diff options
-rw-r--r-- | meta/recipes-support/curl/curl/CVE-2016-7141.patch | 50 | ||||
-rw-r--r-- | meta/recipes-support/curl/curl_7.47.1.bb | 1 |
2 files changed, 51 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2016-7141.patch b/meta/recipes-support/curl/curl/CVE-2016-7141.patch new file mode 100644 index 0000000000..eb03afddf8 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2016-7141.patch @@ -0,0 +1,50 @@ +From 7700fcba64bf5806de28f6c1c7da3b4f0b38567d Mon Sep 17 00:00:00 2001 +From: Kamil Dudka <kdudka@redhat.com> +Date: Mon, 22 Aug 2016 10:24:35 +0200 +Subject: [PATCH] nss: refuse previously loaded certificate from file + +... when we are not asked to use a certificate from file + +Bug: https://curl.haxx.se/docs/adv_20160907.html +Reported-by: kdudka@redhat.com + +Upstream-Status: Backport +https://curl.haxx.se/CVE-2016-5421.patch + +CVE: CVE-2016-7141 +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> +--- + lib/vtls/nss.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c +index 20c4277..cfb2263 100644 +--- a/lib/vtls/nss.c ++++ b/lib/vtls/nss.c +@@ -1002,10 +1002,10 @@ static SECStatus SelectClientCert(void *arg, PRFileDesc *sock, + struct ssl_connect_data *connssl = (struct ssl_connect_data *)arg; + struct Curl_easy *data = connssl->data; + const char *nickname = connssl->client_nickname; ++ static const char pem_slotname[] = "PEM Token #1"; + + if(connssl->obj_clicert) { + /* use the cert/key provided by PEM reader */ +- static const char pem_slotname[] = "PEM Token #1"; + SECItem cert_der = { 0, NULL, 0 }; + void *proto_win = SSL_RevealPinArg(sock); + struct CERTCertificateStr *cert; +@@ -1067,6 +1067,12 @@ static SECStatus SelectClientCert(void *arg, PRFileDesc *sock, + if(NULL == nickname) + nickname = "[unknown]"; + ++ if(!strncmp(nickname, pem_slotname, sizeof(pem_slotname) - 1U)) { ++ failf(data, "NSS: refusing previously loaded certificate from file: %s", ++ nickname); ++ return SECFailure; ++ } ++ + if(NULL == *pRetKey) { + failf(data, "NSS: private key not found for certificate: %s", nickname); + return SECFailure; +-- +2.7.4 diff --git a/meta/recipes-support/curl/curl_7.47.1.bb b/meta/recipes-support/curl/curl_7.47.1.bb index 6c71760e49..3670a11178 100644 --- a/meta/recipes-support/curl/curl_7.47.1.bb +++ b/meta/recipes-support/curl/curl_7.47.1.bb @@ -14,6 +14,7 @@ SRC_URI += " file://configure_ac.patch \ file://CVE-2016-5419.patch \ file://CVE-2016-5420.patch \ file://CVE-2016-5421.patch \ + file://CVE-2016-7141.patch \ " SRC_URI[md5sum] = "9ea3123449439bbd960cd25cf98796fb" |