diff options
| author |   Armin Kuster <akuster@mvista.com> | 2017-11-04 09:12:44 -0700 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-11-05 22:39:27 +0000 |
| commit | a12cc7500a224d4be91f67f7921e1f16fcf880d4 (patch) | |
| tree | 6208ce4c90f9bce850d239ec855fe910d4725f8b | |
| parent | eafbe104727d79643c1738360789ae455fff116c (diff) | |
| download | openembedded-core-a12cc7500a224d4be91f67f7921e1f16fcf880d4.tar.gz | |
curl: Security fix for CVE-2017-1000101
Affected versions: curl 7.34.0 to and including 7.54.1
Not affected versions: curl < 7.34.0 and >= 7.55.0
Signed-off-by: Armin Kuster <akuster@mvista.com>
| -rw-r--r-- | meta/recipes-support/curl/curl/CVE-2017-1000101.patch | 92 | ||||
| -rw-r--r-- | meta/recipes-support/curl/curl_7.53.1.bb | 1 |
2 files changed, 93 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2017-1000101.patch b/meta/recipes-support/curl/curl/CVE-2017-1000101.patch new file mode 100644 index 0000000000..9eef5e2a20 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2017-1000101.patch @@ -0,0 +1,92 @@ +From 453e7a7a03a2cec749abd3878a48e728c515cca7 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Tue, 1 Aug 2017 17:16:07 +0200 +Subject: [PATCH] glob: do not continue parsing after a strtoul() overflow + range + +Added test 1289 to verify. + +CVE-2017-1000101 + +Bug: https://curl.haxx.se/docs/adv_20170809A.html +Reported-by: Brian Carpenter + +Upstream-Status: Backport +CVE: CVE-2017-1000101 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + src/tool_urlglob.c | 5 ++++- + tests/data/Makefile.inc | 2 +- + tests/data/test1289 | 35 +++++++++++++++++++++++++++++++++++ + 3 files changed, 40 insertions(+), 2 deletions(-) + create mode 100644 tests/data/test1289 + +Index: curl-7.53.1/src/tool_urlglob.c +=================================================================== +--- curl-7.53.1.orig/src/tool_urlglob.c ++++ curl-7.53.1/src/tool_urlglob.c +@@ -269,7 +269,10 @@ static CURLcode glob_range(URLGlob *glob + } + errno = 0; + max_n = strtoul(pattern, &endp, 10); +- if(errno || (*endp == ':')) { ++ if(errno) ++ /* overflow */ ++ endp = NULL; ++ else if(*endp == ':') { + pattern = endp+1; + errno = 0; + step_n = strtoul(pattern, &endp, 10); +Index: curl-7.53.1/tests/data/Makefile.inc +=================================================================== +--- curl-7.53.1.orig/tests/data/Makefile.inc ++++ curl-7.53.1/tests/data/Makefile.inc +@@ -131,6 +131,7 @@ test1244 test1245 test1246 test1247 test + test1252 test1253 test1254 test1255 test1256 test1257 test1258 test1259 \ + \ + test1280 test1281 test1282 test1283 test1284 test1285 test1286 \ ++test1289 \ + \ + test1300 test1301 test1302 test1303 test1304 test1305 test1306 test1307 \ + test1308 test1309 test1310 test1311 test1312 test1313 test1314 test1315 \ +Index: curl-7.53.1/tests/data/test1289 +=================================================================== +--- /dev/null ++++ curl-7.53.1/tests/data/test1289 +@@ -0,0 +1,35 @@ ++<testcase> ++<info> ++<keywords> ++HTTP ++HTTP GET ++globbing ++</keywords> ++</info> ++ ++# ++# Server-side ++<reply> ++</reply> ++ ++# Client-side ++<client> ++<server> ++http ++</server> ++<name> ++globbing with overflow and bad syntxx ++</name> ++<command> ++http://ur%20[0-60000000000000000000 ++</command> ++</client> ++ ++# Verify data after the test has been "shot" ++<verify> ++# curl: (3) [globbing] bad range in column ++<errorcode> ++3 ++</errorcode> ++</verify> ++</testcase> diff --git a/meta/recipes-support/curl/curl_7.53.1.bb b/meta/recipes-support/curl/curl_7.53.1.bb index 72828fe814..c3e1f898a9 100644 --- a/meta/recipes-support/curl/curl_7.53.1.bb +++ b/meta/recipes-support/curl/curl_7.53.1.bb @@ -14,6 +14,7 @@ SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \ # SRC_URI += " file://configure_ac.patch \ file://CVE-2017-1000100.patch \ + file://CVE-2017-1000101.patch \ " SRC_URI[md5sum] = "fb1f03a142236840c1a77c035fa4c542" |