1 files changed, 0 insertions, 37 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2018-14618.patch b/meta/recipes-support/curl/curl/CVE-2018-14618.patch
deleted file mode 100644
index db07b436d3..0000000000
--- a/meta/recipes-support/curl/curl/CVE-2018-14618.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 57d299a499155d4b327e341c6024e293b0418243 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Mon, 13 Aug 2018 10:35:52 +0200
-Subject: [PATCH] Curl_ntlm_core_mk_nt_hash: return error on too long password
-... since it would cause an integer overflow if longer than (max size_t
-/ 2).
-This is CVE-2018-14618
-Bug: https://curl.haxx.se/docs/CVE-2018-14618.html
-Closes #2756
-Reported-by: Zhaoyang Wu
-CVE: CVE-2018-14618
-Upstream-Status: Backport
-Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
---
- lib/curl_ntlm_core.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-diff --git a/lib/curl_ntlm_core.c b/lib/curl_ntlm_core.c
-index e27cab353c..922e85a926 100644
--- a/lib/curl_ntlm_core.c
-+++ b/lib/curl_ntlm_core.c
-@@ -557,8 +557,11 @@ CURLcode Curl_ntlm_core_mk_nt_hash(struct Curl_easy *data,
-                                    unsigned char *ntbuffer /* 21 bytes */)
- {
-   size_t len = strlen(password);
-  unsigned char *pw = len ? malloc(len * 2) : strdup("");
-+  unsigned char *pw;
-   CURLcode result;
-+  if(len > SIZE_T_MAX/2) /* avoid integer overflow */
-+    return CURLE_OUT_OF_MEMORY;
-+  pw = len ? malloc(len * 2) : strdup("");
-   if(!pw)
-     return CURLE_OUT_OF_MEMORY;

diff --git a/meta/recipes-support/curl/curl/CVE-2018-14618.patch b/meta/recipes-support/curl/curl/CVE-2018-14618.patch deleted file mode 100644 index db07b436d3..0000000000 --- a/meta/recipes-support/curl/curl/CVE-2018-14618.patch +++ /dev/null
@@ -1,37 +0,0 @@
1	From 57d299a499155d4b327e341c6024e293b0418243 Mon Sep 17 00:00:00 2001
2	From: Daniel Stenberg <daniel@haxx.se>
3	Date: Mon, 13 Aug 2018 10:35:52 +0200
4	Subject: [PATCH] Curl_ntlm_core_mk_nt_hash: return error on too long password
5
6	... since it would cause an integer overflow if longer than (max size_t
7	/ 2).
8
9	This is CVE-2018-14618
10
11	Bug: https://curl.haxx.se/docs/CVE-2018-14618.html
12	Closes #2756
13	Reported-by: Zhaoyang Wu
14
15	CVE: CVE-2018-14618
16	Upstream-Status: Backport
17	Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
18	---
19	lib/curl_ntlm_core.c \| 5 ++++-
20	1 file changed, 4 insertions(+), 1 deletion(-)
21
22	diff --git a/lib/curl_ntlm_core.c b/lib/curl_ntlm_core.c
23	index e27cab353c..922e85a926 100644
24	--- a/lib/curl_ntlm_core.c
25	+++ b/lib/curl_ntlm_core.c
26	@@ -557,8 +557,11 @@ CURLcode Curl_ntlm_core_mk_nt_hash(struct Curl_easy *data,
27	unsigned char ntbuffer / 21 bytes */)
28	{
29	size_t len = strlen(password);
30	- unsigned char pw = len ? malloc(len 2) : strdup("");
31	+ unsigned char *pw;
32	CURLcode result;
33	+ if(len > SIZE_T_MAX/2) /* avoid integer overflow */
34	+ return CURLE_OUT_OF_MEMORY;
35	+ pw = len ? malloc(len * 2) : strdup("");
36	if(!pw)
37	return CURLE_OUT_OF_MEMORY;