From e8be346c3a210a1b4da8b6943c5fe2e5556d29b9 Mon Sep 17 00:00:00 2001
From: Tudor Florea <tudor.florea@enea.com>
Date: Tue, 7 Jul 2015 00:27:49 +0200
Subject:  curl: CVE-2014-8150

CVE-2014-8150, URL request injection:

When libcurl sends a request to a server via a HTTP
proxy, it copies the entire URL into the request
and sends if off.

Reference
http://curl.haxx.se/docs/adv_20150108B.html

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
---
 meta/recipes-support/curl/curl/CVE-2014-8150.patch | 36 ++++++++++++++++++++++
 meta/recipes-support/curl/curl_7.35.0.bb           |  1 +
 2 files changed, 37 insertions(+)
 create mode 100644 meta/recipes-support/curl/curl/CVE-2014-8150.patch

diff --git a/meta/recipes-support/curl/curl/CVE-2014-8150.patch b/meta/recipes-support/curl/curl/CVE-2014-8150.patch
new file mode 100644
index 0000000000..b5945fbf18
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2014-8150.patch
@@ -0,0 +1,36 @@
+From 4e2ac2afa94f014a2a015c48c678e2367a63ae82 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 25 Dec 2014 23:55:03 +0100
+Subject: [PATCH] url-parsing: reject CRLFs within URLs
+
+Bug: http://curl.haxx.se/docs/adv_20150108B.html
+Reported-by: Andrey Labunets
+---
+ lib/url.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/lib/url.c b/lib/url.c
+index 788f048..d3bb5e0 100644
+--- a/lib/url.c
++++ b/lib/url.c
+@@ -3840,10 +3840,17 @@ static CURLcode parseurlandfillconn(struct SessionHandle *data,
+   CURLcode result;
+   bool rebuild_url = FALSE;
+ 
+   *prot_missing = FALSE;
+ 
++  /* We might pass the entire URL into the request so we need to make sure
++   * there are no bad characters in there.*/
++  if(strpbrk(data->change.url, "\r\n")) {
++    failf(data, "Illegal characters found in URL");
++    return CURLE_URL_MALFORMAT;
++  }
++
+   /*************************************************************
+    * Parse the URL.
+    *
+    * We need to parse the url even when using the proxy, because we will need
+    * the hostname and port in case we are trying to SSL connect through the
+-- 
+2.1.4
+
diff --git a/meta/recipes-support/curl/curl_7.35.0.bb b/meta/recipes-support/curl/curl_7.35.0.bb
index 5fa7277449..3eb6265c42 100644
--- a/meta/recipes-support/curl/curl_7.35.0.bb
+++ b/meta/recipes-support/curl/curl_7.35.0.bb
@@ -14,6 +14,7 @@ SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \
            file://CVE-2014-3613.patch \
            file://CVE-2014-3620.patch \
            file://CVE-2014-3707.patch \
+           file://CVE-2014-8150.patch \
 "
 
 # curl likes to set -g0 in CFLAGS, so we stop it
-- 
cgit v1.2.3-54-g00ecf