1 files changed, 0 insertions, 209 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2016-8623.patch b/meta/recipes-support/curl/curl/CVE-2016-8623.patch
deleted file mode 100644
index d9ddef6fa8..0000000000
--- a/meta/recipes-support/curl/curl/CVE-2016-8623.patch
+++ /dev/null
@@ -1,209 +0,0 @@
-From d9d57fe0da6f25d05570fd583520ecd321ed9c3f Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Tue, 4 Oct 2016 23:26:13 +0200
-Subject: [PATCH] cookies: getlist() now holds deep copies of all cookies
-Previously it only held references to them, which was reckless as the
-thread lock was released so the cookies could get modified by other
-handles that share the same cookie jar over the share interface.
-CVE: CVE-2016-8623
-Upstream-Status: Backport
-Bug: https://curl.haxx.se/docs/adv_20161102I.html
-Reported-by: Cure53
-Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
---
- lib/cookie.c | 61 +++++++++++++++++++++++++++++++++++++++---------------------
- lib/cookie.h |  4 ++--
- lib/http.c   |  2 +-
- 3 files changed, 43 insertions(+), 24 deletions(-)
-diff --git a/lib/cookie.c b/lib/cookie.c
-index 0f05da2..8607ce3 100644
--- a/lib/cookie.c
-+++ b/lib/cookie.c
-@@ -1022,10 +1022,44 @@ static int cookie_sort(const void *p1, const void *p2)
- 
-   /* sorry, can't be more deterministic */
-   return 0;
- }
- 
-+#define CLONE(field)                     \
-+  do {                                   \
-+    if(src->field) {                     \
-+      dup->field = strdup(src->field);   \
-+      if(!dup->field)                    \
-+        goto fail;                       \
-+    }                                    \
-+  } while(0)
-+
-+static struct Cookie *dup_cookie(struct Cookie *src)
-+{
-+  struct Cookie *dup = calloc(sizeof(struct Cookie), 1);
-+  if(dup) {
-+    CLONE(expirestr);
-+    CLONE(domain);
-+    CLONE(path);
-+    CLONE(spath);
-+    CLONE(name);
-+    CLONE(value);
-+    CLONE(maxage);
-+    CLONE(version);
-+    dup->expires = src->expires;
-+    dup->tailmatch = src->tailmatch;
-+    dup->secure = src->secure;
-+    dup->livecookie = src->livecookie;
-+    dup->httponly = src->httponly;
-+  }
-+  return dup;
-+
-+  fail:
-+  freecookie(dup);
-+  return NULL;
-+}
-+
- /*****************************************************************************
-  *
-  * Curl_cookie_getlist()
-  *
-  * For a given host and path, return a linked list of cookies that the
-@@ -1077,15 +1111,12 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c,
-         if(!co->spath || pathmatch(co->spath, path) ) {
- 
-           /* and now, we know this is a match and we should create an
-              entry for the return-linked-list */
- 
-          newco = malloc(sizeof(struct Cookie));
-+          newco = dup_cookie(co);
-           if(newco) {
-            /* first, copy the whole source cookie: */
-            memcpy(newco, co, sizeof(struct Cookie));
-
-             /* then modify our next */
-             newco->next = mainco;
- 
-             /* point the main to us */
-             mainco = newco;
-@@ -1093,16 +1124,11 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c,
-             matches++;
-           }
-           else {
-             fail:
-             /* failure, clear up the allocated chain and return NULL */
-            while(mainco) {
-              co = mainco->next;
-              free(mainco);
-              mainco = co;
-            }
-
-+            Curl_cookie_freelist(mainco);
-             return NULL;
-           }
-         }
-       }
-     }
-@@ -1150,11 +1176,11 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c,
-  *
-  ****************************************************************************/
- void Curl_cookie_clearall(struct CookieInfo *cookies)
- {
-   if(cookies) {
-    Curl_cookie_freelist(cookies->cookies, TRUE);
-+    Curl_cookie_freelist(cookies->cookies);
-     cookies->cookies = NULL;
-     cookies->numcookies = 0;
-   }
- }
- 
-@@ -1162,25 +1188,18 @@ void Curl_cookie_clearall(struct CookieInfo *cookies)
-  *
-  * Curl_cookie_freelist()
-  *
-  * Free a list of cookies previously returned by Curl_cookie_getlist();
-  *
- * The 'cookiestoo' argument tells this function whether to just free the
- * list or actually also free all cookies within the list as well.
