1 files changed, 41 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2017-1000099.patch b/meta/recipes-support/curl/curl/CVE-2017-1000099.patch
new file mode 100644
index 0000000000..96ff1b064b
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2017-1000099.patch
@@ -0,0 +1,41 @@
+From c9332fa5e84f24da300b42b1a931ade929d3e27d Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Tue, 1 Aug 2017 17:17:06 +0200
+Subject: [PATCH] file: output the correct buffer to the user
+Regression brought by 7c312f84ea930d8 (April 2017)
+CVE: CVE-2017-1000099
+Bug: https://curl.haxx.se/docs/adv_20170809C.html
+Credit to OSS-Fuzz for the discovery
+Upstream-Status: Backport
+https://github.com/curl/curl/commit/c9332fa5e84f24da300b42b1a931ade929d3e27d
+Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
+---
+ lib/file.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/lib/file.c b/lib/file.c
+index bd426eac2..666cbe75b 100644
+--- a/lib/file.c
+++ b/lib/file.c
+@@ -499,11 +499,11 @@ static CURLcode file_do(struct connectdata *conn, bool *done)
+              Curl_month[tm->tm_mon],
+              tm->tm_year + 1900,
+              tm->tm_hour,
+              tm->tm_min,
+              tm->tm_sec);
+-    result = Curl_client_write(conn, CLIENTWRITE_BOTH, buf, 0);
+    result = Curl_client_write(conn, CLIENTWRITE_BOTH, header, 0);
+     if(!result)
+       /* set the file size to make it available post transfer */
+       Curl_pgrsSetDownloadSize(data, expected_size);
+     return result;
+   }
+-- 
+2.13.3

diff --git a/meta/recipes-support/curl/curl/CVE-2017-1000099.patch b/meta/recipes-support/curl/curl/CVE-2017-1000099.patch new file mode 100644 index 0000000000..96ff1b064b --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2017-1000099.patch
@@ -0,0 +1,41 @@
	1	From c9332fa5e84f24da300b42b1a931ade929d3e27d Mon Sep 17 00:00:00 2001
	2	From: Even Rouault <even.rouault@spatialys.com>
	3	Date: Tue, 1 Aug 2017 17:17:06 +0200
	4	Subject: [PATCH] file: output the correct buffer to the user
	5
	6	Regression brought by 7c312f84ea930d8 (April 2017)
	7
	8	CVE: CVE-2017-1000099
	9
	10	Bug: https://curl.haxx.se/docs/adv_20170809C.html
	11
	12	Credit to OSS-Fuzz for the discovery
	13
	14	Upstream-Status: Backport
	15	https://github.com/curl/curl/commit/c9332fa5e84f24da300b42b1a931ade929d3e27d
	16
	17	Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
	18	---
	19	lib/file.c \| 2 +-
	20	1 file changed, 1 insertion(+), 1 deletion(-)
	21
	22	diff --git a/lib/file.c b/lib/file.c
	23	index bd426eac2..666cbe75b 100644
	24	--- a/lib/file.c
	25	+++ b/lib/file.c
	26	@@ -499,11 +499,11 @@ static CURLcode file_do(struct connectdata conn, bool done)
	27	Curl_month[tm->tm_mon],
	28	tm->tm_year + 1900,
	29	tm->tm_hour,
	30	tm->tm_min,
	31	tm->tm_sec);
	32	- result = Curl_client_write(conn, CLIENTWRITE_BOTH, buf, 0);
	33	+ result = Curl_client_write(conn, CLIENTWRITE_BOTH, header, 0);
	34	if(!result)
	35	/* set the file size to make it available post transfer */
	36	Curl_pgrsSetDownloadSize(data, expected_size);
	37	return result;
	38	}
	39	--
	40	2.13.3
	41