diff options
Diffstat (limited to 'meta/recipes-support/curl/curl/CVE-2023-38546.patch')
-rw-r--r-- | meta/recipes-support/curl/curl/CVE-2023-38546.patch | 132 |
1 files changed, 132 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2023-38546.patch b/meta/recipes-support/curl/curl/CVE-2023-38546.patch new file mode 100644 index 0000000000..30ef2fd038 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2023-38546.patch | |||
@@ -0,0 +1,132 @@ | |||
1 | From 7b67721f12cbe6ed1a41e7332f3b5a7186a5e23f Mon Sep 17 00:00:00 2001 | ||
2 | From: Daniel Stenberg <daniel@haxx.se> | ||
3 | Date: Thu, 14 Sep 2023 23:28:32 +0200 | ||
4 | Subject: [PATCH] cookie: remove unnecessary struct fields | ||
5 | To: libcurl development <curl-library@cool.haxx.se> | ||
6 | |||
7 | Plus: reduce the hash table size from 256 to 63. It seems unlikely to | ||
8 | make much of a speed difference for most use cases but saves 1.5KB of | ||
9 | data per instance. | ||
10 | |||
11 | Closes #11862 | ||
12 | |||
13 | This patch taken from Debian's 7.64.0-4+deb10u7 package which applied with | ||
14 | only a little fuzz. | ||
15 | |||
16 | CVE: CVE-2023-38546 | ||
17 | Upstream-Status: Backport [61275672b46d9abb32857404] | ||
18 | Signed-off-by: Mike Crowe <mac@mcrowe.com> | ||
19 | --- | ||
20 | lib/cookie.c | 13 +------------ | ||
21 | lib/cookie.h | 7 ++----- | ||
22 | lib/easy.c | 4 +--- | ||
23 | 3 files changed, 4 insertions(+), 20 deletions(-) | ||
24 | |||
25 | diff --git a/lib/cookie.c b/lib/cookie.c | ||
26 | index 68054e1c4..a378f28e1 100644 | ||
27 | --- a/lib/cookie.c | ||
28 | +++ b/lib/cookie.c | ||
29 | @@ -114,7 +114,6 @@ static void freecookie(struct Cookie *co) | ||
30 | free(co->name); | ||
31 | free(co->value); | ||
32 | free(co->maxage); | ||
33 | - free(co->version); | ||
34 | free(co); | ||
35 | } | ||
36 | |||
37 | @@ -641,11 +640,7 @@ Curl_cookie_add(struct Curl_easy *data, | ||
38 | } | ||
39 | } | ||
40 | else if(strcasecompare("version", name)) { | ||
41 | - strstore(&co->version, whatptr); | ||
42 | - if(!co->version) { | ||
43 | - badcookie = TRUE; | ||
44 | - break; | ||
45 | - } | ||
46 | + /* just ignore */ | ||
47 | } | ||
48 | else if(strcasecompare("max-age", name)) { | ||
49 | /* Defined in RFC2109: | ||
50 | @@ -1042,7 +1037,6 @@ Curl_cookie_add(struct Curl_easy *data, | ||
51 | free(clist->path); | ||
52 | free(clist->spath); | ||
53 | free(clist->expirestr); | ||
54 | - free(clist->version); | ||
55 | free(clist->maxage); | ||
56 | |||
57 | *clist = *co; /* then store all the new data */ | ||
58 | @@ -1111,9 +1105,6 @@ struct CookieInfo *Curl_cookie_init(struct Curl_easy *data, | ||
59 | c = calloc(1, sizeof(struct CookieInfo)); | ||
60 | if(!c) | ||
61 | return NULL; /* failed to get memory */ | ||
62 | - c->filename = strdup(file?file:"none"); /* copy the name just in case */ | ||
63 | - if(!c->filename) | ||
64 | - goto fail; /* failed to get memory */ | ||
65 | } | ||
66 | else { | ||
67 | /* we got an already existing one, use that */ | ||
68 | @@ -1241,7 +1232,6 @@ static struct Cookie *dup_cookie(struct Cookie *src) | ||
69 | CLONE(name); | ||
70 | CLONE(value); | ||
71 | CLONE(maxage); | ||
72 | - CLONE(version); | ||
73 | d->expires = src->expires; | ||
74 | d->tailmatch = src->tailmatch; | ||
75 | d->secure = src->secure; | ||
76 | @@ -1457,7 +1447,6 @@ void Curl_cookie_cleanup(struct CookieInfo *c) | ||
77 | { | ||
78 | if(c) { | ||
79 | unsigned int i; | ||
80 | - free(c->filename); | ||
81 | for(i = 0; i < COOKIE_HASH_SIZE; i++) | ||
82 | Curl_cookie_freelist(c->cookies[i]); | ||
83 | free(c); /* free the base struct as well */ | ||
84 | diff --git a/lib/cookie.h b/lib/cookie.h | ||
85 | index b3865e601..2e667cda0 100644 | ||
86 | --- a/lib/cookie.h | ||
87 | +++ b/lib/cookie.h | ||
88 | @@ -36,8 +36,6 @@ struct Cookie { | ||
89 | char *expirestr; /* the plain text version */ | ||
90 | bool tailmatch; /* whether we do tail-matching of the domain name */ | ||
91 | |||
92 | - /* RFC 2109 keywords. Version=1 means 2109-compliant cookie sending */ | ||
93 | - char *version; /* Version = <value> */ | ||
94 | char *maxage; /* Max-Age = <value> */ | ||
95 | |||
96 | bool secure; /* whether the 'secure' keyword was used */ | ||
97 | @@ -54,15 +52,14 @@ struct Cookie { | ||
98 | #define COOKIE_PREFIX__SECURE (1<<0) | ||
99 | #define COOKIE_PREFIX__HOST (1<<1) | ||
100 | |||
101 | -#define COOKIE_HASH_SIZE 256 | ||
102 | +#define COOKIE_HASH_SIZE 63 | ||
103 | |||
104 | struct CookieInfo { | ||
105 | /* linked list of cookies we know of */ | ||
106 | struct Cookie *cookies[COOKIE_HASH_SIZE]; | ||
107 | |||
108 | - char *filename; /* file we read from/write to */ | ||
109 | bool running; /* state info, for cookie adding information */ | ||
110 | - long numcookies; /* number of cookies in the "jar" */ | ||
111 | + int numcookies; /* number of cookies in the "jar" */ | ||
112 | bool newsession; /* new session, discard session cookies on load */ | ||
113 | int lastct; /* last creation-time used in the jar */ | ||
114 | }; | ||
115 | diff --git a/lib/easy.c b/lib/easy.c | ||
116 | index b648e80c1..cdca0fb03 100644 | ||
117 | --- a/lib/easy.c | ||
118 | +++ b/lib/easy.c | ||
119 | @@ -840,9 +840,7 @@ struct Curl_easy *curl_easy_duphandle(struct Curl_easy *data) | ||
120 | if(data->cookies) { | ||
121 | /* If cookies are enabled in the parent handle, we enable them | ||
122 | in the clone as well! */ | ||
123 | - outcurl->cookies = Curl_cookie_init(data, | ||
124 | - data->cookies->filename, | ||
125 | - outcurl->cookies, | ||
126 | + outcurl->cookies = Curl_cookie_init(data, NULL, outcurl->cookies, | ||
127 | data->set.cookiesession); | ||
128 | if(!outcurl->cookies) | ||
129 | goto fail; | ||
130 | -- | ||
131 | 2.39.2 | ||
132 | |||