From 482b7e974ad7ea5313f8a2977651ec077490d0ea Mon Sep 17 00:00:00 2001
From: Wenzong Fan <wenzong.fan@windriver.com>
Date: Sun, 3 Sep 2017 20:31:10 -0700
Subject: curl: fix CVE-2017-1000099, 1000100, 1000101

Backport upstream commits to fix:
- CVE-2017-1000099
  https://curl.haxx.se/docs/adv_20170809C.html
  https://curl.haxx.se/CVE-2017-1000099.patch

- CVE-2017-1000100
  https://curl.haxx.se/docs/adv_20170809B.html
  https://curl.haxx.se/CVE-2017-1000100.patch

- CVE-2017-1000101
  https://curl.haxx.se/docs/adv_20170809A.html
  https://curl.haxx.se/CVE-2017-1000101.patch

(From OE-Core rev: 2eb590bbeab4dbf2583a78fcbaf3723757116123)

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 .../curl/curl/CVE-2017-1000099.patch               | 41 ++++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 meta/recipes-support/curl/curl/CVE-2017-1000099.patch

(limited to 'meta/recipes-support/curl/curl/CVE-2017-1000099.patch')

diff --git a/meta/recipes-support/curl/curl/CVE-2017-1000099.patch b/meta/recipes-support/curl/curl/CVE-2017-1000099.patch
new file mode 100644
index 0000000000..96ff1b064b
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2017-1000099.patch
@@ -0,0 +1,41 @@
+From c9332fa5e84f24da300b42b1a931ade929d3e27d Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Tue, 1 Aug 2017 17:17:06 +0200
+Subject: [PATCH] file: output the correct buffer to the user
+
+Regression brought by 7c312f84ea930d8 (April 2017)
+
+CVE: CVE-2017-1000099
+
+Bug: https://curl.haxx.se/docs/adv_20170809C.html
+
+Credit to OSS-Fuzz for the discovery
+
+Upstream-Status: Backport
+https://github.com/curl/curl/commit/c9332fa5e84f24da300b42b1a931ade929d3e27d
+
+Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
+---
+ lib/file.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/file.c b/lib/file.c
+index bd426eac2..666cbe75b 100644
+--- a/lib/file.c
++++ b/lib/file.c
+@@ -499,11 +499,11 @@ static CURLcode file_do(struct connectdata *conn, bool *done)
+              Curl_month[tm->tm_mon],
+              tm->tm_year + 1900,
+              tm->tm_hour,
+              tm->tm_min,
+              tm->tm_sec);
+-    result = Curl_client_write(conn, CLIENTWRITE_BOTH, buf, 0);
++    result = Curl_client_write(conn, CLIENTWRITE_BOTH, header, 0);
+     if(!result)
+       /* set the file size to make it available post transfer */
+       Curl_pgrsSetDownloadSize(data, expected_size);
+     return result;
+   }
+-- 
+2.13.3
+
-- 
cgit v1.2.3-54-g00ecf