diff options
Diffstat (limited to 'meta/recipes-support/curl/curl/CVE-2022-43552.patch')
| -rw-r--r-- | meta/recipes-support/curl/curl/CVE-2022-43552.patch | 82 |
1 files changed, 82 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2022-43552.patch b/meta/recipes-support/curl/curl/CVE-2022-43552.patch new file mode 100644 index 0000000000..d729441454 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2022-43552.patch | |||
| @@ -0,0 +1,82 @@ | |||
| 1 | rom 4f20188ac644afe174be6005ef4f6ffba232b8b2 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Daniel Stenberg <daniel@haxx.se> | ||
| 3 | Date: Mon, 19 Dec 2022 08:38:37 +0100 | ||
| 4 | Subject: [PATCH] smb/telnet: do not free the protocol struct in *_done() | ||
| 5 | |||
| 6 | It is managed by the generic layer. | ||
| 7 | |||
| 8 | Reported-by: Trail of Bits | ||
| 9 | |||
| 10 | Closes #10112 | ||
| 11 | |||
| 12 | CVE: CVE-2022-43552 | ||
| 13 | Upstream-Status: Backport [https://github.com/curl/curl/commit/4f20188ac644afe174be6005ef4f6ffba232b8b2] | ||
| 14 | Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> | ||
| 15 | --- | ||
| 16 | lib/smb.c | 14 ++------------ | ||
| 17 | lib/telnet.c | 3 --- | ||
| 18 | 2 files changed, 2 insertions(+), 15 deletions(-) | ||
| 19 | |||
| 20 | diff --git a/lib/smb.c b/lib/smb.c | ||
| 21 | index 12f9925..8db3b27 100644 | ||
| 22 | --- a/lib/smb.c | ||
| 23 | +++ b/lib/smb.c | ||
| 24 | @@ -61,8 +61,6 @@ static CURLcode smb_connect(struct connectdata *conn, bool *done); | ||
| 25 | static CURLcode smb_connection_state(struct connectdata *conn, bool *done); | ||
| 26 | static CURLcode smb_do(struct connectdata *conn, bool *done); | ||
| 27 | static CURLcode smb_request_state(struct connectdata *conn, bool *done); | ||
| 28 | -static CURLcode smb_done(struct connectdata *conn, CURLcode status, | ||
| 29 | - bool premature); | ||
| 30 | static CURLcode smb_disconnect(struct connectdata *conn, bool dead); | ||
| 31 | static int smb_getsock(struct connectdata *conn, curl_socket_t *socks); | ||
| 32 | static CURLcode smb_parse_url_path(struct connectdata *conn); | ||
| 33 | @@ -74,7 +72,7 @@ const struct Curl_handler Curl_handler_smb = { | ||
| 34 | "SMB", /* scheme */ | ||
| 35 | smb_setup_connection, /* setup_connection */ | ||
| 36 | smb_do, /* do_it */ | ||
| 37 | - smb_done, /* done */ | ||
| 38 | + ZERO_NULL, /* done */ | ||
| 39 | ZERO_NULL, /* do_more */ | ||
| 40 | smb_connect, /* connect_it */ | ||
| 41 | smb_connection_state, /* connecting */ | ||
| 42 | @@ -99,7 +97,7 @@ const struct Curl_handler Curl_handler_smbs = { | ||
| 43 | "SMBS", /* scheme */ | ||
| 44 | smb_setup_connection, /* setup_connection */ | ||
| 45 | smb_do, /* do_it */ | ||
| 46 | - smb_done, /* done */ | ||
| 47 | + ZERO_NULL, /* done */ | ||
| 48 | ZERO_NULL, /* do_more */ | ||
| 49 | smb_connect, /* connect_it */ | ||
| 50 | smb_connection_state, /* connecting */ | ||
| 51 | @@ -919,14 +917,6 @@ static CURLcode smb_request_state(struct connectdata *conn, bool *done) | ||
| 52 | return CURLE_OK; | ||
| 53 | } | ||
| 54 | |||
| 55 | -static CURLcode smb_done(struct connectdata *conn, CURLcode status, | ||
| 56 | - bool premature) | ||
| 57 | -{ | ||
| 58 | - (void) premature; | ||
| 59 | - Curl_safefree(conn->data->req.protop); | ||
| 60 | - return status; | ||
| 61 | -} | ||
| 62 | - | ||
| 63 | static CURLcode smb_disconnect(struct connectdata *conn, bool dead) | ||
| 64 | { | ||
| 65 | struct smb_conn *smbc = &conn->proto.smbc; | ||
| 66 | diff --git a/lib/telnet.c b/lib/telnet.c | ||
| 67 | index 3347ad6..e3b9208 100644 | ||
| 68 | --- a/lib/telnet.c | ||
| 69 | +++ b/lib/telnet.c | ||
| 70 | @@ -1294,9 +1294,6 @@ static CURLcode telnet_done(struct connectdata *conn, | ||
| 71 | |||
| 72 | curl_slist_free_all(tn->telnet_vars); | ||
| 73 | tn->telnet_vars = NULL; | ||
| 74 | - | ||
| 75 | - Curl_safefree(conn->data->req.protop); | ||
| 76 | - | ||
| 77 | return CURLE_OK; | ||
| 78 | } | ||
| 79 | |||
| 80 | -- | ||
| 81 | 2.25.1 | ||
| 82 | |||