1 files changed, 99 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2017-1000101.patch b/meta/recipes-support/curl/curl/CVE-2017-1000101.patch
new file mode 100644
index 0000000000..c300fff00c
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2017-1000101.patch
@@ -0,0 +1,99 @@
+From 453e7a7a03a2cec749abd3878a48e728c515cca7 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Tue, 1 Aug 2017 17:16:07 +0200
+Subject: [PATCH] glob: do not continue parsing after a strtoul() overflow
+ range
+Added test 1289 to verify.
+CVE: CVE-2017-1000101
+Bug: https://curl.haxx.se/docs/adv_20170809A.html
+Reported-by: Brian Carpenter
+Upstream-Status: Backport
+https://github.com/curl/curl/commit/453e7a7a03a2cec749abd3878a48e728c515cca7
+Rebase the tests/data/Makefile.inc changes for curl 7.54.1.
+Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
+---
+ src/tool_urlglob.c      |  5 ++++-
+ tests/data/Makefile.inc |  2 +-
+ tests/data/test1289     | 35 +++++++++++++++++++++++++++++++++++
+ 3 files changed, 40 insertions(+), 2 deletions(-)
+ create mode 100644 tests/data/test1289
+diff --git a/src/tool_urlglob.c b/src/tool_urlglob.c
+index 6b1ece0..d56dcd9 100644
+--- a/src/tool_urlglob.c
+++ b/src/tool_urlglob.c
+@@ -273,7 +273,10 @@ static CURLcode glob_range(URLGlob *glob, char **patternp,
+         }
+         errno = 0;
+         max_n = strtoul(pattern, &endp, 10);
+-        if(errno || (*endp == ':')) {
+        if(errno)
+          /* overflow */
+          endp = NULL;
+        else if(*endp == ':') {
+           pattern = endp+1;
+           errno = 0;
+           step_n = strtoul(pattern, &endp, 10);
+diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
+index 155320a..7adbee6 100644
+--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
+@@ -132,7 +132,7 @@ test1252 test1253 test1254 test1255 test1256 test1257 test1258 test1259 \
+ test1260 test1261 test1262 \
+ \
+ test1280 test1281 test1282 test1283 test1284 test1285 test1286 test1287 \
+-test1288 \
+test1288 test1289 \
+ \
+ test1300 test1301 test1302 test1303 test1304 test1305 test1306 test1307 \
+ test1308 test1309 test1310 test1311 test1312 test1313 test1314 test1315 \
+diff --git a/tests/data/test1289 b/tests/data/test1289
+new file mode 100644
+index 0000000..d679cc0
+--- /dev/null
+++ b/tests/data/test1289
+@@ -0,0 +1,35 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+globbing
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+<name>
+globbing with overflow and bad syntxx
+</name>
+<command>
+http://ur%20[0-60000000000000000000
+</command>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+# curl: (3) [globbing] bad range in column 
+<errorcode>
+3
+</errorcode>
+</verify>
+</testcase>
+-- 
+2.11.0

diff --git a/meta/recipes-support/curl/curl/CVE-2017-1000101.patch b/meta/recipes-support/curl/curl/CVE-2017-1000101.patch new file mode 100644 index 0000000000..c300fff00c --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2017-1000101.patch
@@ -0,0 +1,99 @@
	1	From 453e7a7a03a2cec749abd3878a48e728c515cca7 Mon Sep 17 00:00:00 2001
	2	From: Daniel Stenberg <daniel@haxx.se>
	3	Date: Tue, 1 Aug 2017 17:16:07 +0200
	4	Subject: [PATCH] glob: do not continue parsing after a strtoul() overflow
	5	range
	6
	7	Added test 1289 to verify.
	8
	9	CVE: CVE-2017-1000101
	10
	11	Bug: https://curl.haxx.se/docs/adv_20170809A.html
	12	Reported-by: Brian Carpenter
	13
	14	Upstream-Status: Backport
	15	https://github.com/curl/curl/commit/453e7a7a03a2cec749abd3878a48e728c515cca7
	16
	17	Rebase the tests/data/Makefile.inc changes for curl 7.54.1.
	18
	19	Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
	20	---
	21	src/tool_urlglob.c \| 5 ++++-
	22	tests/data/Makefile.inc \| 2 +-
	23	tests/data/test1289 \| 35 +++++++++++++++++++++++++++++++++++
	24	3 files changed, 40 insertions(+), 2 deletions(-)
	25	create mode 100644 tests/data/test1289
	26
	27	diff --git a/src/tool_urlglob.c b/src/tool_urlglob.c
	28	index 6b1ece0..d56dcd9 100644
	29	--- a/src/tool_urlglob.c
	30	+++ b/src/tool_urlglob.c
	31	@@ -273,7 +273,10 @@ static CURLcode glob_range(URLGlob glob, char *patternp,
	32	}
	33	errno = 0;
	34	max_n = strtoul(pattern, &endp, 10);
	35	- if(errno \|\| (*endp == ':')) {
	36	+ if(errno)
	37	+ /* overflow */
	38	+ endp = NULL;
	39	+ else if(*endp == ':') {
	40	pattern = endp+1;
	41	errno = 0;
	42	step_n = strtoul(pattern, &endp, 10);
	43	diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
	44	index 155320a..7adbee6 100644
	45	--- a/tests/data/Makefile.inc
	46	+++ b/tests/data/Makefile.inc
	47	@@ -132,7 +132,7 @@ test1252 test1253 test1254 test1255 test1256 test1257 test1258 test1259 \
	48	test1260 test1261 test1262 \
	49	\
	50	test1280 test1281 test1282 test1283 test1284 test1285 test1286 test1287 \
	51	-test1288 \
	52	+test1288 test1289 \
	53	\
	54	test1300 test1301 test1302 test1303 test1304 test1305 test1306 test1307 \
	55	test1308 test1309 test1310 test1311 test1312 test1313 test1314 test1315 \
	56	diff --git a/tests/data/test1289 b/tests/data/test1289
	57	new file mode 100644
	58	index 0000000..d679cc0
	59	--- /dev/null
	60	+++ b/tests/data/test1289
	61	@@ -0,0 +1,35 @@
	62	+<testcase>
	63	+<info>
	64	+<keywords>
	65	+HTTP
	66	+HTTP GET
	67	+globbing
	68	+</keywords>
	69	+</info>
	70	+
	71	+#
	72	+# Server-side
	73	+<reply>
	74	+</reply>
	75	+
	76	+# Client-side
	77	+<client>
	78	+<server>
	79	+http
	80	+</server>
	81	+<name>
	82	+globbing with overflow and bad syntxx
	83	+</name>
	84	+<command>
	85	+http://ur%20[0-60000000000000000000
	86	+</command>
	87	+</client>
	88	+
	89	+# Verify data after the test has been "shot"
	90	+<verify>
	91	+# curl: (3) [globbing] bad range in column
	92	+<errorcode>
	93	+3
	94	+</errorcode>
	95	+</verify>
	96	+</testcase>
	97	--
	98	2.11.0
	99