From c67e7d1eb3d26d04bfe426d93f56a8b3a85dae93 Mon Sep 17 00:00:00 2001 From: Changqing Li Date: Fri, 2 Nov 2018 14:07:49 +0800 Subject: curl: fix for CVE-2018-16839/CVE-2018-16840/CVE-2018-16842 (From OE-Core rev: 0f0db9fc8512a0ecd0cdba3304a195cd925a5029) Signed-off-by: Changqing Li Signed-off-by: Richard Purdie --- .../recipes-support/curl/curl/CVE-2018-16839.patch | 35 ++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 meta/recipes-support/curl/curl/CVE-2018-16839.patch (limited to 'meta/recipes-support/curl/curl/CVE-2018-16839.patch') diff --git a/meta/recipes-support/curl/curl/CVE-2018-16839.patch b/meta/recipes-support/curl/curl/CVE-2018-16839.patch new file mode 100644 index 0000000000..bf972d2ed7 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2018-16839.patch @@ -0,0 +1,35 @@ +From 55b90532f9190dce40a325b3312d014c66dc3ae1 Mon Sep 17 00:00:00 2001 +From: Changqing Li +Date: Thu, 1 Nov 2018 15:27:35 +0800 +Subject: [PATCH] Curl_auth_create_plain_message: fix too-large-input-check + +CVE-2018-16839 +Reported-by: Harry Sintonen +Bug: https://curl.haxx.se/docs/CVE-2018-16839.html + +Upstream-Status: Backport [https://github.com/curl/curl/commit +/f3a24d7916b9173c69a3e0ee790102993833d6c5?diff=unified] + +CVE: CVE-2018-16839 + +Signed-off-by: Changqing Li +--- + lib/vauth/cleartext.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/vauth/cleartext.c b/lib/vauth/cleartext.c +index 5d61ce6..1367143 100644 +--- a/lib/vauth/cleartext.c ++++ b/lib/vauth/cleartext.c +@@ -74,7 +74,7 @@ CURLcode Curl_auth_create_plain_message(struct Curl_easy *data, + plen = strlen(passwdp); + + /* Compute binary message length. Check for overflows. */ +- if((ulen > SIZE_T_MAX/2) || (plen > (SIZE_T_MAX/2 - 2))) ++ if((ulen > SIZE_T_MAX/4) || (plen > (SIZE_T_MAX/2 - 2))) + return CURLE_OUT_OF_MEMORY; + plainlen = 2 * ulen + plen + 2; + +-- +2.7.4 + -- cgit v1.2.3-54-g00ecf