diff options
author | Sona Sarmadi <sona.sarmadi@enea.com> | 2017-04-21 12:29:17 +0200 |
---|---|---|
committer | Adrian Dudau <adrian.dudau@enea.com> | 2017-04-21 13:54:14 +0200 |
commit | 3fc5d271f554e07c88b1195812e48a0d86291395 (patch) | |
tree | aa886d608aee07639e7a841d0618ccd0bda97bc7 /meta/recipes-support/curl/curl/CVE-2016-5419.patch | |
parent | 9ee38b3a027470c98f7337dceac67ba06420c075 (diff) | |
download | poky-3fc5d271f554e07c88b1195812e48a0d86291395.tar.gz |
curl: Upgrade 7.47.1 -> 7.53.1
Security vulnerabilities fixed between 7.47.1 and 7.53.1 versions:
=================================================================
TLS session resumption client cert bypass (again): CVE-2017-XXXX
--write-out out of buffer read: CVE-2017-7407
SSL_VERIFYSTATUS ignored: CVE-2017-2629
uninitialized random: CVE-2016-9594
printf floating point buffer overflow: CVE-2016-9586
Win CE schannel cert wildcard matches too much: CVE-2016-9952
Win CE schannel cert name out of buffer read: CVE-2016-9953
cookie injection for other servers: CVE-2016-8615
case insensitive password comparison: CVE-2016-8616
OOB write via unchecked multiplication: CVE-2016-8617
double-free in curl_maprintf: CVE-2016-8618
double-free in krb5 code: CVE-2016-8619
glob parser write/read out of bounds: CVE-2016-8620
curl_getdate read out of bounds: CVE-2016-8621
URL unescape heap overflow via integer truncation: CVE-2016-8622
Use-after-free via shared cookies: CVE-2016-8623
invalid URL parsing with '#': CVE-2016-8624
IDNA 2003 makes curl use wrong host: CVE-2016-8625
curl escape and unescape integer overflows: CVE-2016-7167
Incorrect reuse of client certificates: CVE-2016-7141
TLS session resumption client cert bypass: CVE-2016-5419
Re-using connections with wrong client cert: CVE-2016-5420
use of connection struct after free: CVE-2016-5421
Windows DLL hijacking: CVE-2016-4802
TLS certificate check bypass with mbedTLS/PolarSSL: CVE-2016-3739
Reference:
https://curl.haxx.se/docs/security.html
https://curl.haxx.se/changes.html
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
Diffstat (limited to 'meta/recipes-support/curl/curl/CVE-2016-5419.patch')
-rw-r--r-- | meta/recipes-support/curl/curl/CVE-2016-5419.patch | 76 |
1 files changed, 0 insertions, 76 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2016-5419.patch b/meta/recipes-support/curl/curl/CVE-2016-5419.patch deleted file mode 100644 index 2bea362c87..0000000000 --- a/meta/recipes-support/curl/curl/CVE-2016-5419.patch +++ /dev/null | |||
@@ -1,76 +0,0 @@ | |||
1 | From 247d890da88f9ee817079e246c59f3d7d12fde5f Mon Sep 17 00:00:00 2001 | ||
2 | From: Daniel Stenberg <daniel@haxx.se> | ||
3 | Date: Fri, 1 Jul 2016 13:32:31 +0200 | ||
4 | Subject: [PATCH] TLS: switch off SSL session id when client cert is used | ||
5 | |||
6 | |||
7 | Bug: https://curl.haxx.se/docs/adv_20160803A.html | ||
8 | Reported-by: Bru Rom | ||
9 | Contributions-by: Eric Rescorla and Ray Satiro | ||
10 | |||
11 | Upstream-Status: Backport | ||
12 | https://curl.haxx.se/CVE-2016-5419.patch | ||
13 | |||
14 | CVE: CVE-2016-5419 | ||
15 | Signed-off-by: Maxin B. John <maxin.john@intel.com> | ||
16 | --- | ||
17 | lib/url.c | 1 + | ||
18 | lib/urldata.h | 1 + | ||
19 | lib/vtls/vtls.c | 10 ++++++++++ | ||
20 | 3 files changed, 12 insertions(+) | ||
21 | |||
22 | diff --git a/lib/url.c b/lib/url.c | ||
23 | index 258a286..e547e5c 100644 | ||
24 | --- a/lib/url.c | ||
25 | +++ b/lib/url.c | ||
26 | @@ -6123,6 +6123,7 @@ static CURLcode create_conn(struct Curl_easy *data, | ||
27 | data->set.ssl.random_file = data->set.str[STRING_SSL_RANDOM_FILE]; | ||
28 | data->set.ssl.egdsocket = data->set.str[STRING_SSL_EGDSOCKET]; | ||
29 | data->set.ssl.cipher_list = data->set.str[STRING_SSL_CIPHER_LIST]; | ||
30 | + data->set.ssl.clientcert = data->set.str[STRING_CERT]; | ||
31 | #ifdef USE_TLS_SRP | ||
32 | data->set.ssl.username = data->set.str[STRING_TLSAUTH_USERNAME]; | ||
33 | data->set.ssl.password = data->set.str[STRING_TLSAUTH_PASSWORD]; | ||
34 | diff --git a/lib/urldata.h b/lib/urldata.h | ||
35 | index 611c5a7..3cf7ed9 100644 | ||
36 | --- a/lib/urldata.h | ||
37 | +++ b/lib/urldata.h | ||
38 | @@ -351,6 +351,7 @@ struct ssl_config_data { | ||
39 | char *CAfile; /* certificate to verify peer against */ | ||
40 | const char *CRLfile; /* CRL to check certificate revocation */ | ||
41 | const char *issuercert;/* optional issuer certificate filename */ | ||
42 | + char *clientcert; | ||
43 | char *random_file; /* path to file containing "random" data */ | ||
44 | char *egdsocket; /* path to file containing the EGD daemon socket */ | ||
45 | char *cipher_list; /* list of ciphers to use */ | ||
46 | diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c | ||
47 | index d3e41cd..33e209d 100644 | ||
48 | --- a/lib/vtls/vtls.c | ||
49 | +++ b/lib/vtls/vtls.c | ||
50 | @@ -156,6 +156,15 @@ Curl_clone_ssl_config(struct ssl_config_data *source, | ||
51 | else | ||
52 | dest->random_file = NULL; | ||
53 | |||
54 | + if(source->clientcert) { | ||
55 | + dest->clientcert = strdup(source->clientcert); | ||
56 | + if(!dest->clientcert) | ||
57 | + return FALSE; | ||
58 | + dest->sessionid = FALSE; | ||
59 | + } | ||
60 | + else | ||
61 | + dest->clientcert = NULL; | ||
62 | + | ||
63 | return TRUE; | ||
64 | } | ||
65 | |||
66 | @@ -166,6 +175,7 @@ void Curl_free_ssl_config(struct ssl_config_data* sslc) | ||
67 | Curl_safefree(sslc->cipher_list); | ||
68 | Curl_safefree(sslc->egdsocket); | ||
69 | Curl_safefree(sslc->random_file); | ||
70 | + Curl_safefree(sslc->clientcert); | ||
71 | } | ||
72 | |||
73 | |||
74 | -- | ||
75 | 2.4.0 | ||
76 | |||