 | - else | ||
49 | - acceptable = !bad_domain(domain); | ||
50 | |||
51 | if(!acceptable) { | ||
52 | infof(data, "cookie '%s' dropped, domain '%s' must not " | ||
diff --git a/meta/recipes-support/curl/curl_7.69.1.bb b/meta/recipes-support/curl/curl_7.69.1.bb index 82b07bc554..a8e6c4f3ee 100644 --- a/meta/recipes-support/curl/curl_7.69.1.bb +++ b/meta/recipes-support/curl/curl_7.69.1.bb | |||
@@ -57,6 +57,7 @@ SRC_URI = "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \ | |||
57 | file://CVE-2023-38546.patch \ | 57 | file://CVE-2023-38546.patch \ |
58 | file://CVE-2023-28321.patch \ | 58 | file://CVE-2023-28321.patch \ |
59 | file://CVE-2023-28322.patch \ | 59 | file://CVE-2023-28322.patch \ |
60 | file://CVE-2023-46218.patch \ | ||
60 | " | 61 | " |
61 | 62 | ||
62 | SRC_URI[md5sum] = "ec5fc263f898a3dfef08e805f1ecca42" | 63 | SRC_URI[md5sum] = "ec5fc263f898a3dfef08e805f1ecca42" |