diff options
-rw-r--r-- | meta/recipes-support/curl/curl/CVE-2019-15601.patch | 46 | ||||
-rw-r--r-- | meta/recipes-support/curl/curl_7.66.0.bb | 1 |
2 files changed, 47 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2019-15601.patch b/meta/recipes-support/curl/curl/CVE-2019-15601.patch new file mode 100644 index 0000000000..7bfaae7b21 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2019-15601.patch | |||
@@ -0,0 +1,46 @@ | |||
1 | Upstream-Status: Backport [https://github.com/curl/curl/commit/1b71bc532bde8621fd3260843f8197182a467ff2] | ||
2 | CVE: CVE-2019-15601 | ||
3 | Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> | ||
4 | |||
5 | From 1b71bc532bde8621fd3260843f8197182a467ff2 Mon Sep 17 00:00:00 2001 | ||
6 | From: Daniel Stenberg <daniel@haxx.se> | ||
7 | Date: Thu, 7 Nov 2019 10:13:01 +0100 | ||
8 | Subject: [PATCH] file: on Windows, refuse paths that start with \\ | ||
9 | MIME-Version: 1.0 | ||
10 | Content-Type: text/plain; charset=UTF-8 | ||
11 | Content-Transfer-Encoding: 8bit | ||
12 | |||
13 | ... as that might cause an unexpected SMB connection to a given host | ||
14 | name. | ||
15 | |||
16 | Reported-by: Fernando Muñoz | ||
17 | CVE-2019-15601 | ||
18 | Bug: https://curl.haxx.se/docs/CVE-2019-15601.html | ||
19 | --- | ||
20 | lib/file.c | 6 ++++-- | ||
21 | 1 file changed, 4 insertions(+), 2 deletions(-) | ||
22 | |||
23 | diff --git a/lib/file.c b/lib/file.c | ||
24 | index d349cd9241..166931d7f1 100644 | ||
25 | --- a/lib/file.c | ||
26 | +++ b/lib/file.c | ||
27 | @@ -136,7 +136,7 @@ static CURLcode file_connect(struct connectdata *conn, bool *done) | ||
28 | struct Curl_easy *data = conn->data; | ||
29 | char *real_path; | ||
30 | struct FILEPROTO *file = data->req.protop; | ||
31 | - int fd; | ||
32 | + int fd = -1; | ||
33 | #ifdef DOS_FILESYSTEM | ||
34 | size_t i; | ||
35 | char *actual_path; | ||
36 | @@ -181,7 +181,9 @@ static CURLcode file_connect(struct connectdata *conn, bool *done) | ||
37 | return CURLE_URL_MALFORMAT; | ||
38 | } | ||
39 | |||
40 | - fd = open_readonly(actual_path, O_RDONLY|O_BINARY); | ||
41 | + if(strncmp("\\\\", actual_path, 2)) | ||
42 | + /* refuse to open path that starts with two backslashes */ | ||
43 | + fd = open_readonly(actual_path, O_RDONLY|O_BINARY); | ||
44 | file->path = actual_path; | ||
45 | #else | ||
46 | if(memchr(real_path, 0, real_path_len)) { | ||
diff --git a/meta/recipes-support/curl/curl_7.66.0.bb b/meta/recipes-support/curl/curl_7.66.0.bb index d1975f2460..a54e0536e9 100644 --- a/meta/recipes-support/curl/curl_7.66.0.bb +++ b/meta/recipes-support/curl/curl_7.66.0.bb | |||
@@ -7,6 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=be5d9e1419c4363f4b32037a2d3b7ffa" | |||
7 | 7 | ||
8 | SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \ | 8 | SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \ |
9 | file://0001-replace-krb5-config-with-pkg-config.patch \ | 9 | file://0001-replace-krb5-config-with-pkg-config.patch \ |
10 | file://CVE-2019-15601.patch \ | ||
10 | " | 11 | " |
11 | 12 | ||
12 | SRC_URI[md5sum] = "c238aa394e3aa47ca4fcb0491774149f" | 13 | SRC_URI[md5sum] = "c238aa394e3aa47ca4fcb0491774149f" |