diff options
Diffstat (limited to 'meta/recipes-support/curl/curl/CVE-2017-1000099.patch')
-rw-r--r-- | meta/recipes-support/curl/curl/CVE-2017-1000099.patch | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2017-1000099.patch b/meta/recipes-support/curl/curl/CVE-2017-1000099.patch new file mode 100644 index 0000000000..96ff1b064b --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2017-1000099.patch @@ -0,0 +1,41 @@ +From c9332fa5e84f24da300b42b1a931ade929d3e27d Mon Sep 17 00:00:00 2001 +From: Even Rouault <even.rouault@spatialys.com> +Date: Tue, 1 Aug 2017 17:17:06 +0200 +Subject: [PATCH] file: output the correct buffer to the user + +Regression brought by 7c312f84ea930d8 (April 2017) + +CVE: CVE-2017-1000099 + +Bug: https://curl.haxx.se/docs/adv_20170809C.html + +Credit to OSS-Fuzz for the discovery + +Upstream-Status: Backport +https://github.com/curl/curl/commit/c9332fa5e84f24da300b42b1a931ade929d3e27d + +Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> +--- + lib/file.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/file.c b/lib/file.c +index bd426eac2..666cbe75b 100644 +--- a/lib/file.c ++++ b/lib/file.c +@@ -499,11 +499,11 @@ static CURLcode file_do(struct connectdata *conn, bool *done) + Curl_month[tm->tm_mon], + tm->tm_year + 1900, + tm->tm_hour, + tm->tm_min, + tm->tm_sec); +- result = Curl_client_write(conn, CLIENTWRITE_BOTH, buf, 0); ++ result = Curl_client_write(conn, CLIENTWRITE_BOTH, header, 0); + if(!result) + /* set the file size to make it available post transfer */ + Curl_pgrsSetDownloadSize(data, expected_size); + return result; + } +-- +2.13.3 + |