summaryrefslogtreecommitdiffstats
path: root/meta/recipes-support/curl/curl/CVE-2016-8618.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-support/curl/curl/CVE-2016-8618.patch')
-rw-r--r--meta/recipes-support/curl/curl/CVE-2016-8618.patch52
1 files changed, 0 insertions, 52 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2016-8618.patch b/meta/recipes-support/curl/curl/CVE-2016-8618.patch
deleted file mode 100644
index 2fd4749586..0000000000
--- a/meta/recipes-support/curl/curl/CVE-2016-8618.patch
+++ /dev/null
@@ -1,52 +0,0 @@
1From 31106a073882656a2a5ab56c4ce2847e9a334c3c Mon Sep 17 00:00:00 2001
2From: Daniel Stenberg <daniel@haxx.se>
3Date: Wed, 28 Sep 2016 10:15:34 +0200
4Subject: [PATCH] aprintf: detect wrap-around when growing allocation
5
6On 32bit systems we could otherwise wrap around after 2GB and allocate 0
7bytes and crash.
8
9CVE: CVE-2016-8618
10Upstream-Status: Backport
11
12Bug: https://curl.haxx.se/docs/adv_20161102D.html
13Reported-by: Cure53
14Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
15---
16 lib/mprintf.c | 9 ++++++---
17 1 file changed, 6 insertions(+), 3 deletions(-)
18
19diff --git a/lib/mprintf.c b/lib/mprintf.c
20index dbedeaa..2c88aa8 100644
21--- a/lib/mprintf.c
22+++ b/lib/mprintf.c
23@@ -1034,20 +1034,23 @@ static int alloc_addbyter(int output, FILE *data)
24 }
25 infop->alloc = 32;
26 infop->len =0;
27 }
28 else if(infop->len+1 >= infop->alloc) {
29- char *newptr;
30+ char *newptr = NULL;
31+ size_t newsize = infop->alloc*2;
32
33- newptr = realloc(infop->buffer, infop->alloc*2);
34+ /* detect wrap-around or other overflow problems */
35+ if(newsize > infop->alloc)
36+ newptr = realloc(infop->buffer, newsize);
37
38 if(!newptr) {
39 infop->fail = 1;
40 return -1; /* fail */
41 }
42 infop->buffer = newptr;
43- infop->alloc *= 2;
44+ infop->alloc = newsize;
45 }
46
47 infop->buffer[ infop->len ] = outc;
48
49 infop->len++;
50--
512.9.3
52