diff options
Diffstat (limited to 'meta/recipes-support/curl/curl/CVE-2015-3144.patch')
-rw-r--r-- | meta/recipes-support/curl/curl/CVE-2015-3144.patch | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2015-3144.patch b/meta/recipes-support/curl/curl/CVE-2015-3144.patch new file mode 100644 index 0000000000..ca6d7448a1 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2015-3144.patch | |||
@@ -0,0 +1,45 @@ | |||
1 | From 6218ded6001ea330e589f92b6b2fa12777752b5d Mon Sep 17 00:00:00 2001 | ||
2 | From: Daniel Stenberg <daniel@haxx.se> | ||
3 | Date: Thu, 16 Apr 2015 23:52:04 +0200 | ||
4 | Subject: [PATCH] fix_hostname: zero length host name caused -1 index offset | ||
5 | MIME-Version: 1.0 | ||
6 | Content-Type: text/plain; charset=UTF-8 | ||
7 | Content-Transfer-Encoding: 8bit | ||
8 | |||
9 | Upstream-Status: Backport | ||
10 | |||
11 | If a URL is given with a zero-length host name, like in "http://:80" or | ||
12 | just ":80", `fix_hostname()` will index the host name pointer with a -1 | ||
13 | offset (as it blindly assumes a non-zero length) and both read and | ||
14 | assign that address. | ||
15 | |||
16 | CVE-2015-3144 | ||
17 | |||
18 | Bug: http://curl.haxx.se/docs/adv_20150422D.html | ||
19 | Reported-by: Hanno Böck | ||
20 | Signed-off-by: Daniel Stenberg <daniel@haxx.se> | ||
21 | Signed-off-by: Maxin B. John <maxin.john@enea.com> | ||
22 | --- | ||
23 | lib/url.c | 2 +- | ||
24 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
25 | |||
26 | diff --git a/lib/url.c b/lib/url.c | ||
27 | index ee3d176..f033dbc 100644 | ||
28 | --- a/lib/url.c | ||
29 | +++ b/lib/url.c | ||
30 | @@ -3625,11 +3625,11 @@ static void fix_hostname(struct SessionHandle *data, | ||
31 | |||
32 | /* set the name we use to display the host name */ | ||
33 | host->dispname = host->name; | ||
34 | |||
35 | len = strlen(host->name); | ||
36 | - if(host->name[len-1] == '.') | ||
37 | + if(len && (host->name[len-1] == '.')) | ||
38 | /* strip off a single trailing dot if present, primarily for SNI but | ||
39 | there's no use for it */ | ||
40 | host->name[len-1]=0; | ||
41 | |||
42 | if(!is_ASCII_name(host->name)) { | ||
43 | -- | ||
44 | 2.1.4 | ||
45 | |||