1 files changed, 170 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2023-27535.patch b/meta/recipes-support/curl/curl/CVE-2023-27535.patch
new file mode 100644
index 0000000000..e38390a57c
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2023-27535.patch
@@ -0,0 +1,170 @@
+From 8f4608468b890dce2dad9f91d5607ee7e9c1aba1 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 9 Mar 2023 17:47:06 +0100
+Subject: [PATCH] ftp: add more conditions for connection reuse
+Reported-by: Harry Sintonen
+Closes #10730
+Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/curl/tree/debian/patches/CVE-2023-27535.patch?h=ubuntu/focal-security
+Upstream commit https://github.com/curl/curl/commit/8f4608468b890dce2dad9f91d5607ee7e9c1aba1]
+CVE: CVE-2023-27535
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ lib/ftp.c     | 30 ++++++++++++++++++++++++++++--
+ lib/ftp.h     |  5 +++++
+ lib/setopt.c  |  2 +-
+ lib/url.c     | 16 +++++++++++++++-
+ lib/urldata.h |  4 ++--
+ 5 files changed, 51 insertions(+), 6 deletions(-)
+diff --git a/lib/ftp.c b/lib/ftp.c
+index 31a34e8..7a82a74 100644
+--- a/lib/ftp.c
+++ b/lib/ftp.c
+@@ -4059,6 +4059,10 @@ static CURLcode ftp_disconnect(struct connectdata *conn, bool dead_connection)
+   }
+ 
+   freedirs(ftpc);
+  free(ftpc->account);
+  ftpc->account = NULL;
+  free(ftpc->alternative_to_user);
+  ftpc->alternative_to_user = NULL;
+   free(ftpc->prevpath);
+   ftpc->prevpath = NULL;
+   free(ftpc->server_os);
+@@ -4326,11 +4330,31 @@ static CURLcode ftp_setup_connection(struct connectdata *conn)
+   struct Curl_easy *data = conn->data;
+   char *type;
+   struct FTP *ftp;
+  struct ftp_conn *ftpc = &conn->proto.ftpc;
+ 
+-  conn->data->req.protop = ftp = calloc(sizeof(struct FTP), 1);
+  ftp = calloc(sizeof(struct FTP), 1);
+   if(NULL == ftp)
+     return CURLE_OUT_OF_MEMORY;
+ 
+  /* clone connection related data that is FTP specific */
+  if(data->set.str[STRING_FTP_ACCOUNT]) {
+    ftpc->account = strdup(data->set.str[STRING_FTP_ACCOUNT]);
+    if(!ftpc->account) {
+      free(ftp);
+      return CURLE_OUT_OF_MEMORY;
+    }
+  }
+  if(data->set.str[STRING_FTP_ALTERNATIVE_TO_USER]) {
+    ftpc->alternative_to_user =
+      strdup(data->set.str[STRING_FTP_ALTERNATIVE_TO_USER]);
+    if(!ftpc->alternative_to_user) {
+      Curl_safefree(ftpc->account);
+      free(ftp);
+      return CURLE_OUT_OF_MEMORY;
+    }
+  }
+  conn->data->req.protop = ftp;
+
+   ftp->path = &data->state.up.path[1]; /* don't include the initial slash */
+ 
+   /* FTP URLs support an extension like ";type=<typecode>" that
+@@ -4366,7 +4390,9 @@ static CURLcode ftp_setup_connection(struct connectdata *conn)
+   /* get some initial data into the ftp struct */
+   ftp->transfer = FTPTRANSFER_BODY;
+   ftp->downloadsize = 0;
+-  conn->proto.ftpc.known_filesize = -1; /* unknown size for now */
+  ftpc->known_filesize = -1; /* unknown size for now */
+  ftpc->use_ssl = data->set.use_ssl;
+  ftpc->ccc = data->set.ftp_ccc;
+ 
+   return CURLE_OK;
+ }
+diff --git a/lib/ftp.h b/lib/ftp.h
+index 984347f..163dcb3 100644
+--- a/lib/ftp.h
+++ b/lib/ftp.h
+@@ -116,6 +116,8 @@ struct FTP {
+    struct */
+ struct ftp_conn {
+   struct pingpong pp;
+  char *account;
+  char *alternative_to_user;
+   char *entrypath; /* the PWD reply when we logged on */
+   char **dirs;   /* realloc()ed array for path components */
+   int dirdepth;  /* number of entries used in the 'dirs' array */
