1 files changed, 46 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2022-27781.patch b/meta/recipes-support/curl/curl/CVE-2022-27781.patch
new file mode 100644
index 0000000000..ea1bc22928
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2022-27781.patch
@@ -0,0 +1,46 @@
+From 7a1f183039a6a6c9099a114f5e5c94777413c767 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 9 May 2022 10:07:15 +0200
+Subject: [PATCH] nss: return error if seemingly stuck in a cert loop
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+CVE-2022-27781
+Reported-by: Florian Kohnhäuser
+Bug: https://curl.se/docs/CVE-2022-27781.html
+Closes #8822
+Upstream-Status: Backport [https://github.com/curl/curl/commit/5c7da89d404bf59c8dd82a001119a16d18365917]
+Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
+---
+ lib/vtls/nss.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
+index 375c78b..86102f7 100644
+--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
+@@ -950,6 +950,9 @@ static void display_cert_info(struct Curl_easy *data,
+   PR_Free(common_name);
+ }
+ 
+/* A number of certs that will never occur in a real server handshake */
+#define TOO_MANY_CERTS 300
+
+ static CURLcode display_conn_info(struct connectdata *conn, PRFileDesc *sock)
+ {
+   CURLcode result = CURLE_OK;
+@@ -986,6 +989,11 @@ static CURLcode display_conn_info(struct connectdata *conn, PRFileDesc *sock)
+         cert2 = CERT_FindCertIssuer(cert, now, certUsageSSLCA);
+         while(cert2) {
+           i++;
+          if(i >= TOO_MANY_CERTS) {
+            CERT_DestroyCertificate(cert2);
+            failf(data, "certificate loop");
+            return CURLE_SSL_CERTPROBLEM;
+          }
+           if(cert2->isRoot) {
+             CERT_DestroyCertificate(cert2);
+             break;

diff --git a/meta/recipes-support/curl/curl/CVE-2022-27781.patch b/meta/recipes-support/curl/curl/CVE-2022-27781.patch new file mode 100644 index 0000000000..ea1bc22928 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2022-27781.patch
@@ -0,0 +1,46 @@
	1	From 7a1f183039a6a6c9099a114f5e5c94777413c767 Mon Sep 17 00:00:00 2001
	2	From: Daniel Stenberg <daniel@haxx.se>
	3	Date: Mon, 9 May 2022 10:07:15 +0200
	4	Subject: [PATCH] nss: return error if seemingly stuck in a cert loop
	5	MIME-Version: 1.0
	6	Content-Type: text/plain; charset=UTF-8
	7	Content-Transfer-Encoding: 8bit
	8
	9	CVE-2022-27781
	10
	11	Reported-by: Florian Kohnhäuser
	12	Bug: https://curl.se/docs/CVE-2022-27781.html
	13	Closes #8822
	14
	15	Upstream-Status: Backport [https://github.com/curl/curl/commit/5c7da89d404bf59c8dd82a001119a16d18365917]
	16	Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
	17	---
	18	lib/vtls/nss.c \| 8 ++++++++
	19	1 file changed, 8 insertions(+)
	20
	21	diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
	22	index 375c78b..86102f7 100644
	23	--- a/lib/vtls/nss.c
	24	+++ b/lib/vtls/nss.c
	25	@@ -950,6 +950,9 @@ static void display_cert_info(struct Curl_easy *data,
	26	PR_Free(common_name);
	27	}
	28
	29	+/* A number of certs that will never occur in a real server handshake */
	30	+#define TOO_MANY_CERTS 300
	31	+
	32	static CURLcode display_conn_info(struct connectdata conn, PRFileDesc sock)
	33	{
	34	CURLcode result = CURLE_OK;
	35	@@ -986,6 +989,11 @@ static CURLcode display_conn_info(struct connectdata conn, PRFileDesc sock)
	36	cert2 = CERT_FindCertIssuer(cert, now, certUsageSSLCA);
	37	while(cert2) {
	38	i++;
	39	+ if(i >= TOO_MANY_CERTS) {
	40	+ CERT_DestroyCertificate(cert2);
	41	+ failf(data, "certificate loop");
	42	+ return CURLE_SSL_CERTPROBLEM;
	43	+ }
	44	if(cert2->isRoot) {
	45	CERT_DestroyCertificate(cert2);
	46	break;