diff options
author | Sona Sarmadi <sona.sarmadi@enea.com> | 2016-09-08 15:33:50 +0200 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-09-23 15:26:09 +0100 |
commit | fb8f291d9ea2ebc011403f72cb91af372a795091 (patch) | |
tree | 1d3c84c671d814c869e5ed1de43886ad51682a1c | |
parent | 3564999bd987b08188e2e0eead59a49bebbc5e32 (diff) | |
download | openembedded-core-contrib-fb8f291d9ea2ebc011403f72cb91af372a795091.tar.gz |
curl: security fix for CVE-2016-7141
Affected versions:
Affected versions: libcurl 7.19.6 to and including 7.50.1
Not affected versions: libcurl >= 7.50.2
Reference to upstream patch:
https://curl.haxx.se/CVE-2016-7141.patch
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r-- | meta/recipes-support/curl/curl/CVE-2016-7141.patch | 50 | ||||
-rw-r--r-- | meta/recipes-support/curl/curl_7.47.1.bb | 1 |
2 files changed, 51 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2016-7141.patch b/meta/recipes-support/curl/curl/CVE-2016-7141.patch new file mode 100644 index 0000000000..eb03afddf8 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2016-7141.patch @@ -0,0 +1,50 @@ +From 7700fcba64bf5806de28f6c1c7da3b4f0b38567d Mon Sep 17 00:00:00 2001 +From: Kamil Dudka <kdudka@redhat.com> +Date: Mon, 22 Aug 2016 10:24:35 +0200 +Subject: [PATCH] nss: refuse previously loaded certificate from file + +... when we are not asked to use a certificate from file + +Bug: https://curl.haxx.se/docs/adv_20160907.html +Reported-by: kdudka@redhat.com + +Upstream-Status: Backport +https://curl.haxx.se/CVE-2016-5421.patch + +CVE: CVE-2016-7141 +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> +--- + lib/vtls/nss.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c +index 20c4277..cfb2263 100644 +--- a/lib/vtls/nss.c ++++ b/lib/vtls/nss.c +@@ -1002,10 +1002,10 @@ static SECStatus SelectClientCert(void *arg, PRFileDesc *sock, + struct ssl_connect_data *connssl = (struct ssl_connect_data *)arg; + struct Curl_easy *data = connssl->data; + const char *nickname = connssl->client_nickname; ++ static const char pem_slotname[] = "PEM Token #1"; + + if(connssl->obj_clicert) { + /* use the cert/key provided by PEM reader */ +- static const char pem_slotname[] = "PEM Token #1"; + SECItem cert_der = { 0, NULL, 0 }; + void *proto_win = SSL_RevealPinArg(sock); + struct CERTCertificateStr *cert; +@@ -1067,6 +1067,12 @@ static SECStatus SelectClientCert(void *arg, PRFileDesc *sock, + if(NULL == nickname) + nickname = "[unknown]"; + ++ if(!strncmp(nickname, pem_slotname, sizeof(pem_slotname) - 1U)) { ++ failf(data, "NSS: refusing previously loaded certificate from file: %s", ++ nickname); ++ return SECFailure; ++ } ++ + if(NULL == *pRetKey) { + failf(data, "NSS: private key not found for certificate: %s", nickname); + return SECFailure; +-- +2.7.4 diff --git a/meta/recipes-support/curl/curl_7.47.1.bb b/meta/recipes-support/curl/curl_7.47.1.bb index 6c71760e49..3670a11178 100644 --- a/meta/recipes-support/curl/curl_7.47.1.bb +++ b/meta/recipes-support/curl/curl_7.47.1.bb @@ -14,6 +14,7 @@ SRC_URI += " file://configure_ac.patch \ file://CVE-2016-5419.patch \ file://CVE-2016-5420.patch \ file://CVE-2016-5421.patch \ + file://CVE-2016-7141.patch \ " SRC_URI[md5sum] = "9ea3123449439bbd960cd25cf98796fb" |