summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--meta/recipes-support/curl/curl/CVE-2014-3620.patch69
-rw-r--r--meta/recipes-support/curl/curl_7.35.0.bb1
2 files changed, 70 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2014-3620.patch b/meta/recipes-support/curl/curl/CVE-2014-3620.patch
new file mode 100644
index 0000000000..d11f1908af
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2014-3620.patch
@@ -0,0 +1,69 @@
1From fd7ae600adf23a9a1ed619165c5058bdec216e9c Mon Sep 17 00:00:00 2001
2From: Daniel Stenberg <daniel@haxx.se>
3Date: Tue, 19 Aug 2014 21:11:20 +0200
4Subject: [PATCH] cookies: reject incoming cookies set for TLDs
5
6Test 61 was modified to verify this.
7
8CVE-2014-3620
9
10Reported-by: Tim Ruehsen
11URL: http://curl.haxx.se/docs/adv_20140910B.html
12
13Upstream-Status: Backport
14
15Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
16---
17 lib/cookie.c | 6 ++++++
18 tests/data/test61 | 1 +
19 2 files changed, 7 insertions(+)
20
21diff --git a/lib/cookie.c b/lib/cookie.c
22index 46904ac..375485f 100644
23--- a/lib/cookie.c
24+++ b/lib/cookie.c
25@@ -461,19 +461,25 @@ Curl_cookie_add(struct SessionHandle *data,
26 break;
27 }
28 }
29 else if(Curl_raw_equal("domain", name)) {
30 bool is_ip;
31+ const char *dotp;
32
33 /* Now, we make sure that our host is within the given domain,
34 or the given domain is not valid and thus cannot be set. */
35
36 if('.' == whatptr[0])
37 whatptr++; /* ignore preceding dot */
38
39 is_ip = isip(domain ? domain : whatptr);
40
41+ /* check for more dots */
42+ dotp = strchr(whatptr, '.');
43+ if(!dotp)
44+ domain=":";
45+
46 if(!domain
47 || (is_ip && !strcmp(whatptr, domain))
48 || (!is_ip && tailmatch(whatptr, domain))) {
49 strstore(&co->domain, whatptr);
50 if(!co->domain) {
51diff --git a/tests/data/test61 b/tests/data/test61
52index d2de279..e6dbbb9 100644
53--- a/tests/data/test61
54+++ b/tests/data/test61
55@@ -21,10 +21,11 @@ Set-Cookie: test=yes; httponly; domain=foo.com; expires=Fri Feb 2 11:56:27 GMT 2
56 SET-COOKIE: test2=yes; domain=host.foo.com; expires=Fri Feb 2 11:56:27 GMT 2035
57 Set-Cookie: test3=maybe; domain=foo.com; path=/moo; secure
58 Set-Cookie: test4=no; domain=nope.foo.com; path=/moo; secure
59 Set-Cookie: test5=name; domain=anything.com; path=/ ; secure
60 Set-Cookie: fake=fooledyou; domain=..com; path=/;
61+Set-Cookie: supercookie=fooledyou; domain=.com; path=/;^M
62 Content-Length: 4
63
64 boo
65 </data>
66 </reply>
67--
682.1.0
69
diff --git a/meta/recipes-support/curl/curl_7.35.0.bb b/meta/recipes-support/curl/curl_7.35.0.bb
index 97f5ee38b5..3021dec11f 100644
--- a/meta/recipes-support/curl/curl_7.35.0.bb
+++ b/meta/recipes-support/curl/curl_7.35.0.bb
@@ -12,6 +12,7 @@ DEPENDS_class-nativesdk = "nativesdk-zlib"
12SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \ 12SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \
13 file://pkgconfig_fix.patch \ 13 file://pkgconfig_fix.patch \
14 file://CVE-2014-3613.patch \ 14 file://CVE-2014-3613.patch \
15 file://CVE-2014-3620.patch \
15" 16"
16 17
17# curl likes to set -g0 in CFLAGS, so we stop it 18# curl likes to set -g0 in CFLAGS, so we stop it