diff options
Diffstat (limited to 'meta/recipes-support/curl/curl/CVE-2023-27534-pre1.patch')
-rw-r--r-- | meta/recipes-support/curl/curl/CVE-2023-27534-pre1.patch | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2023-27534-pre1.patch b/meta/recipes-support/curl/curl/CVE-2023-27534-pre1.patch new file mode 100644 index 0000000000..46c57afb73 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2023-27534-pre1.patch | |||
@@ -0,0 +1,51 @@ | |||
1 | From 6c51adeb71da076c5c40a45e339e06bb4394a86b Mon Sep 17 00:00:00 2001 | ||
2 | From: Eric Vigeant <evigeant@gmail.com> | ||
3 | Date: Wed, 2 Nov 2022 11:47:09 -0400 | ||
4 | Subject: [PATCH] cur_path: do not add '/' if homedir ends with one | ||
5 | |||
6 | When using SFTP and a path relative to the user home, do not add a | ||
7 | trailing '/' to the user home dir if it already ends with one. | ||
8 | |||
9 | Closes #9844 | ||
10 | |||
11 | CVE: CVE-2023-27534 | ||
12 | Note: | ||
13 | - The upstream patch for CVE-2023-27534 does three things: | ||
14 | 1) creates new path with dynbuf(dynamic buffer) | ||
15 | 2) solves the tilde error which causes CVE-2023-27534 | ||
16 | 3) modifies the below added functionality to not add a trailing "/" to the user home dir if it already ends with one with dynbuf. | ||
17 | - dynbuf functionalities are added in curl in later versions and are not essential to fix the vulnerability but does add extra feature in later versions. | ||
18 | - This patch completes the 3rd task of the patch which was implemented without using dynbuf | ||
19 | Upstream-Status: Backport from [https://github.com/curl/curl/commit/6c51adeb71da076c5c40a45e339e06bb4394a86b] | ||
20 | |||
21 | Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> | ||
22 | Signed-off-by: Siddharth Doshi <sdoshi@mvista.com> | ||
23 | --- | ||
24 | lib/curl_path.c | 10 +++++++--- | ||
25 | 1 file changed, 7 insertions(+), 3 deletions(-) | ||
26 | |||
27 | diff --git a/lib/curl_path.c b/lib/curl_path.c | ||
28 | index f429634..40b92ee 100644 | ||
29 | --- a/lib/curl_path.c | ||
30 | +++ b/lib/curl_path.c | ||
31 | @@ -70,10 +70,14 @@ CURLcode Curl_getworkingpath(struct connectdata *conn, | ||
32 | /* It is referenced to the home directory, so strip the | ||
33 | leading '/' */ | ||
34 | memcpy(real_path, homedir, homelen); | ||
35 | - real_path[homelen] = '/'; | ||
36 | - real_path[homelen + 1] = '\0'; | ||
37 | + /* Only add a trailing '/' if homedir does not end with one */ | ||
38 | + if(homelen == 0 || real_path[homelen - 1] != '/') { | ||
39 | + real_path[homelen] = '/'; | ||
40 | + homelen++; | ||
41 | + real_path[homelen] = '\0'; | ||
42 | + } | ||
43 | if(working_path_len > 3) { | ||
44 | - memcpy(real_path + homelen + 1, working_path + 3, | ||
45 | + memcpy(real_path + homelen, working_path + 3, | ||
46 | 1 + working_path_len -3); | ||
47 | } | ||
48 | } | ||
49 | -- | ||
50 | 2.24.4 | ||
51 | |||