diff options
Diffstat (limited to 'meta/recipes-support/curl/curl/CVE-2019-15601.patch')
-rw-r--r-- | meta/recipes-support/curl/curl/CVE-2019-15601.patch | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2019-15601.patch b/meta/recipes-support/curl/curl/CVE-2019-15601.patch new file mode 100644 index 0000000000..7bfaae7b21 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2019-15601.patch | |||
@@ -0,0 +1,46 @@ | |||
1 | Upstream-Status: Backport [https://github.com/curl/curl/commit/1b71bc532bde8621fd3260843f8197182a467ff2] | ||
2 | CVE: CVE-2019-15601 | ||
3 | Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> | ||
4 | |||
5 | From 1b71bc532bde8621fd3260843f8197182a467ff2 Mon Sep 17 00:00:00 2001 | ||
6 | From: Daniel Stenberg <daniel@haxx.se> | ||
7 | Date: Thu, 7 Nov 2019 10:13:01 +0100 | ||
8 | Subject: [PATCH] file: on Windows, refuse paths that start with \\ | ||
9 | MIME-Version: 1.0 | ||
10 | Content-Type: text/plain; charset=UTF-8 | ||
11 | Content-Transfer-Encoding: 8bit | ||
12 | |||
13 | ... as that might cause an unexpected SMB connection to a given host | ||
14 | name. | ||
15 | |||
16 | Reported-by: Fernando Muñoz | ||
17 | CVE-2019-15601 | ||
18 | Bug: https://curl.haxx.se/docs/CVE-2019-15601.html | ||
19 | --- | ||
20 | lib/file.c | 6 ++++-- | ||
21 | 1 file changed, 4 insertions(+), 2 deletions(-) | ||
22 | |||
23 | diff --git a/lib/file.c b/lib/file.c | ||
24 | index d349cd9241..166931d7f1 100644 | ||
25 | --- a/lib/file.c | ||
26 | +++ b/lib/file.c | ||
27 | @@ -136,7 +136,7 @@ static CURLcode file_connect(struct connectdata *conn, bool *done) | ||
28 | struct Curl_easy *data = conn->data; | ||
29 | char *real_path; | ||
30 | struct FILEPROTO *file = data->req.protop; | ||
31 | - int fd; | ||
32 | + int fd = -1; | ||
33 | #ifdef DOS_FILESYSTEM | ||
34 | size_t i; | ||
35 | char *actual_path; | ||
36 | @@ -181,7 +181,9 @@ static CURLcode file_connect(struct connectdata *conn, bool *done) | ||
37 | return CURLE_URL_MALFORMAT; | ||
38 | } | ||
39 | |||
40 | - fd = open_readonly(actual_path, O_RDONLY|O_BINARY); | ||
41 | + if(strncmp("\\\\", actual_path, 2)) | ||
42 | + /* refuse to open path that starts with two backslashes */ | ||
43 | + fd = open_readonly(actual_path, O_RDONLY|O_BINARY); | ||
44 | file->path = actual_path; | ||
45 | #else | ||
46 | if(memchr(real_path, 0, real_path_len)) { | ||