+@@ -141,6 +143,9 @@ struct ftp_conn {
+   ftpstate state; /* always use ftp.c:state() to change state! */
+   ftpstate state_saved; /* transfer type saved to be reloaded after
+                            data connection is established */
+  unsigned char use_ssl;   /* if AUTH TLS is to be attempted etc, for FTP or
+                              IMAP or POP3 or others! (type: curl_usessl)*/
+  unsigned char ccc;       /* ccc level for this connection */
+   curl_off_t retr_size_saved; /* Size of retrieved file saved */
+   char *server_os;     /* The target server operating system. */
+   curl_off_t known_filesize; /* file size is different from -1, if wildcard
+diff --git a/lib/setopt.c b/lib/setopt.c
+index 4d96f6b..a91bb70 100644
+--- a/lib/setopt.c
+++ b/lib/setopt.c
+@@ -2126,7 +2126,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
+     arg = va_arg(param, long);
+     if((arg < CURLUSESSL_NONE) || (arg >= CURLUSESSL_LAST))
+       return CURLE_BAD_FUNCTION_ARGUMENT;
+-    data->set.use_ssl = (curl_usessl)arg;
+    data->set.use_ssl = (unsigned char)arg;
+     break;
+ 
+   case CURLOPT_SSL_OPTIONS:
+diff --git a/lib/url.c b/lib/url.c
+index dfbde3b..f84375c 100644
+--- a/lib/url.c
+++ b/lib/url.c
+@@ -1257,10 +1257,24 @@ ConnectionExists(struct Curl_easy *data,
+         }
+       }
+ 
+-      if(get_protocol_family(needle->handler->protocol) & PROTO_FAMILY_SSH) {
+#ifdef USE_SSH
+      else if(get_protocol_family(needle->handler->protocol) & PROTO_FAMILY_SSH) {
+         if(!ssh_config_matches(needle, check))
+           continue;
+       }
+#endif
+#ifndef CURL_DISABLE_FTP
+      else if(get_protocol_family(needle->handler->protocol) & PROTO_FAMILY_FTP) {
+        /* Also match ACCOUNT, ALTERNATIVE-TO-USER, USE_SSL and CCC options */
+        if(Curl_timestrcmp(needle->proto.ftpc.account,
+                           check->proto.ftpc.account) ||
+           Curl_timestrcmp(needle->proto.ftpc.alternative_to_user,
+                           check->proto.ftpc.alternative_to_user) ||
+           (needle->proto.ftpc.use_ssl != check->proto.ftpc.use_ssl) ||
+           (needle->proto.ftpc.ccc != check->proto.ftpc.ccc))
+          continue;
+      }
+#endif
+ 
+       if(!needle->bits.httpproxy || (needle->handler->flags&PROTOPT_SSL) ||
+          needle->bits.tunnel_proxy) {
+diff --git a/lib/urldata.h b/lib/urldata.h
+index 168f874..51b793b 100644
+--- a/lib/urldata.h
+++ b/lib/urldata.h
+@@ -1730,8 +1730,6 @@ struct UserDefined {
+   void *ssh_keyfunc_userp;         /* custom pointer to callback */
+   enum CURL_NETRC_OPTION
+        use_netrc;        /* defined in include/curl.h */
+-  curl_usessl use_ssl;   /* if AUTH TLS is to be attempted etc, for FTP or
+-                            IMAP or POP3 or others! */
+   long new_file_perms;    /* Permissions to use when creating remote files */
+   long new_directory_perms; /* Permissions to use when creating remote dirs */
+   long ssh_auth_types;   /* allowed SSH auth types */
+@@ -1851,6 +1849,8 @@ struct UserDefined {
+   BIT(http09_allowed); /* allow HTTP/0.9 responses */
+   BIT(mail_rcpt_allowfails); /* allow RCPT TO command to fail for some
+                                 recipients */
+  unsigned char use_ssl;   /* if AUTH TLS is to be attempted etc, for FTP or
+                              IMAP or POP3 or others! (type: curl_usessl)*/
+ };
+ 
+ struct Names {
+-- 
+2.25.1

