1 files changed, 41 insertions, 0 deletions

diff --git a/meta/recipes-support/curl/curl/CVE-2017-1000099.patch b/meta/recipes-support/curl/curl/CVE-2017-1000099.patch
new file mode 100644
index 0000000000..96ff1b064b
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2017-1000099.patch
@@ -0,0 +1,41 @@
+From c9332fa5e84f24da300b42b1a931ade929d3e27d Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Tue, 1 Aug 2017 17:17:06 +0200
+Subject: [PATCH] file: output the correct buffer to the user
+
+Regression brought by 7c312f84ea930d8 (April 2017)
+
+CVE: CVE-2017-1000099
+
+Bug: https://curl.haxx.se/docs/adv_20170809C.html
+
+Credit to OSS-Fuzz for the discovery
+
+Upstream-Status: Backport
+https://github.com/curl/curl/commit/c9332fa5e84f24da300b42b1a931ade929d3e27d
+
+Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
+---
+ lib/file.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/file.c b/lib/file.c
+index bd426eac2..666cbe75b 100644
+--- a/lib/file.c
++++ b/lib/file.c
+@@ -499,11 +499,11 @@ static CURLcode file_do(struct connectdata *conn, bool *done)
+              Curl_month[tm->tm_mon],
+              tm->tm_year + 1900,
+              tm->tm_hour,
+              tm->tm_min,
+              tm->tm_sec);
+-    result = Curl_client_write(conn, CLIENTWRITE_BOTH, buf, 0);
++    result = Curl_client_write(conn, CLIENTWRITE_BOTH, header, 0);
+     if(!result)
+       /* set the file size to make it available post transfer */
+       Curl_pgrsSetDownloadSize(data, expected_size);
+     return result;
+   }
+-- 
+2.13.3
+