- *
-  ****************************************************************************/
- 
-void Curl_cookie_freelist(struct Cookie *co, bool cookiestoo)
-+void Curl_cookie_freelist(struct Cookie *co)
- {
-   struct Cookie *next;
-   while(co) {
-     next = co->next;
-    if(cookiestoo)
-      freecookie(co);
-    else
-      free(co); /* we only free the struct since the "members" are all just
-                   pointed out in the main cookie list! */
-+    freecookie(co);
-     co = next;
-   }
- }
- 
- 
-@@ -1231,11 +1250,11 @@ void Curl_cookie_clearsess(struct CookieInfo *cookies)
-  ****************************************************************************/
- void Curl_cookie_cleanup(struct CookieInfo *c)
- {
-   if(c) {
-     free(c->filename);
-    Curl_cookie_freelist(c->cookies, TRUE);
-+    Curl_cookie_freelist(c->cookies);
-     free(c); /* free the base struct as well */
-   }
- }
- 
- /* get_netscape_format()
-diff --git a/lib/cookie.h b/lib/cookie.h
-index cd7c54a..a9a4578 100644
--- a/lib/cookie.h
-+++ b/lib/cookie.h
-@@ -5,11 +5,11 @@
-  *  Project                     ___| | | |  _ \| |
-  *                             / __| | | | |_) | |
-  *                            | (__| |_| |  _ <| |___
-  *                             \___|\___/|_| \_\_____|
-  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
-+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
-  *
-  * This software is licensed as described in the file COPYING, which
-  * you should have received as part of this distribution. The terms
-  * are also available at https://curl.haxx.se/docs/copyright.html.
-  *
-@@ -80,11 +80,11 @@ struct Cookie *Curl_cookie_add(struct Curl_easy *data,
-                                struct CookieInfo *, bool header, char *lineptr,
-                                const char *domain, const char *path);
- 
- struct Cookie *Curl_cookie_getlist(struct CookieInfo *, const char *,
-                                    const char *, bool);
-void Curl_cookie_freelist(struct Cookie *cookies, bool cookiestoo);
-+void Curl_cookie_freelist(struct Cookie *cookies);
- void Curl_cookie_clearall(struct CookieInfo *cookies);
- void Curl_cookie_clearsess(struct CookieInfo *cookies);
- 
- #if defined(CURL_DISABLE_HTTP) || defined(CURL_DISABLE_COOKIES)
- #define Curl_cookie_list(x) NULL
-diff --git a/lib/http.c b/lib/http.c
-index 65c145a..e6e7d37 100644
--- a/lib/http.c
-+++ b/lib/http.c
-@@ -2382,11 +2382,11 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
-             break;
-           count++;
-         }
-         co = co->next; /* next cookie please */
-       }
-      Curl_cookie_freelist(store, FALSE); /* free the cookie list */
-+      Curl_cookie_freelist(store);
-     }
-     if(addcookies && !result) {
-       if(!count)
-         result = Curl_add_bufferf(req_buffer, "Cookie: ");
-       if(!result) {
-- 
-2.9.3

diff --git a/meta/recipes-support/curl/curl/CVE-2016-8623.patch b/meta/recipes-support/curl/curl/CVE-2016-8623.patch deleted file mode 100644 index d9ddef6fa8..0000000000 --- a/meta/recipes-support/curl/curl/CVE-2016-8623.patch +++ /dev/null
@@ -1,209 +0,0 @@
1	From d9d57fe0da6f25d05570fd583520ecd321ed9c3f Mon Sep 17 00:00:00 2001
2	From: Daniel Stenberg <daniel@haxx.se>
3	Date: Tue, 4 Oct 2016 23:26:13 +0200
4	Subject: [PATCH] cookies: getlist() now holds deep copies of all cookies
5
6	Previously it only held references to them, which was reckless as the
7	thread lock was released so the cookies could get modified by other
8	handles that share the same cookie jar over the share interface.
