diff options
Diffstat (limited to 'meta/recipes-support/curl/curl/CVE-2022-27781.patch')
-rw-r--r-- | meta/recipes-support/curl/curl/CVE-2022-27781.patch | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2022-27781.patch b/meta/recipes-support/curl/curl/CVE-2022-27781.patch new file mode 100644 index 0000000000..ea1bc22928 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2022-27781.patch | |||
@@ -0,0 +1,46 @@ | |||
1 | From 7a1f183039a6a6c9099a114f5e5c94777413c767 Mon Sep 17 00:00:00 2001 | ||
2 | From: Daniel Stenberg <daniel@haxx.se> | ||
3 | Date: Mon, 9 May 2022 10:07:15 +0200 | ||
4 | Subject: [PATCH] nss: return error if seemingly stuck in a cert loop | ||
5 | MIME-Version: 1.0 | ||
6 | Content-Type: text/plain; charset=UTF-8 | ||
7 | Content-Transfer-Encoding: 8bit | ||
8 | |||
9 | CVE-2022-27781 | ||
10 | |||
11 | Reported-by: Florian Kohnhäuser | ||
12 | Bug: https://curl.se/docs/CVE-2022-27781.html | ||
13 | Closes #8822 | ||
14 | |||
15 | Upstream-Status: Backport [https://github.com/curl/curl/commit/5c7da89d404bf59c8dd82a001119a16d18365917] | ||
16 | Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> | ||
17 | --- | ||
18 | lib/vtls/nss.c | 8 ++++++++ | ||
19 | 1 file changed, 8 insertions(+) | ||
20 | |||
21 | diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c | ||
22 | index 375c78b..86102f7 100644 | ||
23 | --- a/lib/vtls/nss.c | ||
24 | +++ b/lib/vtls/nss.c | ||
25 | @@ -950,6 +950,9 @@ static void display_cert_info(struct Curl_easy *data, | ||
26 | PR_Free(common_name); | ||
27 | } | ||
28 | |||
29 | +/* A number of certs that will never occur in a real server handshake */ | ||
30 | +#define TOO_MANY_CERTS 300 | ||
31 | + | ||
32 | static CURLcode display_conn_info(struct connectdata *conn, PRFileDesc *sock) | ||
33 | { | ||
34 | CURLcode result = CURLE_OK; | ||
35 | @@ -986,6 +989,11 @@ static CURLcode display_conn_info(struct connectdata *conn, PRFileDesc *sock) | ||
36 | cert2 = CERT_FindCertIssuer(cert, now, certUsageSSLCA); | ||
37 | while(cert2) { | ||
38 | i++; | ||
39 | + if(i >= TOO_MANY_CERTS) { | ||
40 | + CERT_DestroyCertificate(cert2); | ||
41 | + failf(data, "certificate loop"); | ||
42 | + return CURLE_SSL_CERTPROBLEM; | ||
43 | + } | ||
44 | if(cert2->isRoot) { | ||
45 | CERT_DestroyCertificate(cert2); | ||
46 | break; | ||