diff options
| author |   Armin Kuster <akuster@mvista.com> | 2019-09-13 16:14:16 -0700 |
|---|---|---|
| committer |   Armin Kuster <akuster808@gmail.com> | 2019-09-29 21:38:22 -0700 |
| commit | d2e5558133f970a8a196c545dd00af9315c1a06a (patch) | |
| tree | 1167198b91efd5309b79698ce713231162f7237a | |
| parent | 4e110b7d3b6e84015249f4174766dd3790f9bbbe (diff) | |
| download | openembedded-core-d2e5558133f970a8a196c545dd00af9315c1a06a.tar.gz | |
Curl: Security fix for CVE-2019-5482
Source: curl.org
MR: 99905
Type: Security Fix
Disposition: Backport from https://github.com/curl/curl/commit/facb0e4662415b5f28163e853dc6742ac5fafb3d
ChangeID: e0c807da8937f687a4b2e28eaa6b4b5a51845bc5
Description:
Fixes CVE-2019-5482
- Affected versions: libcurl >= 7.19.4 to and including 7.65.3
- Not affected versions: libcurl < 7.19.4
Signed-off-by: Armin Kuster <akuster@mvista.com>
| -rw-r--r-- | meta/recipes-support/curl/curl/CVE-2019-5482.patch | 65 | ||||
| -rw-r--r-- | meta/recipes-support/curl/curl_7.64.1.bb | 1 |
2 files changed, 66 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2019-5482.patch b/meta/recipes-support/curl/curl/CVE-2019-5482.patch new file mode 100644 index 0000000000..30122d1ae9 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2019-5482.patch @@ -0,0 +1,65 @@ +From facb0e4662415b5f28163e853dc6742ac5fafb3d Mon Sep 17 00:00:00 2001 +From: Thomas Vegas <> +Date: Sat, 31 Aug 2019 17:30:51 +0200 +Subject: [PATCH] tftp: Alloc maximum blksize, and use default unless OACK is + received + +Fixes potential buffer overflow from 'recvfrom()', should the server +return an OACK without blksize. + +Bug: https://curl.haxx.se/docs/CVE-2019-5482.html +CVE-2019-5482 + +Upstream-Status: Backport +CVE: CVE-2019-5482 + +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + lib/tftp.c | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +Index: curl-7.64.1/lib/tftp.c +=================================================================== +--- curl-7.64.1.orig/lib/tftp.c ++++ curl-7.64.1/lib/tftp.c +@@ -973,6 +973,7 @@ static CURLcode tftp_connect(struct conn + { + tftp_state_data_t *state; + int blksize; ++ int need_blksize; + + blksize = TFTP_BLKSIZE_DEFAULT; + +@@ -987,15 +988,20 @@ static CURLcode tftp_connect(struct conn + return CURLE_TFTP_ILLEGAL; + } + ++ need_blksize = blksize; ++ /* default size is the fallback when no OACK is received */ ++ if(need_blksize < TFTP_BLKSIZE_DEFAULT) ++ need_blksize = TFTP_BLKSIZE_DEFAULT; ++ + if(!state->rpacket.data) { +- state->rpacket.data = calloc(1, blksize + 2 + 2); ++ state->rpacket.data = calloc(1, need_blksize + 2 + 2); + + if(!state->rpacket.data) + return CURLE_OUT_OF_MEMORY; + } + + if(!state->spacket.data) { +- state->spacket.data = calloc(1, blksize + 2 + 2); ++ state->spacket.data = calloc(1, need_blksize + 2 + 2); + + if(!state->spacket.data) + return CURLE_OUT_OF_MEMORY; +@@ -1009,7 +1015,7 @@ static CURLcode tftp_connect(struct conn + state->sockfd = state->conn->sock[FIRSTSOCKET]; + state->state = TFTP_STATE_START; + state->error = TFTP_ERR_NONE; +- state->blksize = blksize; ++ state->blksize = TFTP_BLKSIZE_DEFAULT; /* Unless updated by OACK response */ + state->requested_blksize = blksize; + + ((struct sockaddr *)&state->local_addr)->sa_family = diff --git a/meta/recipes-support/curl/curl_7.64.1.bb b/meta/recipes-support/curl/curl_7.64.1.bb index 00c8c5a826..151d74a236 100644 --- a/meta/recipes-support/curl/curl_7.64.1.bb +++ b/meta/recipes-support/curl/curl_7.64.1.bb @@ -9,6 +9,7 @@ SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \ file://0001-replace-krb5-config-with-pkg-config.patch \ file://CVE-2019-5435.patch \ file://CVE-2019-5436.patch \ + file://CVE-2019-5482.patch \ " SRC_URI[md5sum] = "790c101927845208a9d7e8c429ddd1b2" |