9
10	CVE: CVE-2016-8623
11	Upstream-Status: Backport
12
13	Bug: https://curl.haxx.se/docs/adv_20161102I.html
14	Reported-by: Cure53
15	Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
16	---
17	lib/cookie.c \| 61 +++++++++++++++++++++++++++++++++++++++---------------------
18	lib/cookie.h \| 4 ++--
19	lib/http.c \| 2 +-
20	3 files changed, 43 insertions(+), 24 deletions(-)
21
22	diff --git a/lib/cookie.c b/lib/cookie.c
23	index 0f05da2..8607ce3 100644
24	--- a/lib/cookie.c
25	+++ b/lib/cookie.c
26	@@ -1022,10 +1022,44 @@ static int cookie_sort(const void p1, const void p2)
27
28	/* sorry, can't be more deterministic */
29	return 0;
30	}
31
32	+#define CLONE(field) \
33	+ do { \
34	+ if(src->field) { \
35	+ dup->field = strdup(src->field); \
36	+ if(!dup->field) \
37	+ goto fail; \
38	+ } \
39	+ } while(0)
40	+
41	+static struct Cookie dup_cookie(struct Cookie src)
42	+{
43	+ struct Cookie *dup = calloc(sizeof(struct Cookie), 1);
44	+ if(dup) {
45	+ CLONE(expirestr);
46	+ CLONE(domain);
47	+ CLONE(path);
48	+ CLONE(spath);
49	+ CLONE(name);
50	+ CLONE(value);
51	+ CLONE(maxage);
52	+ CLONE(version);
53	+ dup->expires = src->expires;
54	+ dup->tailmatch = src->tailmatch;
55	+ dup->secure = src->secure;
56	+ dup->livecookie = src->livecookie;
57	+ dup->httponly = src->httponly;
58	+ }
59	+ return dup;
60	+
61	+ fail:
62	+ freecookie(dup);
63	+ return NULL;
64	+}
65	+
66	/*****************************************************************************
67	*
68	* Curl_cookie_getlist()
69	*
70	* For a given host and path, return a linked list of cookies that the
71	@@ -1077,15 +1111,12 @@ struct Cookie Curl_cookie_getlist(struct CookieInfo c,
72	if(!co->spath \|\| pathmatch(co->spath, path) ) {
73
74	/* and now, we know this is a match and we should create an
75	entry for the return-linked-list */
76
77	- newco = malloc(sizeof(struct Cookie));
78	+ newco = dup_cookie(co);
79	if(newco) {
80	- /* first, copy the whole source cookie: */
81	- memcpy(newco, co, sizeof(struct Cookie));
82	-
83	/* then modify our next */
84	newco->next = mainco;
85
86	/* point the main to us */
87	mainco = newco;
88	@@ -1093,16 +1124,11 @@ struct Cookie Curl_cookie_getlist(struct CookieInfo c,
89	matches++;
90	}
91	else {
92	fail:
93	/* failure, clear up the allocated chain and return NULL */
94	- while(mainco) {
95	- co = mainco->next;
96	- free(mainco);
97	- mainco = co;
98	- }
99	-
100	+ Curl_cookie_freelist(mainco);
101	return NULL;
102	}
103	}
104	}
105	}
106	@@ -1150,11 +1176,11 @@ struct Cookie Curl_cookie_getlist(struct CookieInfo c,
107	*
108	****************************************************************************/
109	void Curl_cookie_clearall(struct CookieInfo *cookies)
110	{
111	if(cookies) {
112	- Curl_cookie_freelist(cookies->cookies, TRUE);
113	+ Curl_cookie_freelist(cookies->cookies);
114	cookies->cookies = NULL;
115	cookies->numcookies = 0;
116	}
117	}
118
119	@@ -1162,25 +1188,18 @@ void Curl_cookie_clearall(struct CookieInfo *cookies)
120	*
121	* Curl_cookie_freelist()
122	*
123	* Free a list of cookies previously returned by Curl_cookie_getlist();
124	*
125	- * The 'cookiestoo' argument tells this function whether to just free the
126	- * list or actually also free all cookies within the list as well.
