diff options
Diffstat (limited to 'meta')
-rw-r--r-- | meta/recipes-support/curl/curl/CVE-2021-22897.patch | 72 | ||||
-rw-r--r-- | meta/recipes-support/curl/curl_7.75.0.bb | 1 |
2 files changed, 73 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2021-22897.patch b/meta/recipes-support/curl/curl/CVE-2021-22897.patch new file mode 100644 index 0000000000..fcd11b7674 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2021-22897.patch | |||
@@ -0,0 +1,72 @@ | |||
1 | From bbb71507b7bab52002f9b1e0880bed6a32834511 Mon Sep 17 00:00:00 2001 | ||
2 | From: Daniel Stenberg <daniel@haxx.se> | ||
3 | Date: Fri, 23 Apr 2021 10:54:10 +0200 | ||
4 | Subject: [PATCH] schannel: don't use static to store selected ciphers | ||
5 | |||
6 | CVE-2021-22897 | ||
7 | |||
8 | Bug: https://curl.se/docs/CVE-2021-22897.html | ||
9 | |||
10 | Upstream-Status: Backport | ||
11 | [https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a32834511] | ||
12 | |||
13 | CVE: CVE-2021-22897 | ||
14 | |||
15 | Signed-off-by: Daniel Stenberg <daniel@haxx.se> | ||
16 | Signed-off-by: Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com> | ||
17 | --- | ||
18 | lib/vtls/schannel.c | 9 +++++---- | ||
19 | lib/vtls/schannel.h | 3 +++ | ||
20 | 2 files changed, 8 insertions(+), 4 deletions(-) | ||
21 | |||
22 | diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c | ||
23 | index 8c25ac5dd5a5..dba7072273a9 100644 | ||
24 | --- a/lib/vtls/schannel.c | ||
25 | +++ b/lib/vtls/schannel.c | ||
26 | @@ -328,12 +328,12 @@ get_alg_id_by_name(char *name) | ||
27 | } | ||
28 | |||
29 | static CURLcode | ||
30 | -set_ssl_ciphers(SCHANNEL_CRED *schannel_cred, char *ciphers) | ||
31 | +set_ssl_ciphers(SCHANNEL_CRED *schannel_cred, char *ciphers, | ||
32 | + int *algIds) | ||
33 | { | ||
34 | char *startCur = ciphers; | ||
35 | int algCount = 0; | ||
36 | - static ALG_ID algIds[45]; /*There are 45 listed in the MS headers*/ | ||
37 | - while(startCur && (0 != *startCur) && (algCount < 45)) { | ||
38 | + while(startCur && (0 != *startCur) && (algCount < NUMOF_CIPHERS)) { | ||
39 | long alg = strtol(startCur, 0, 0); | ||
40 | if(!alg) | ||
41 | alg = get_alg_id_by_name(startCur); | ||
42 | @@ -593,7 +593,8 @@ schannel_connect_step1(struct Curl_easy *data, struct connectdata *conn, | ||
43 | } | ||
44 | |||
45 | if(SSL_CONN_CONFIG(cipher_list)) { | ||
46 | - result = set_ssl_ciphers(&schannel_cred, SSL_CONN_CONFIG(cipher_list)); | ||
47 | + result = set_ssl_ciphers(&schannel_cred, SSL_CONN_CONFIG(cipher_list), | ||
48 | + BACKEND->algIds); | ||
49 | if(CURLE_OK != result) { | ||
50 | failf(data, "Unable to set ciphers to passed via SSL_CONN_CONFIG"); | ||
51 | return result; | ||
52 | diff --git a/lib/vtls/schannel.h b/lib/vtls/schannel.h | ||
53 | index 2952caa1a5a1..77853aa30f96 100644 | ||
54 | --- a/lib/vtls/schannel.h | ||
55 | +++ b/lib/vtls/schannel.h | ||
56 | @@ -71,6 +71,8 @@ CURLcode Curl_verify_certificate(struct Curl_easy *data, | ||
57 | #endif | ||
58 | #endif | ||
59 | |||
60 | +#define NUMOF_CIPHERS 45 /* There are 45 listed in the MS headers */ | ||
61 | + | ||
62 | struct Curl_schannel_cred { | ||
63 | CredHandle cred_handle; | ||
64 | TimeStamp time_stamp; | ||
65 | @@ -102,6 +104,7 @@ struct ssl_backend_data { | ||
66 | #ifdef HAS_MANUAL_VERIFY_API | ||
67 | bool use_manual_cred_validation; /* true if manual cred validation is used */ | ||
68 | #endif | ||
69 | + ALG_ID algIds[NUMOF_CIPHERS]; | ||
70 | }; | ||
71 | #endif /* EXPOSE_SCHANNEL_INTERNAL_STRUCTS */ | ||
72 | |||
diff --git a/meta/recipes-support/curl/curl_7.75.0.bb b/meta/recipes-support/curl/curl_7.75.0.bb index 433037f564..42be2eb0b5 100644 --- a/meta/recipes-support/curl/curl_7.75.0.bb +++ b/meta/recipes-support/curl/curl_7.75.0.bb | |||
@@ -16,6 +16,7 @@ SRC_URI = "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \ | |||
16 | file://vtls-fix-addsessionid.patch \ | 16 | file://vtls-fix-addsessionid.patch \ |
17 | file://vtls-fix-warning.patch \ | 17 | file://vtls-fix-warning.patch \ |
18 | file://CVE-2021-22898.patch \ | 18 | file://CVE-2021-22898.patch \ |
19 | file://CVE-2021-22897.patch \ | ||
19 | " | 20 | " |
20 | 21 | ||
21 | SRC_URI[sha256sum] = "50552d4501c178e4cc68baaecc487f466a3d6d19bbf4e50a01869effb316d026" | 22 | SRC_URI[sha256sum] = "50552d4501c178e4cc68baaecc487f466a3d6d19bbf4e50a01869effb316d026" |