1 files changed, 59 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2023-27533.patch b/meta/recipes-support/curl/curl/CVE-2023-27533.patch
new file mode 100644
index 0000000000..64ba135056
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2023-27533.patch
@@ -0,0 +1,59 @@
+Backport of:
+From 538b1e79a6e7b0bb829ab4cecc828d32105d0684 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 6 Mar 2023 12:07:33 +0100
+Subject: [PATCH] telnet: only accept option arguments in ascii
+To avoid embedded telnet negotiation commands etc.
+Reported-by: Harry Sintonen
+Closes #10728
+Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/curl/tree/debian/patches/CVE-2023-27533.patch?h=ubuntu/focal-security
+Upstream commit https://github.com/curl/curl/commit/538b1e79a6e7b0bb829ab4cecc828d32105d0684]
+CVE: CVE-2023-27533
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ lib/telnet.c | 15 +++++++++++++++
+ 1 file changed, 15 insertions(+)
+--- a/lib/telnet.c
+++ b/lib/telnet.c
+@@ -815,6 +815,17 @@ static void printsub(struct Curl_easy *d
+   }
+ }
+ 
+static bool str_is_nonascii(const char *str)
+{
+  size_t len = strlen(str);
+  while(len--) {
+    if(*str & 0x80)
+      return TRUE;
+    str++;
+  }
+  return FALSE;
+}
+
+ static CURLcode check_telnet_options(struct connectdata *conn)
+ {
+   struct curl_slist *head;
+@@ -829,6 +840,8 @@ static CURLcode check_telnet_options(str
+   /* Add the user name as an environment variable if it
+      was given on the command line */
+   if(conn->bits.user_passwd) {
+    if(str_is_nonascii(data->conn->user))
+      return CURLE_BAD_FUNCTION_ARGUMENT;
+     msnprintf(option_arg, sizeof(option_arg), "USER,%s", conn->user);
+     beg = curl_slist_append(tn->telnet_vars, option_arg);
+     if(!beg) {
+@@ -844,6 +857,9 @@ static CURLcode check_telnet_options(str
+     if(sscanf(head->data, "%127[^= ]%*[ =]%255s",
+               option_keyword, option_arg) == 2) {
+ 
+      if(str_is_nonascii(option_arg))
+        continue;
+
+       /* Terminal type */
+       if(strcasecompare(option_keyword, "TTYPE")) {
+         strncpy(tn->subopt_ttype, option_arg, 31);

diff --git a/meta/recipes-support/curl/curl/CVE-2023-27533.patch b/meta/recipes-support/curl/curl/CVE-2023-27533.patch new file mode 100644 index 0000000000..64ba135056 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2023-27533.patch
@@ -0,0 +1,59 @@
	1	Backport of:
	2
	3	From 538b1e79a6e7b0bb829ab4cecc828d32105d0684 Mon Sep 17 00:00:00 2001
	4	From: Daniel Stenberg <daniel@haxx.se>
	5	Date: Mon, 6 Mar 2023 12:07:33 +0100
	6	Subject: [PATCH] telnet: only accept option arguments in ascii
	7
	8	To avoid embedded telnet negotiation commands etc.
	9
	10	Reported-by: Harry Sintonen
	11	Closes #10728
	12
	13	Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/curl/tree/debian/patches/CVE-2023-27533.patch?h=ubuntu/focal-security
	14	Upstream commit https://github.com/curl/curl/commit/538b1e79a6e7b0bb829ab4cecc828d32105d0684]
	15	CVE: CVE-2023-27533
	16	Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
	17	---
	18	lib/telnet.c \| 15 +++++++++++++++
	19	1 file changed, 15 insertions(+)
	20
	21	--- a/lib/telnet.c
	22	+++ b/lib/telnet.c
	23	@@ -815,6 +815,17 @@ static void printsub(struct Curl_easy *d
	24	}
	25	}
	26
	27	+static bool str_is_nonascii(const char *str)
	28	+{
	29	+ size_t len = strlen(str);
	30	+ while(len--) {
	31	+ if(*str & 0x80)
	32	+ return TRUE;
	33	+ str++;
	34	+ }
	35	+ return FALSE;
	36	+}
	37	+
	38	static CURLcode check_telnet_options(struct connectdata *conn)
	39	{
	40	struct curl_slist *head;
	41	@@ -829,6 +840,8 @@ static CURLcode check_telnet_options(str
	42	/* Add the user name as an environment variable if it
	43	was given on the command line */
	44	if(conn->bits.user_passwd) {
	45	+ if(str_is_nonascii(data->conn->user))
	46	+ return CURLE_BAD_FUNCTION_ARGUMENT;
	47	msnprintf(option_arg, sizeof(option_arg), "USER,%s", conn->user);
	48	beg = curl_slist_append(tn->telnet_vars, option_arg);
	49	if(!beg) {
	50	@@ -844,6 +857,9 @@ static CURLcode check_telnet_options(str
	51	if(sscanf(head->data, "%127[^= ]%*[ =]%255s",
	52	option_keyword, option_arg) == 2) {
	53
	54	+ if(str_is_nonascii(option_arg))
	55	+ continue;
	56	+
	57	/* Terminal type */
	58	if(strcasecompare(option_keyword, "TTYPE")) {
	59	strncpy(tn->subopt_ttype, option_arg, 31);