diff --git a/meta/recipes-support/curl/curl/CVE-2023-27535.patch b/meta/recipes-support/curl/curl/CVE-2023-27535.patch new file mode 100644 index 0000000000..e38390a57c --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2023-27535.patch
@@ -0,0 +1,170 @@
	1	From 8f4608468b890dce2dad9f91d5607ee7e9c1aba1 Mon Sep 17 00:00:00 2001
	2	From: Daniel Stenberg <daniel@haxx.se>
	3	Date: Thu, 9 Mar 2023 17:47:06 +0100
	4	Subject: [PATCH] ftp: add more conditions for connection reuse
	5
	6	Reported-by: Harry Sintonen
	7	Closes #10730
	8
	9	Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/curl/tree/debian/patches/CVE-2023-27535.patch?h=ubuntu/focal-security
	10	Upstream commit https://github.com/curl/curl/commit/8f4608468b890dce2dad9f91d5607ee7e9c1aba1]
	11	CVE: CVE-2023-27535
	12	Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
	13	---
	14	lib/ftp.c \| 30 ++++++++++++++++++++++++++++--
	15	lib/ftp.h \| 5 +++++
	16	lib/setopt.c \| 2 +-
	17	lib/url.c \| 16 +++++++++++++++-
	18	lib/urldata.h \| 4 ++--
	19	5 files changed, 51 insertions(+), 6 deletions(-)
	20
	21	diff --git a/lib/ftp.c b/lib/ftp.c
	22	index 31a34e8..7a82a74 100644
	23	--- a/lib/ftp.c
	24	+++ b/lib/ftp.c
	25	@@ -4059,6 +4059,10 @@ static CURLcode ftp_disconnect(struct connectdata *conn, bool dead_connection)
	26	}
	27
	28	freedirs(ftpc);
	29	+ free(ftpc->account);
	30	+ ftpc->account = NULL;
	31	+ free(ftpc->alternative_to_user);
	32	+ ftpc->alternative_to_user = NULL;
	33	free(ftpc->prevpath);
	34	ftpc->prevpath = NULL;
	35	free(ftpc->server_os);
	36	@@ -4326,11 +4330,31 @@ static CURLcode ftp_setup_connection(struct connectdata *conn)
	37	struct Curl_easy *data = conn->data;
	38	char *type;
	39	struct FTP *ftp;
	40	+ struct ftp_conn *ftpc = &conn->proto.ftpc;
	41
	42	- conn->data->req.protop = ftp = calloc(sizeof(struct FTP), 1);
	43	+ ftp = calloc(sizeof(struct FTP), 1);
	44	if(NULL == ftp)
	45	return CURLE_OUT_OF_MEMORY;
	46
	47	+ /* clone connection related data that is FTP specific */
	48	+ if(data->set.str[STRING_FTP_ACCOUNT]) {
	49	+ ftpc->account = strdup(data->set.str[STRING_FTP_ACCOUNT]);
	50	+ if(!ftpc->account) {
	51	+ free(ftp);
	52	+ return CURLE_OUT_OF_MEMORY;
	53	+ }
	54	+ }
	55	+ if(data->set.str[STRING_FTP_ALTERNATIVE_TO_USER]) {
	56	+ ftpc->alternative_to_user =
	57	+ strdup(data->set.str[STRING_FTP_ALTERNATIVE_TO_USER]);
	58	+ if(!ftpc->alternative_to_user) {
	59	+ Curl_safefree(ftpc->account);
	60	+ free(ftp);
	61	+ return CURLE_OUT_OF_MEMORY;
	62	+ }
	63	+ }
	64	+ conn->data->req.protop = ftp;
	65	+
	66	ftp->path = &data->state.up.path[1]; /* don't include the initial slash */
	67
	68	/* FTP URLs support an extension like ";type=<typecode>" that
	69	@@ -4366,7 +4390,9 @@ static CURLcode ftp_setup_connection(struct connectdata *conn)
	70	/* get some initial data into the ftp struct */
	71	ftp->transfer = FTPTRANSFER_BODY;
	72	ftp->downloadsize = 0;
	73	- conn->proto.ftpc.known_filesize = -1; /* unknown size for now */
	74	+ ftpc->known_filesize = -1; /* unknown size for now */
	75	+ ftpc->use_ssl = data->set.use_ssl;
	76	+ ftpc->ccc = data->set.ftp_ccc;
	77
	78	return CURLE_OK;
	79	}
	80	diff --git a/lib/ftp.h b/lib/ftp.h
	81	index 984347f..163dcb3 100644
	82	--- a/lib/ftp.h
	83	+++ b/lib/ftp.h
	84	@@ -116,6 +116,8 @@ struct FTP {
	85	struct */
	86	struct ftp_conn {
	87	struct pingpong pp;
	88	+ char *account;
	89	+ char *alternative_to_user;
	90	char entrypath; / the PWD reply when we logged on */
