diff options
Diffstat (limited to 'meta/recipes-support/curl/curl/CVE-2017-1000101.patch')
| -rw-r--r-- | meta/recipes-support/curl/curl/CVE-2017-1000101.patch | 99 |
1 files changed, 0 insertions, 99 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2017-1000101.patch b/meta/recipes-support/curl/curl/CVE-2017-1000101.patch deleted file mode 100644 index c300fff00c..0000000000 --- a/meta/recipes-support/curl/curl/CVE-2017-1000101.patch +++ /dev/null @@ -1,99 +0,0 @@ -From 453e7a7a03a2cec749abd3878a48e728c515cca7 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg <daniel@haxx.se> -Date: Tue, 1 Aug 2017 17:16:07 +0200 -Subject: [PATCH] glob: do not continue parsing after a strtoul() overflow - range - -Added test 1289 to verify. - -CVE: CVE-2017-1000101 - -Bug: https://curl.haxx.se/docs/adv_20170809A.html -Reported-by: Brian Carpenter - -Upstream-Status: Backport -https://github.com/curl/curl/commit/453e7a7a03a2cec749abd3878a48e728c515cca7 - -Rebase the tests/data/Makefile.inc changes for curl 7.54.1. - -Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> ---- - src/tool_urlglob.c | 5 ++++- - tests/data/Makefile.inc | 2 +- - tests/data/test1289 | 35 +++++++++++++++++++++++++++++++++++ - 3 files changed, 40 insertions(+), 2 deletions(-) - create mode 100644 tests/data/test1289 - -diff --git a/src/tool_urlglob.c b/src/tool_urlglob.c -index 6b1ece0..d56dcd9 100644 ---- a/src/tool_urlglob.c -+++ b/src/tool_urlglob.c -@@ -273,7 +273,10 @@ static CURLcode glob_range(URLGlob *glob, char **patternp, - } - errno = 0; - max_n = strtoul(pattern, &endp, 10); -- if(errno || (*endp == ':')) { -+ if(errno) -+ /* overflow */ -+ endp = NULL; -+ else if(*endp == ':') { - pattern = endp+1; - errno = 0; - step_n = strtoul(pattern, &endp, 10); -diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc -index 155320a..7adbee6 100644 ---- a/tests/data/Makefile.inc -+++ b/tests/data/Makefile.inc -@@ -132,7 +132,7 @@ test1252 test1253 test1254 test1255 test1256 test1257 test1258 test1259 \ - test1260 test1261 test1262 \ - \ - test1280 test1281 test1282 test1283 test1284 test1285 test1286 test1287 \ --test1288 \ -+test1288 test1289 \ - \ - test1300 test1301 test1302 test1303 test1304 test1305 test1306 test1307 \ - test1308 test1309 test1310 test1311 test1312 test1313 test1314 test1315 \ -diff --git a/tests/data/test1289 b/tests/data/test1289 -new file mode 100644 -index 0000000..d679cc0 ---- /dev/null -+++ b/tests/data/test1289 -@@ -0,0 +1,35 @@ -+<testcase> -+<info> -+<keywords> -+HTTP -+HTTP GET -+globbing -+</keywords> -+</info> -+ -+# -+# Server-side -+<reply> -+</reply> -+ -+# Client-side -+<client> -+<server> -+http -+</server> -+<name> -+globbing with overflow and bad syntxx -+</name> -+<command> -+http://ur%20[0-60000000000000000000 -+</command> -+</client> -+ -+# Verify data after the test has been "shot" -+<verify> -+# curl: (3) [globbing] bad range in column -+<errorcode> -+3 -+</errorcode> -+</verify> -+</testcase> --- -2.11.0 - |