summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSona Sarmadi <sona.sarmadi@enea.com>2016-11-15 09:08:11 (GMT)
committerSona Sarmadi <sona.sarmadi@enea.com>2017-02-10 11:21:36 (GMT)
commite225939e7d4a3adf377eb354557148572a508cc7 (patch)
treec04853884913677a587fa075470c572a383ac2c0
parentb9d34c10e7ff7222130488c11fdf44b401f254c1 (diff)
downloadpoky-e225939e7d4a3adf377eb354557148572a508cc7.tar.gz
curl: CVE-2016-8616
case insensitive password comparison Affected versions: curl 7.7 to and including 7.50.3 Reference: https://curl.haxx.se/docs/adv_20161102B.html Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r--meta/recipes-support/curl/curl/CVE-2016-8616.patch49
-rw-r--r--meta/recipes-support/curl/curl_7.47.1.bb1
2 files changed, 50 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2016-8616.patch b/meta/recipes-support/curl/curl/CVE-2016-8616.patch
new file mode 100644
index 0000000..d5d78fc
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2016-8616.patch
@@ -0,0 +1,49 @@
1From b3ee26c5df75d97f6895e6ec4538894ebaf76e48 Mon Sep 17 00:00:00 2001
2From: Daniel Stenberg <daniel@haxx.se>
3Date: Tue, 27 Sep 2016 18:01:53 +0200
4Subject: [PATCH] connectionexists: use case sensitive user/password
5 comparisons
6
7CVE: CVE-2016-8616
8Upstream-Status: Backport
9
10Bug: https://curl.haxx.se/docs/adv_20161102B.html
11Reported-by: Cure53
12Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
13
14diff -ruN a/lib/url.c b/lib/url.c
15--- a/lib/url.c 2016-11-07 08:50:23.030126833 +0100
16+++ b/lib/url.c 2016-11-07 09:16:20.459836564 +0100
17@@ -3305,8 +3305,8 @@
18 if(!(needle->handler->flags & PROTOPT_CREDSPERREQUEST)) {
19 /* This protocol requires credentials per connection,
20 so verify that we're using the same name and password as well */
21- if(!strequal(needle->user, check->user) ||
22- !strequal(needle->passwd, check->passwd)) {
23+ if(strcmp(needle->user, check->user) ||
24+ strcmp(needle->passwd, check->passwd)) {
25 /* one of them was different */
26 continue;
27 }
28@@ -3369,8 +3369,8 @@
29 possible. (Especially we must not reuse the same connection if
30 partway through a handshake!) */
31 if(wantNTLMhttp) {
32- if(!strequal(needle->user, check->user) ||
33- !strequal(needle->passwd, check->passwd))
34+ if(strcmp(needle->user, check->user) ||
35+ strcmp(needle->passwd, check->passwd))
36 continue;
37 }
38 else if(check->ntlm.state != NTLMSTATE_NONE) {
39@@ -3380,8 +3380,8 @@
40
41 /* Same for Proxy NTLM authentication */
42 if(wantProxyNTLMhttp) {
43- if(!strequal(needle->proxyuser, check->proxyuser) ||
44- !strequal(needle->proxypasswd, check->proxypasswd))
45+ if(strcmp(needle->proxyuser, check->proxyuser) ||
46+ strcmp(needle->proxypasswd, check->proxypasswd))
47 continue;
48 }
49 else if(check->proxyntlm.state != NTLMSTATE_NONE) {
diff --git a/meta/recipes-support/curl/curl_7.47.1.bb b/meta/recipes-support/curl/curl_7.47.1.bb
index 1f2758c..20c3721 100644
--- a/meta/recipes-support/curl/curl_7.47.1.bb
+++ b/meta/recipes-support/curl/curl_7.47.1.bb
@@ -16,6 +16,7 @@ SRC_URI += " file://configure_ac.patch \
16 file://CVE-2016-5421.patch \ 16 file://CVE-2016-5421.patch \
17 file://CVE-2016-7141.patch \ 17 file://CVE-2016-7141.patch \
18 file://CVE-2016-8615.patch \ 18 file://CVE-2016-8615.patch \
19 file://CVE-2016-8616.patch \
19 " 20 "
20 21
21SRC_URI[md5sum] = "9ea3123449439bbd960cd25cf98796fb" 22SRC_URI[md5sum] = "9ea3123449439bbd960cd25cf98796fb"