1 files changed, 45 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2015-3144.patch b/meta/recipes-support/curl/curl/CVE-2015-3144.patch
new file mode 100644
index 0000000000..ca6d7448a1
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2015-3144.patch
@@ -0,0 +1,45 @@
+From 6218ded6001ea330e589f92b6b2fa12777752b5d Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 16 Apr 2015 23:52:04 +0200
+Subject: [PATCH] fix_hostname: zero length host name caused -1 index offset
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+Upstream-Status: Backport
+If a URL is given with a zero-length host name, like in "http://:80" or
+just ":80", `fix_hostname()` will index the host name pointer with a -1
+offset (as it blindly assumes a non-zero length) and both read and
+assign that address.
+CVE-2015-3144
+Bug: http://curl.haxx.se/docs/adv_20150422D.html
+Reported-by: Hanno Böck
+Signed-off-by: Daniel Stenberg <daniel@haxx.se>
+Signed-off-by: Maxin B. John <maxin.john@enea.com>
+---
+ lib/url.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/lib/url.c b/lib/url.c
+index ee3d176..f033dbc 100644
+--- a/lib/url.c
+++ b/lib/url.c
+@@ -3625,11 +3625,11 @@ static void fix_hostname(struct SessionHandle *data,
+ 
+   /* set the name we use to display the host name */
+   host->dispname = host->name;
+ 
+   len = strlen(host->name);
+-  if(host->name[len-1] == '.')
+  if(len && (host->name[len-1] == '.'))
+     /* strip off a single trailing dot if present, primarily for SNI but
+        there's no use for it */
+     host->name[len-1]=0;
+ 
+   if(!is_ASCII_name(host->name)) {
+-- 
+2.1.4

diff --git a/meta/recipes-support/curl/curl/CVE-2015-3144.patch b/meta/recipes-support/curl/curl/CVE-2015-3144.patch new file mode 100644 index 0000000000..ca6d7448a1 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2015-3144.patch
@@ -0,0 +1,45 @@
	1	From 6218ded6001ea330e589f92b6b2fa12777752b5d Mon Sep 17 00:00:00 2001
	2	From: Daniel Stenberg <daniel@haxx.se>
	3	Date: Thu, 16 Apr 2015 23:52:04 +0200
	4	Subject: [PATCH] fix_hostname: zero length host name caused -1 index offset
	5	MIME-Version: 1.0
	6	Content-Type: text/plain; charset=UTF-8
	7	Content-Transfer-Encoding: 8bit
	8
	9	Upstream-Status: Backport
	10
	11	If a URL is given with a zero-length host name, like in "http://:80" or
	12	just ":80", `fix_hostname()` will index the host name pointer with a -1
	13	offset (as it blindly assumes a non-zero length) and both read and
	14	assign that address.
	15
	16	CVE-2015-3144
	17
	18	Bug: http://curl.haxx.se/docs/adv_20150422D.html
	19	Reported-by: Hanno Böck
	20	Signed-off-by: Daniel Stenberg <daniel@haxx.se>
	21	Signed-off-by: Maxin B. John <maxin.john@enea.com>
	22	---
	23	lib/url.c \| 2 +-
	24	1 file changed, 1 insertion(+), 1 deletion(-)
	25
	26	diff --git a/lib/url.c b/lib/url.c
	27	index ee3d176..f033dbc 100644
	28	--- a/lib/url.c
	29	+++ b/lib/url.c
	30	@@ -3625,11 +3625,11 @@ static void fix_hostname(struct SessionHandle *data,
	31
	32	/* set the name we use to display the host name */
	33	host->dispname = host->name;
	34
	35	len = strlen(host->name);
	36	- if(host->name[len-1] == '.')
	37	+ if(len && (host->name[len-1] == '.'))
	38	/* strip off a single trailing dot if present, primarily for SNI but
	39	there's no use for it */
	40	host->name[len-1]=0;
	41
	42	if(!is_ASCII_name(host->name)) {
	43	--
	44	2.1.4
	45