diff options
author | Robert Joslyn <robert.joslyn@redrectangle.org> | 2022-01-14 20:09:07 -0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-01-25 12:07:01 +0000 |
commit | 8400410a4c9fc6abd3156c426ec4b3d5d9a0c60a (patch) | |
tree | ec3f8bb468cdd25ad1642356b64ca6b559bfa9fe /meta/recipes-support/curl/curl/CVE-2021-22945.patch | |
parent | 6fac5cc9f37d9fc405ea948380581ce313d1d5c9 (diff) | |
download | poky-8400410a4c9fc6abd3156c426ec4b3d5d9a0c60a.tar.gz |
curl: Backport CVE fixes
Backport fixes for CVE-2021-22922, CVE-2021-22923, CVE-2021-22945,
CVE-2021-22946, and CVE-2021-22947.
* https://curl.se/docs/CVE-2021-22922.html
* https://curl.se/docs/CVE-2021-22923.html
* https://curl.se/docs/CVE-2021-22945.html
* https://curl.se/docs/CVE-2021-22946.html
* https://curl.se/docs/CVE-2021-22947.html
22922 and 22923 were fixed by upstream by simply removing metalink
support in newer versions. These are mitigated in older versions by
disabling metalink support, which was already done by the recipe, so
whitelist these CVEs.
22945, 22946, and 22947 are backported with only trivial patch fuzz
modifications.
(From OE-Core rev: 705718cfe243e05e0975bad3b822666363ef55df)
Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-support/curl/curl/CVE-2021-22945.patch')
-rw-r--r-- | meta/recipes-support/curl/curl/CVE-2021-22945.patch | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2021-22945.patch b/meta/recipes-support/curl/curl/CVE-2021-22945.patch new file mode 100644 index 0000000000..44c42632ed --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2021-22945.patch | |||
@@ -0,0 +1,35 @@ | |||
1 | From 43157490a5054bd24256fe12876931e8abc9df49 Mon Sep 17 00:00:00 2001 | ||
2 | From: z2_ on hackerone <> | ||
3 | Date: Tue, 24 Aug 2021 09:50:33 +0200 | ||
4 | Subject: [PATCH] mqtt: clear the leftovers pointer when sending succeeds | ||
5 | |||
6 | CVE-2021-22945 | ||
7 | |||
8 | Bug: https://curl.se/docs/CVE-2021-22945.html | ||
9 | |||
10 | Upstream-Status: Backport [https://github.com/curl/curl/commit/43157490a5054bd24256fe12876931e8abc9df49] | ||
11 | |||
12 | Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> | ||
13 | |||
14 | --- | ||
15 | lib/mqtt.c | 4 ++++ | ||
16 | 1 file changed, 4 insertions(+) | ||
17 | |||
18 | diff --git a/lib/mqtt.c b/lib/mqtt.c | ||
19 | index f077e6c3d..fcd40b41e 100644 | ||
20 | --- a/lib/mqtt.c | ||
21 | +++ b/lib/mqtt.c | ||
22 | @@ -128,6 +128,10 @@ static CURLcode mqtt_send(struct Curl_easy *data, | ||
23 | mq->sendleftovers = sendleftovers; | ||
24 | mq->nsend = nsend; | ||
25 | } | ||
26 | + else { | ||
27 | + mq->sendleftovers = NULL; | ||
28 | + mq->nsend = 0; | ||
29 | + } | ||
30 | return result; | ||
31 | } | ||
32 | |||
33 | -- | ||
34 | 2.34.1 | ||
35 | |||