diff options
author | Thiruvadi Rajaraman <trajaraman@mvista.com> | 2017-11-04 07:41:53 -0700 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-11-21 14:43:54 +0000 |
commit | c8ebaaaf8d869bf5839368ec20e2f8ad6669bfdd (patch) | |
tree | 860f99ffe545014e3300f42c8b287194c1493218 /meta/recipes-support/curl/curl/CVE-2016-8615.patch | |
parent | a5cbc746facf4529802b703a9731a8a6c4866a83 (diff) | |
download | poky-c8ebaaaf8d869bf5839368ec20e2f8ad6669bfdd.tar.gz |
curl: Security fix for CVE-2016-8615
Affected versions: curl 7.1 to and including 7.50.3
Not affected versions: curl >= 7.51.0
(From OE-Core rev: b754be84206b454789fbd6d444d00a4e422cb3e9)
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-support/curl/curl/CVE-2016-8615.patch')
-rw-r--r-- | meta/recipes-support/curl/curl/CVE-2016-8615.patch | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2016-8615.patch b/meta/recipes-support/curl/curl/CVE-2016-8615.patch new file mode 100644 index 0000000000..d897ade3ce --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2016-8615.patch | |||
@@ -0,0 +1,71 @@ | |||
1 | From 1620f552a277ed5b23a48b9c27dbf07663cac068 Mon Sep 17 00:00:00 2001 | ||
2 | From: Daniel Stenberg <daniel@haxx.se> | ||
3 | Date: Tue, 27 Sep 2016 17:36:19 +0200 | ||
4 | Subject: [PATCH] cookie: replace use of fgets() with custom version | ||
5 | |||
6 | ... that will ignore lines that are too long to fit in the buffer. | ||
7 | |||
8 | CVE-2016-8615 | ||
9 | |||
10 | Bug: https://curl.haxx.se/docs/adv_20161102A.html | ||
11 | Reported-by: Cure53 | ||
12 | |||
13 | Upstream-Status: Backport | ||
14 | https://curl.haxx.se/CVE-2016-8615.patch | ||
15 | |||
16 | CVE: CVE-2016-8615 | ||
17 | Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> | ||
18 | |||
19 | --- | ||
20 | lib/cookie.c | 31 ++++++++++++++++++++++++++++++- | ||
21 | 1 file changed, 30 insertions(+), 1 deletion(-) | ||
22 | |||
23 | Index: curl-7.44.0/lib/cookie.c | ||
24 | =================================================================== | ||
25 | --- curl-7.44.0.orig/lib/cookie.c | ||
26 | +++ curl-7.44.0/lib/cookie.c | ||
27 | @@ -869,6 +869,35 @@ Curl_cookie_add(struct SessionHandle *da | ||
28 | return co; | ||
29 | } | ||
30 | |||
31 | +/* | ||
32 | + * get_line() makes sure to only return complete whole lines that fit in 'len' | ||
33 | + * bytes and end with a newline. | ||
34 | + */ | ||
35 | +static char *get_line(char *buf, int len, FILE *input) | ||
36 | +{ | ||
37 | + bool partial = FALSE; | ||
38 | + while(1) { | ||
39 | + char *b = fgets(buf, len, input); | ||
40 | + if(b) { | ||
41 | + size_t rlen = strlen(b); | ||
42 | + if(rlen && (b[rlen-1] == '\n')) { | ||
43 | + if(partial) { | ||
44 | + partial = FALSE; | ||
45 | + continue; | ||
46 | + } | ||
47 | + return b; | ||
48 | + } | ||
49 | + else | ||
50 | + /* read a partial, discard the next piece that ends with newline */ | ||
51 | + partial = TRUE; | ||
52 | + } | ||
53 | + else | ||
54 | + break; | ||
55 | + } | ||
56 | + return NULL; | ||
57 | +} | ||
58 | + | ||
59 | + | ||
60 | /***************************************************************************** | ||
61 | * | ||
62 | * Curl_cookie_init() | ||
63 | @@ -925,7 +954,7 @@ struct CookieInfo *Curl_cookie_init(stru | ||
64 | line = malloc(MAX_COOKIE_LINE); | ||
65 | if(!line) | ||
66 | goto fail; | ||
67 | - while(fgets(line, MAX_COOKIE_LINE, fp)) { | ||
68 | + while(get_line(line, MAX_COOKIE_LINE, fp)) { | ||
69 | if(checkprefix("Set-Cookie:", line)) { | ||
70 | /* This is a cookie line, get it! */ | ||
71 | lineptr=&line[11]; | ||