diff options
Diffstat (limited to 'meta/recipes-support/curl/curl/CVE-2022-43552.patch')
-rw-r--r-- | meta/recipes-support/curl/curl/CVE-2022-43552.patch | 82 |
1 files changed, 82 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2022-43552.patch b/meta/recipes-support/curl/curl/CVE-2022-43552.patch new file mode 100644 index 0000000000..d729441454 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2022-43552.patch | |||
@@ -0,0 +1,82 @@ | |||
1 | rom 4f20188ac644afe174be6005ef4f6ffba232b8b2 Mon Sep 17 00:00:00 2001 | ||
2 | From: Daniel Stenberg <daniel@haxx.se> | ||
3 | Date: Mon, 19 Dec 2022 08:38:37 +0100 | ||
4 | Subject: [PATCH] smb/telnet: do not free the protocol struct in *_done() | ||
5 | |||
6 | It is managed by the generic layer. | ||
7 | |||
8 | Reported-by: Trail of Bits | ||
9 | |||
10 | Closes #10112 | ||
11 | |||
12 | CVE: CVE-2022-43552 | ||
13 | Upstream-Status: Backport [https://github.com/curl/curl/commit/4f20188ac644afe174be6005ef4f6ffba232b8b2] | ||
14 | Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> | ||
15 | --- | ||
16 | lib/smb.c | 14 ++------------ | ||
17 | lib/telnet.c | 3 --- | ||
18 | 2 files changed, 2 insertions(+), 15 deletions(-) | ||
19 | |||
20 | diff --git a/lib/smb.c b/lib/smb.c | ||
21 | index 12f9925..8db3b27 100644 | ||
22 | --- a/lib/smb.c | ||
23 | +++ b/lib/smb.c | ||
24 | @@ -61,8 +61,6 @@ static CURLcode smb_connect(struct connectdata *conn, bool *done); | ||
25 | static CURLcode smb_connection_state(struct connectdata *conn, bool *done); | ||
26 | static CURLcode smb_do(struct connectdata *conn, bool *done); | ||
27 | static CURLcode smb_request_state(struct connectdata *conn, bool *done); | ||
28 | -static CURLcode smb_done(struct connectdata *conn, CURLcode status, | ||
29 | - bool premature); | ||
30 | static CURLcode smb_disconnect(struct connectdata *conn, bool dead); | ||
31 | static int smb_getsock(struct connectdata *conn, curl_socket_t *socks); | ||
32 | static CURLcode smb_parse_url_path(struct connectdata *conn); | ||
33 | @@ -74,7 +72,7 @@ const struct Curl_handler Curl_handler_smb = { | ||
34 | "SMB", /* scheme */ | ||
35 | smb_setup_connection, /* setup_connection */ | ||
36 | smb_do, /* do_it */ | ||
37 | - smb_done, /* done */ | ||
38 | + ZERO_NULL, /* done */ | ||
39 | ZERO_NULL, /* do_more */ | ||
40 | smb_connect, /* connect_it */ | ||
41 | smb_connection_state, /* connecting */ | ||
42 | @@ -99,7 +97,7 @@ const struct Curl_handler Curl_handler_smbs = { | ||
43 | "SMBS", /* scheme */ | ||
44 | smb_setup_connection, /* setup_connection */ | ||
45 | smb_do, /* do_it */ | ||
46 | - smb_done, /* done */ | ||
47 | + ZERO_NULL, /* done */ | ||
48 | ZERO_NULL, /* do_more */ | ||
49 | smb_connect, /* connect_it */ | ||
50 | smb_connection_state, /* connecting */ | ||
51 | @@ -919,14 +917,6 @@ static CURLcode smb_request_state(struct connectdata *conn, bool *done) | ||
52 | return CURLE_OK; | ||
53 | } | ||
54 | |||
55 | -static CURLcode smb_done(struct connectdata *conn, CURLcode status, | ||
56 | - bool premature) | ||
57 | -{ | ||
58 | - (void) premature; | ||
59 | - Curl_safefree(conn->data->req.protop); | ||
60 | - return status; | ||
61 | -} | ||
62 | - | ||
63 | static CURLcode smb_disconnect(struct connectdata *conn, bool dead) | ||
64 | { | ||
65 | struct smb_conn *smbc = &conn->proto.smbc; | ||
66 | diff --git a/lib/telnet.c b/lib/telnet.c | ||
67 | index 3347ad6..e3b9208 100644 | ||
68 | --- a/lib/telnet.c | ||
69 | +++ b/lib/telnet.c | ||
70 | @@ -1294,9 +1294,6 @@ static CURLcode telnet_done(struct connectdata *conn, | ||
71 | |||
72 | curl_slist_free_all(tn->telnet_vars); | ||
73 | tn->telnet_vars = NULL; | ||
74 | - | ||
75 | - Curl_safefree(conn->data->req.protop); | ||
76 | - | ||
77 | return CURLE_OK; | ||
78 | } | ||
79 | |||
80 | -- | ||
81 | 2.25.1 | ||
82 | |||