1 files changed, 26 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2021-22898.patch b/meta/recipes-support/curl/curl/CVE-2021-22898.patch
new file mode 100644
index 0000000000..0800e10175
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2021-22898.patch
@@ -0,0 +1,26 @@
+From 39ce47f219b09c380b81f89fe54ac586c8db6bde Mon Sep 17 00:00:00 2001
+From: Harry Sintonen <sintonen@iki.fi>
+Date: Fri, 7 May 2021 13:09:57 +0200
+Subject: [PATCH] telnet: check sscanf() for correct number of matches
+CVE: CVE-2021-22898
+Upstream-Status: Backport
+Link: https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde
+Bug: https://curl.se/docs/CVE-2021-22898.html
+---
+ lib/telnet.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/lib/telnet.c b/lib/telnet.c
+index 26e0658ba9cc..fdd137fb0c04 100644
+--- a/lib/telnet.c
+++ b/lib/telnet.c
+@@ -922,7 +922,7 @@ static void suboption(struct Curl_easy *data)
+         size_t tmplen = (strlen(v->data) + 1);
+         /* Add the variable only if it fits */
+         if(len + tmplen < (int)sizeof(temp)-6) {
+-          if(sscanf(v->data, "%127[^,],%127s", varname, varval)) {
+          if(sscanf(v->data, "%127[^,],%127s", varname, varval) == 2) {
+             msnprintf((char *)&temp[len], sizeof(temp) - len,
+                       "%c%s%c%s", CURL_NEW_ENV_VAR, varname,
+                       CURL_NEW_ENV_VALUE, varval);

diff --git a/meta/recipes-support/curl/curl/CVE-2021-22898.patch b/meta/recipes-support/curl/curl/CVE-2021-22898.patch new file mode 100644 index 0000000000..0800e10175 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2021-22898.patch
@@ -0,0 +1,26 @@
	1	From 39ce47f219b09c380b81f89fe54ac586c8db6bde Mon Sep 17 00:00:00 2001
	2	From: Harry Sintonen <sintonen@iki.fi>
	3	Date: Fri, 7 May 2021 13:09:57 +0200
	4	Subject: [PATCH] telnet: check sscanf() for correct number of matches
	5
	6	CVE: CVE-2021-22898
	7	Upstream-Status: Backport
	8	Link: https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde
	9	Bug: https://curl.se/docs/CVE-2021-22898.html
	10	---
	11	lib/telnet.c \| 2 +-
	12	1 file changed, 1 insertion(+), 1 deletion(-)
	13
	14	diff --git a/lib/telnet.c b/lib/telnet.c
	15	index 26e0658ba9cc..fdd137fb0c04 100644
	16	--- a/lib/telnet.c
	17	+++ b/lib/telnet.c
	18	@@ -922,7 +922,7 @@ static void suboption(struct Curl_easy *data)
	19	size_t tmplen = (strlen(v->data) + 1);
	20	/* Add the variable only if it fits */
	21	if(len + tmplen < (int)sizeof(temp)-6) {
	22	- if(sscanf(v->data, "%127[^,],%127s", varname, varval)) {
	23	+ if(sscanf(v->data, "%127[^,],%127s", varname, varval) == 2) {
	24	msnprintf((char *)&temp[len], sizeof(temp) - len,
	25	"%c%s%c%s", CURL_NEW_ENV_VAR, varname,
	26	CURL_NEW_ENV_VALUE, varval);