	91	char *dirs; / realloc()ed array for path components */
	92	int dirdepth; /* number of entries used in the 'dirs' array */
	93	@@ -141,6 +143,9 @@ struct ftp_conn {
	94	ftpstate state; /* always use ftp.c:state() to change state! */
	95	ftpstate state_saved; /* transfer type saved to be reloaded after
	96	data connection is established */
	97	+ unsigned char use_ssl; /* if AUTH TLS is to be attempted etc, for FTP or
	98	+ IMAP or POP3 or others! (type: curl_usessl)*/
	99	+ unsigned char ccc; /* ccc level for this connection */
	100	curl_off_t retr_size_saved; /* Size of retrieved file saved */
	101	char server_os; / The target server operating system. */
	102	curl_off_t known_filesize; /* file size is different from -1, if wildcard
	103	diff --git a/lib/setopt.c b/lib/setopt.c
	104	index 4d96f6b..a91bb70 100644
	105	--- a/lib/setopt.c
	106	+++ b/lib/setopt.c
	107	@@ -2126,7 +2126,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
	108	arg = va_arg(param, long);
	109	if((arg < CURLUSESSL_NONE) \|\| (arg >= CURLUSESSL_LAST))
	110	return CURLE_BAD_FUNCTION_ARGUMENT;
	111	- data->set.use_ssl = (curl_usessl)arg;
	112	+ data->set.use_ssl = (unsigned char)arg;
	113	break;
	114
	115	case CURLOPT_SSL_OPTIONS:
	116	diff --git a/lib/url.c b/lib/url.c
	117	index dfbde3b..f84375c 100644
	118	--- a/lib/url.c
	119	+++ b/lib/url.c
	120	@@ -1257,10 +1257,24 @@ ConnectionExists(struct Curl_easy *data,
	121	}
	122	}
	123
	124	- if(get_protocol_family(needle->handler->protocol) & PROTO_FAMILY_SSH) {
	125	+#ifdef USE_SSH
	126	+ else if(get_protocol_family(needle->handler->protocol) & PROTO_FAMILY_SSH) {
	127	if(!ssh_config_matches(needle, check))
	128	continue;
	129	}
	130	+#endif
	131	+#ifndef CURL_DISABLE_FTP
	132	+ else if(get_protocol_family(needle->handler->protocol) & PROTO_FAMILY_FTP) {
	133	+ /* Also match ACCOUNT, ALTERNATIVE-TO-USER, USE_SSL and CCC options */
	134	+ if(Curl_timestrcmp(needle->proto.ftpc.account,
	135	+ check->proto.ftpc.account) \|\|
	136	+ Curl_timestrcmp(needle->proto.ftpc.alternative_to_user,
	137	+ check->proto.ftpc.alternative_to_user) \|\|
	138	+ (needle->proto.ftpc.use_ssl != check->proto.ftpc.use_ssl) \|\|
	139	+ (needle->proto.ftpc.ccc != check->proto.ftpc.ccc))
	140	+ continue;
	141	+ }
	142	+#endif
	143
	144	if(!needle->bits.httpproxy \|\| (needle->handler->flags&PROTOPT_SSL) \|\|
	145	needle->bits.tunnel_proxy) {
	146	diff --git a/lib/urldata.h b/lib/urldata.h
	147	index 168f874..51b793b 100644
	148	--- a/lib/urldata.h
	149	+++ b/lib/urldata.h
	150	@@ -1730,8 +1730,6 @@ struct UserDefined {
	151	void ssh_keyfunc_userp; / custom pointer to callback */
	152	enum CURL_NETRC_OPTION
	153	use_netrc; /* defined in include/curl.h */
	154	- curl_usessl use_ssl; /* if AUTH TLS is to be attempted etc, for FTP or
	155	- IMAP or POP3 or others! */
	156	long new_file_perms; /* Permissions to use when creating remote files */
	157	long new_directory_perms; /* Permissions to use when creating remote dirs */
	158	long ssh_auth_types; /* allowed SSH auth types */
	159	@@ -1851,6 +1849,8 @@ struct UserDefined {
	160	BIT(http09_allowed); /* allow HTTP/0.9 responses */
	161	BIT(mail_rcpt_allowfails); /* allow RCPT TO command to fail for some
	162	recipients */
	163	+ unsigned char use_ssl; /* if AUTH TLS is to be attempted etc, for FTP or
	164	+ IMAP or POP3 or others! (type: curl_usessl)*/
	165	};
	166
	167	struct Names {
	168	--
	169	2.25.1
	170