summaryrefslogtreecommitdiffstats
path: root/meta/recipes-support
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-support')
-rw-r--r--meta/recipes-support/curl/curl/CVE-2017-1000101.patch94
-rw-r--r--meta/recipes-support/curl/curl_7.50.1.bb1
2 files changed, 95 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2017-1000101.patch b/meta/recipes-support/curl/curl/CVE-2017-1000101.patch
new file mode 100644
index 0000000000..c3b542489d
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2017-1000101.patch
@@ -0,0 +1,94 @@
1From 9422f4a6d630258ae32199868e86758923ca3ad5 Mon Sep 17 00:00:00 2001
2From: Daniel Stenberg <daniel@haxx.se>
3Date: Tue, 1 Aug 2017 17:16:07 +0200
4Subject: [PATCH] glob: do not continue parsing after a strtoul() overflow
5 range
6
7Added test 1289 to verify.
8
9Bug: https://curl.haxx.se/docs/adv_20170809A.html
10Reported-by: Brian Carpenter
11
12Upstream-Status: Backport
13CVE: CVE-2017-1000101
14Signed-off-by: Rajkumar Veer <rveer@mvista.com>
15---
16 src/tool_urlglob.c | 5 ++++-
17 tests/data/Makefile.inc | 2 +-
18 tests/data/test1289 | 35 +++++++++++++++++++++++++++++++++++
19 3 files changed, 40 insertions(+), 2 deletions(-)
20 create mode 100644 tests/data/test1289
21
22diff --git a/src/tool_urlglob.c b/src/tool_urlglob.c
23index a357b8b..f30072b 100644
24--- a/src/tool_urlglob.c
25+++ b/src/tool_urlglob.c
26@@ -259,7 +259,10 @@ static CURLcode glob_range(URLGlob *glob, char **patternp,
27 pattern = endp+1;
28 errno = 0;
29 max_n = strtoul(pattern, &endp, 10);
30- if(errno || (*endp == ':')) {
31+ if(errno)
32+ /* overflow */
33+ endp = NULL;
34+ else if(*endp == ':') {
35 pattern = endp+1;
36 errno = 0;
37 step_n = strtoul(pattern, &endp, 10);
38diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
39index 9c50673..52eaf26 100644
40--- a/tests/data/Makefile.inc
41+++ b/tests/data/Makefile.inc
42@@ -127,7 +127,7 @@ test1216 test1217 test1218 test1219 \
43 test1220 test1221 test1222 test1223 test1224 test1225 test1226 test1227 \
44 test1228 test1229 test1230 test1231 test1232 test1233 test1234 test1235 \
45 test1236 test1237 test1238 test1239 test1240 test1241 test1242 test1243 \
46-test1244 \
47+test1244 test1289\
48 \
49 test1300 test1301 test1302 test1303 test1304 test1305 test1306 test1307 \
50 test1308 test1309 test1310 test1311 test1312 test1313 test1314 test1315 \
51diff --git a/tests/data/test1289 b/tests/data/test1289
52new file mode 100644
53index 0000000..d679cc0
54--- /dev/null
55+++ b/tests/data/test1289
56@@ -0,0 +1,35 @@
57+<testcase>
58+<info>
59+<keywords>
60+HTTP
61+HTTP GET
62+globbing
63+</keywords>
64+</info>
65+
66+#
67+# Server-side
68+<reply>
69+</reply>
70+
71+# Client-side
72+<client>
73+<server>
74+http
75+</server>
76+<name>
77+globbing with overflow and bad syntxx
78+</name>
79+<command>
80+http://ur%20[0-60000000000000000000
81+</command>
82+</client>
83+
84+# Verify data after the test has been "shot"
85+<verify>
86+# curl: (3) [globbing] bad range in column
87+<errorcode>
88+3
89+</errorcode>
90+</verify>
91+</testcase>
92--
931.9.1
94
diff --git a/meta/recipes-support/curl/curl_7.50.1.bb b/meta/recipes-support/curl/curl_7.50.1.bb
index 8a1b162bc0..f109c8c677 100644
--- a/meta/recipes-support/curl/curl_7.50.1.bb
+++ b/meta/recipes-support/curl/curl_7.50.1.bb
@@ -23,6 +23,7 @@ SRC_URI += " file://configure_ac.patch \
23 file://CVE-2016-8624.patch \ 23 file://CVE-2016-8624.patch \
24 file://CVE-2016-9586.patch \ 24 file://CVE-2016-9586.patch \
25 file://CVE-2017-1000100.patch \ 25 file://CVE-2017-1000100.patch \
26 file://CVE-2017-1000101.patch \
26 " 27 "
27 28
28SRC_URI[md5sum] = "015f6a0217ca6f2c5442ca406476920b" 29SRC_URI[md5sum] = "015f6a0217ca6f2c5442ca406476920b"