127	- *
128	****************************************************************************/
129
130	-void Curl_cookie_freelist(struct Cookie *co, bool cookiestoo)
131	+void Curl_cookie_freelist(struct Cookie *co)
132	{
133	struct Cookie *next;
134	while(co) {
135	next = co->next;
136	- if(cookiestoo)
137	- freecookie(co);
138	- else
139	- free(co); /* we only free the struct since the "members" are all just
140	- pointed out in the main cookie list! */
141	+ freecookie(co);
142	co = next;
143	}
144	}
145
146
147	@@ -1231,11 +1250,11 @@ void Curl_cookie_clearsess(struct CookieInfo *cookies)
148	****************************************************************************/
149	void Curl_cookie_cleanup(struct CookieInfo *c)
150	{
151	if(c) {
152	free(c->filename);
153	- Curl_cookie_freelist(c->cookies, TRUE);
154	+ Curl_cookie_freelist(c->cookies);
155	free(c); /* free the base struct as well */
156	}
157	}
158
159	/* get_netscape_format()
160	diff --git a/lib/cookie.h b/lib/cookie.h
161	index cd7c54a..a9a4578 100644
162	--- a/lib/cookie.h
163	+++ b/lib/cookie.h
164	@@ -5,11 +5,11 @@
165	* Project ___\| \| \| \| _ \\| \|
166	* / __\| \| \| \| \|_) \| \|
167	* \| (__\| \|_\| \| _ <\| \|___
168	* \___\|\___/\|_\| \_\_____\|
169	*
170	- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
171	+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
172	*
173	* This software is licensed as described in the file COPYING, which
174	* you should have received as part of this distribution. The terms
175	* are also available at https://curl.haxx.se/docs/copyright.html.
176	*
177	@@ -80,11 +80,11 @@ struct Cookie Curl_cookie_add(struct Curl_easy data,
178	struct CookieInfo , bool header, char lineptr,
179	const char domain, const char path);
180
181	struct Cookie Curl_cookie_getlist(struct CookieInfo , const char *,
182	const char *, bool);
183	-void Curl_cookie_freelist(struct Cookie *cookies, bool cookiestoo);
184	+void Curl_cookie_freelist(struct Cookie *cookies);
185	void Curl_cookie_clearall(struct CookieInfo *cookies);
186	void Curl_cookie_clearsess(struct CookieInfo *cookies);
187
188	#if defined(CURL_DISABLE_HTTP) \|\| defined(CURL_DISABLE_COOKIES)
189	#define Curl_cookie_list(x) NULL
190	diff --git a/lib/http.c b/lib/http.c
191	index 65c145a..e6e7d37 100644
192	--- a/lib/http.c
193	+++ b/lib/http.c
194	@@ -2382,11 +2382,11 @@ CURLcode Curl_http(struct connectdata conn, bool done)
195	break;
196	count++;
197	}
198	co = co->next; /* next cookie please */
199	}
200	- Curl_cookie_freelist(store, FALSE); /* free the cookie list */
201	+ Curl_cookie_freelist(store);
202	}
203	if(addcookies && !result) {
204	if(!count)
205	result = Curl_add_bufferf(req_buffer, "Cookie: ");
206	if(!result) {
207	--
208	2.9.3
209