diff options
Diffstat (limited to 'meta/recipes-support')
-rw-r--r-- | meta/recipes-support/curl/curl/CVE-2016-8621.patch | 104 | ||||
-rw-r--r-- | meta/recipes-support/curl/curl_7.50.1.bb | 1 |
2 files changed, 105 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2016-8621.patch b/meta/recipes-support/curl/curl/CVE-2016-8621.patch new file mode 100644 index 0000000000..55062776b6 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2016-8621.patch | |||
@@ -0,0 +1,104 @@ | |||
1 | From 8a6d9ded5f02f0294ae63a007e26087316c1998e Mon Sep 17 00:00:00 2001 | ||
2 | From: Daniel Stenberg <daniel@haxx.se> | ||
3 | Date: Tue, 4 Oct 2016 16:59:38 +0200 | ||
4 | Subject: [PATCH] parsedate: handle cut off numbers better | ||
5 | MIME-Version: 1.0 | ||
6 | Content-Type: text/plain; charset=UTF-8 | ||
7 | Content-Transfer-Encoding: 8bit | ||
8 | |||
9 | ... and don't read outside of the given buffer! | ||
10 | |||
11 | CVE-2016-8621 | ||
12 | |||
13 | bug: https://curl.haxx.se/docs/adv_20161102G.html | ||
14 | Reported-by: Luật Nguyễn | ||
15 | |||
16 | Upstream-Status: Backport | ||
17 | https://curl.haxx.se/CVE-2016-8621.patch | ||
18 | CVE: CVE-2016-8621 | ||
19 | Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> | ||
20 | |||
21 | --- | ||
22 | lib/parsedate.c | 12 +++++++----- | ||
23 | tests/data/test517 | 6 ++++++ | ||
24 | tests/libtest/lib517.c | 8 +++++++- | ||
25 | 3 files changed, 20 insertions(+), 6 deletions(-) | ||
26 | |||
27 | Index: curl-7.44.0/lib/parsedate.c | ||
28 | =================================================================== | ||
29 | --- curl-7.44.0.orig/lib/parsedate.c | ||
30 | +++ curl-7.44.0/lib/parsedate.c | ||
31 | @@ -5,7 +5,7 @@ | ||
32 | * | (__| |_| | _ <| |___ | ||
33 | * \___|\___/|_| \_\_____| | ||
34 | * | ||
35 | - * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al. | ||
36 | + * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al. | ||
37 | * | ||
38 | * This software is licensed as described in the file COPYING, which | ||
39 | * you should have received as part of this distribution. The terms | ||
40 | @@ -386,15 +386,17 @@ static int parsedate(const char *date, t | ||
41 | /* a digit */ | ||
42 | int val; | ||
43 | char *end; | ||
44 | + int len=0; | ||
45 | if((secnum == -1) && | ||
46 | - (3 == sscanf(date, "%02d:%02d:%02d", &hournum, &minnum, &secnum))) { | ||
47 | + (3 == sscanf(date, "%02d:%02d:%02d%n", | ||
48 | + &hournum, &minnum, &secnum, &len))) { | ||
49 | /* time stamp! */ | ||
50 | - date += 8; | ||
51 | + date += len; | ||
52 | } | ||
53 | else if((secnum == -1) && | ||
54 | - (2 == sscanf(date, "%02d:%02d", &hournum, &minnum))) { | ||
55 | + (2 == sscanf(date, "%02d:%02d%n", &hournum, &minnum, &len))) { | ||
56 | /* time stamp without seconds */ | ||
57 | - date += 5; | ||
58 | + date += len; | ||
59 | secnum = 0; | ||
60 | } | ||
61 | else { | ||
62 | Index: curl-7.44.0/tests/data/test517 | ||
63 | =================================================================== | ||
64 | --- curl-7.44.0.orig/tests/data/test517 | ||
65 | +++ curl-7.44.0/tests/data/test517 | ||
66 | @@ -116,6 +116,12 @@ nothing | ||
67 | 81: 20111323 12:34:56 => -1 | ||
68 | 82: 20110623 12:34:79 => -1 | ||
69 | 83: Wed, 31 Dec 2008 23:59:60 GMT => 1230768000 | ||
70 | +84: 20110623 12:3 => 1308830580 | ||
71 | +85: 20110623 1:3 => 1308790980 | ||
72 | +86: 20110623 1:30 => 1308792600 | ||
73 | +87: 20110623 12:12:3 => 1308831123 | ||
74 | +88: 20110623 01:12:3 => 1308791523 | ||
75 | +89: 20110623 01:99:30 => -1 | ||
76 | </stdout> | ||
77 | |||
78 | # This test case previously tested an overflow case ("2094 Nov 6 => | ||
79 | Index: curl-7.44.0/tests/libtest/lib517.c | ||
80 | =================================================================== | ||
81 | --- curl-7.44.0.orig/tests/libtest/lib517.c | ||
82 | +++ curl-7.44.0/tests/libtest/lib517.c | ||
83 | @@ -5,7 +5,7 @@ | ||
84 | * | (__| |_| | _ <| |___ | ||
85 | * \___|\___/|_| \_\_____| | ||
86 | * | ||
87 | - * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al. | ||
88 | + * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al. | ||
89 | * | ||
90 | * This software is licensed as described in the file COPYING, which | ||
91 | * you should have received as part of this distribution. The terms | ||
92 | @@ -116,6 +116,12 @@ static const char * const dates[]={ | ||
93 | "20111323 12:34:56", | ||
94 | "20110623 12:34:79", | ||
95 | "Wed, 31 Dec 2008 23:59:60 GMT", /* leap second */ | ||
96 | + "20110623 12:3", | ||
97 | + "20110623 1:3", | ||
98 | + "20110623 1:30", | ||
99 | + "20110623 12:12:3", | ||
100 | + "20110623 01:12:3", | ||
101 | + "20110623 01:99:30", | ||
102 | NULL | ||
103 | }; | ||
104 | |||
diff --git a/meta/recipes-support/curl/curl_7.50.1.bb b/meta/recipes-support/curl/curl_7.50.1.bb index aa8ebebf01..548bb46f95 100644 --- a/meta/recipes-support/curl/curl_7.50.1.bb +++ b/meta/recipes-support/curl/curl_7.50.1.bb | |||
@@ -17,6 +17,7 @@ SRC_URI += " file://configure_ac.patch \ | |||
17 | file://CVE-2016-8618.patch \ | 17 | file://CVE-2016-8618.patch \ |
18 | file://CVE-2016-8619.patch \ | 18 | file://CVE-2016-8619.patch \ |
19 | file://CVE-2016-8620.patch \ | 19 | file://CVE-2016-8620.patch \ |
20 | file://CVE-2016-8621.patch \ | ||
20 | " | 21 | " |
21 | 22 | ||
22 | SRC_URI[md5sum] = "015f6a0217ca6f2c5442ca406476920b" | 23 | SRC_URI[md5sum] = "015f6a0217ca6f2c5442ca406476920b" |