curl: Fix for CVE-2021-22898

Applied trivial patch for cve issue CVE-2021-22898 Link: https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde (From OE-Core rev: ba99fce9354555e556158a0af8ec809ae00cb62b) Signed-off-by: Neetika.Singh <Neetika.Singh@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Neetika Singh <Neetika.Singh@kpit.com> 2021-07-26 22:57:46 +0530
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2021-08-10 11:14:11 +0100
commit: 02476f72f47b328ce53734da11baf4d68a0b44f2 (patch)
tree: 8d6f32edc85ead5641e28b346350c4050d3ac52d /meta/recipes-support
parent: 1d36ed33069d76898115eaf271fa1f15dea9b657 (diff)
download: poky-02476f72f47b328ce53734da11baf4d68a0b44f2.tar.gz
2 files changed, 27 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2021-22898.patch b/meta/recipes-support/curl/curl/CVE-2021-22898.patch
new file mode 100644
index 0000000000..0800e10175
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2021-22898.patch
@@ -0,0 +1,26 @@
+From 39ce47f219b09c380b81f89fe54ac586c8db6bde Mon Sep 17 00:00:00 2001
+From: Harry Sintonen <sintonen@iki.fi>
+Date: Fri, 7 May 2021 13:09:57 +0200
+Subject: [PATCH] telnet: check sscanf() for correct number of matches
+CVE: CVE-2021-22898
+Upstream-Status: Backport
+Link: https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde
+Bug: https://curl.se/docs/CVE-2021-22898.html
+---
+ lib/telnet.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/lib/telnet.c b/lib/telnet.c
+index 26e0658ba9cc..fdd137fb0c04 100644
+--- a/lib/telnet.c
+++ b/lib/telnet.c
+@@ -922,7 +922,7 @@ static void suboption(struct Curl_easy *data)
+         size_t tmplen = (strlen(v->data) + 1);
+         /* Add the variable only if it fits */
+         if(len + tmplen < (int)sizeof(temp)-6) {
+-          if(sscanf(v->data, "%127[^,],%127s", varname, varval)) {
+          if(sscanf(v->data, "%127[^,],%127s", varname, varval) == 2) {
+             msnprintf((char *)&temp[len], sizeof(temp) - len,
+                       "%c%s%c%s", CURL_NEW_ENV_VAR, varname,
+                       CURL_NEW_ENV_VALUE, varval);
diff --git a/meta/recipes-support/curl/curl_7.69.1.bb b/meta/recipes-support/curl/curl_7.69.1.bb
index 13ab29cf69..9b510bcf9f 100644
--- a/meta/recipes-support/curl/curl_7.69.1.bb
+++ b/meta/recipes-support/curl/curl_7.69.1.bb
@@ -19,6 +19,7 @@ SRC_URI = "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \
           file://CVE-2020-8286.patch \
           file://CVE-2021-22876.patch \
           file://CVE-2021-22890.patch \
+           file://CVE-2021-22898.patch \
 "
 SRC_URI[md5sum] = "ec5fc263f898a3dfef08e805f1ecca42"
author	Neetika Singh <Neetika.Singh@kpit.com>	2021-07-26 22:57:46 +0530
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2021-08-10 11:14:11 +0100
commit	02476f72f47b328ce53734da11baf4d68a0b44f2 (patch)
tree	8d6f32edc85ead5641e28b346350c4050d3ac52d /meta/recipes-support
parent	1d36ed33069d76898115eaf271fa1f15dea9b657 (diff)
download	poky-02476f72f47b328ce53734da11baf4d68a0b44f2.tar.gz

diff --git a/meta/recipes-support/curl/curl/CVE-2021-22898.patch b/meta/recipes-support/curl/curl/CVE-2021-22898.patch new file mode 100644 index 0000000000..0800e10175 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2021-22898.patch
@@ -0,0 +1,26 @@
		1	From 39ce47f219b09c380b81f89fe54ac586c8db6bde Mon Sep 17 00:00:00 2001
		2	From: Harry Sintonen <sintonen@iki.fi>
		3	Date: Fri, 7 May 2021 13:09:57 +0200
		4	Subject: [PATCH] telnet: check sscanf() for correct number of matches
		5
		6	CVE: CVE-2021-22898
		7	Upstream-Status: Backport
		8	Link: https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde
		9	Bug: https://curl.se/docs/CVE-2021-22898.html
		10	---
		11	lib/telnet.c \| 2 +-
		12	1 file changed, 1 insertion(+), 1 deletion(-)
		13
		14	diff --git a/lib/telnet.c b/lib/telnet.c
		15	index 26e0658ba9cc..fdd137fb0c04 100644
		16	--- a/lib/telnet.c
		17	+++ b/lib/telnet.c
		18	@@ -922,7 +922,7 @@ static void suboption(struct Curl_easy *data)
		19	size_t tmplen = (strlen(v->data) + 1);
		20	/* Add the variable only if it fits */
		21	if(len + tmplen < (int)sizeof(temp)-6) {
		22	- if(sscanf(v->data, "%127[^,],%127s", varname, varval)) {
		23	+ if(sscanf(v->data, "%127[^,],%127s", varname, varval) == 2) {
		24	msnprintf((char *)&temp[len], sizeof(temp) - len,
		25	"%c%s%c%s", CURL_NEW_ENV_VAR, varname,
		26	CURL_NEW_ENV_VALUE, varval);


diff --git a/meta/recipes-support/curl/curl_7.69.1.bb b/meta/recipes-support/curl/curl_7.69.1.bb index 13ab29cf69..9b510bcf9f 100644 --- a/meta/recipes-support/curl/curl_7.69.1.bb +++ b/meta/recipes-support/curl/curl_7.69.1.bb
@@ -19,6 +19,7 @@ SRC_URI = "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \
19	file://CVE-2020-8286.patch \	19	file://CVE-2020-8286.patch \
20	file://CVE-2021-22876.patch \	20	file://CVE-2021-22876.patch \
21	file://CVE-2021-22890.patch \	21	file://CVE-2021-22890.patch \
		22	file://CVE-2021-22898.patch \
22	"	23	"
23		24
24	SRC_URI[md5sum] = "ec5fc263f898a3dfef08e805f1ecca42"	25	SRC_URI[md5sum] = "ec5fc263f898a3dfef08e805f1ecca42"