diff options
author | Ross Burton <ross.burton@intel.com> | 2018-06-28 18:37:54 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-06-29 11:07:45 +0100 |
commit | 4205e87a7717bccbe034f1334ae1b3d1130d7e57 (patch) | |
tree | 45bb332a385f0b5c1534a07f2fd59ffa4ba743d3 /meta/recipes-support/libsoup/libsoup-2.4 | |
parent | 0c09b20036c2220ea0aeacd41e79efb04923e5cc (diff) | |
download | poky-4205e87a7717bccbe034f1334ae1b3d1130d7e57.tar.gz |
libsoup: fix CVE-2018-12910
(From OE-Core rev: 112683815ed1f63a96e845f264a2fd3390c6d01b)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-support/libsoup/libsoup-2.4')
-rw-r--r-- | meta/recipes-support/libsoup/libsoup-2.4/CVE-2018-12910.patch | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2018-12910.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2018-12910.patch new file mode 100644 index 0000000000..158bf93093 --- /dev/null +++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2018-12910.patch | |||
@@ -0,0 +1,32 @@ | |||
1 | CVE: CVE-2018-12910 | ||
2 | Upstream-Status: Backport | ||
3 | Signed-off-by: Ross Burton <ross.burton@intel.com> | ||
4 | |||
5 | From db2b0d5809d5f8226d47312b40992cadbcde439f Mon Sep 17 00:00:00 2001 | ||
6 | From: Michael Catanzaro <mcatanzaro@igalia.com> | ||
7 | Date: Sun, 24 Jun 2018 19:46:19 -0500 | ||
8 | Subject: [PATCH] cookie-jar: bail if hostname is an empty string | ||
9 | |||
10 | There are several other ways to fix the problem with this function, but | ||
11 | skipping over all of the code is probably the simplest. | ||
12 | |||
13 | Fixes #3 | ||
14 | --- | ||
15 | libsoup/soup-cookie-jar.c | 2 +- | ||
16 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
17 | |||
18 | diff --git a/libsoup/soup-cookie-jar.c b/libsoup/soup-cookie-jar.c | ||
19 | index 2369c8a7..b2b78909 100644 | ||
20 | --- a/libsoup/soup-cookie-jar.c | ||
21 | +++ b/libsoup/soup-cookie-jar.c | ||
22 | @@ -307,7 +307,7 @@ get_cookies (SoupCookieJar *jar, SoupURI *uri, gboolean for_http, gboolean copy_ | ||
23 | |||
24 | priv = soup_cookie_jar_get_instance_private (jar); | ||
25 | |||
26 | - if (!uri->host) | ||
27 | + if (!uri->host || !uri->host[0]) | ||
28 | return NULL; | ||
29 | |||
30 | /* The logic here is a little weird, but the plan is that if | ||
31 | -- | ||
32 | 2.17.1 | ||