summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLee Chee Yang <chee.yang.lee@intel.com>2023-12-19 13:16:06 +0800
committerSteve Sakoman <steve@sakoman.com>2023-12-29 05:29:13 -1000
commit39aad83070524ce9941e132cff08a3b83824ebdc (patch)
tree44ef526a8767bbd17d61feef5a8e5935aaa26abb
parentef0c19babe32355bd61a9dc3e99d8ec414f0e42a (diff)
downloadpoky-39aad83070524ce9941e132cff08a3b83824ebdc.tar.gz
curl: fix CVE-2023-46218
import patch from ubuntu http://archive.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.68.0-1ubuntu2.21.debian.tar.xz upstream https://github.com/curl/curl/commit/2b0994c29a721c91c57 (From OE-Core rev: 7bf11847b18d2f9a7e5467d686af817cb504b206) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat
-rw-r--r--meta/recipes-support/curl/curl/CVE-2023-46218.patch52
-rw-r--r--meta/recipes-support/curl/curl_7.69.1.bb1
2 files changed, 53 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2023-46218.patch b/meta/recipes-support/curl/curl/CVE-2023-46218.patch
new file mode 100644
index 0000000000..c9677b6a84
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2023-46218.patch
@@ -0,0 +1,52 @@
1CVE: CVE-2023-46218
2Upstream-Status: Backport [ import from ubuntu http://archive.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.68.0-1ubuntu2.21.debian.tar.xz upstream https://github.com/curl/curl/commit/2b0994c29a721c91c57 ]
3Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
4
5Backport of:
6
7From 2b0994c29a721c91c572cff7808c572a24d251eb Mon Sep 17 00:00:00 2001
8From: Daniel Stenberg <daniel@haxx.se>
9Date: Thu, 23 Nov 2023 08:15:47 +0100
10Subject: [PATCH] cookie: lowercase the domain names before PSL checks
11
12Reported-by: Harry Sintonen
13
14Closes #12387
15---
16 lib/cookie.c | 24 ++++++++++++++++--------
17 1 file changed, 16 insertions(+), 8 deletions(-)
18
19--- a/lib/cookie.c
20+++ b/lib/cookie.c
21@@ -967,15 +967,23 @@ Curl_cookie_add(struct Curl_easy *data,
22 #ifdef USE_LIBPSL
23 /* Check if the domain is a Public Suffix and if yes, ignore the cookie. */
24 if(domain && co->domain && !isip(co->domain)) {
25- const psl_ctx_t *psl = Curl_psl_use(data);
26- int acceptable;
27-
28- if(psl) {
29- acceptable = psl_is_cookie_domain_acceptable(psl, domain, co->domain);
30- Curl_psl_release(data);
31+ bool acceptable = FALSE;
32+ char lcase[256];
33+ char lcookie[256];
34+ size_t dlen = strlen(domain);
35+ size_t clen = strlen(co->domain);
36+ if((dlen < sizeof(lcase)) && (clen < sizeof(lcookie))) {
37+ const psl_ctx_t *psl = Curl_psl_use(data);
38+ if(psl) {
39+ /* the PSL check requires lowercase domain name and pattern */
40+ Curl_strntolower(lcase, domain, dlen + 1);
41+ Curl_strntolower(lcookie, co->domain, clen + 1);
42+ acceptable = psl_is_cookie_domain_acceptable(psl, lcase, lcookie);
43+ Curl_psl_release(data);
44+ }
45+ else
46+ acceptable = !bad_domain(domain);
47 }
48- else
49- acceptable = !bad_domain(domain);
50
51 if(!acceptable) {
52 infof(data, "cookie '%s' dropped, domain '%s' must not "
diff --git a/meta/recipes-support/curl/curl_7.69.1.bb b/meta/recipes-support/curl/curl_7.69.1.bb
index 82b07bc554..a8e6c4f3ee 100644
--- a/meta/recipes-support/curl/curl_7.69.1.bb
+++ b/meta/recipes-support/curl/curl_7.69.1.bb
@@ -57,6 +57,7 @@ SRC_URI = "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \
57 file://CVE-2023-38546.patch \ 57 file://CVE-2023-38546.patch \
58 file://CVE-2023-28321.patch \ 58 file://CVE-2023-28321.patch \
59 file://CVE-2023-28322.patch \ 59 file://CVE-2023-28322.patch \
60 file://CVE-2023-46218.patch \
60" 61"
61 62
62SRC_URI[md5sum] = "ec5fc263f898a3dfef08e805f1ecca42" 63SRC_URI[md5sum] = "ec5fc263f898a3dfef08e805f1ecca42"
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-06 01:32:04 +0000