diff options
author | Jose Quaresma <quaresma.jose@gmail.com> | 2022-07-01 17:12:05 +0100 |
---|---|---|
committer | Steve Sakoman <steve@sakoman.com> | 2022-07-01 08:35:07 -1000 |
commit | 7a8d374a3d4bbef336be2b273afc00c93c637ae6 (patch) | |
tree | 6547395dd99df27205e697e02338ceecde0e3a7e | |
parent | 1a6396c431a454a293be102c8c0e8b10f247404b (diff) | |
download | openembedded-core-contrib-7a8d374a3d4bbef336be2b273afc00c93c637ae6.tar.gz |
curl: backport openssl fix CN check error code
Fix out of memory [1]
OpenSSL host verification + hostname in certificate CN only seems broken in 7.82.0
[1] https://github.com/curl/curl/issues/8559
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
-rw-r--r-- | meta/recipes-support/curl/curl/0001-openssl-fix-CN-check-error-code.patch | 38 | ||||
-rw-r--r-- | meta/recipes-support/curl/curl_7.82.0.bb | 1 |
2 files changed, 39 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/0001-openssl-fix-CN-check-error-code.patch b/meta/recipes-support/curl/curl/0001-openssl-fix-CN-check-error-code.patch new file mode 100644 index 0000000000..c0a2355e5b --- /dev/null +++ b/meta/recipes-support/curl/curl/0001-openssl-fix-CN-check-error-code.patch @@ -0,0 +1,38 @@ +From 0677924c6ec7e0d68964553fb760f6d407242c54 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Tue, 8 Mar 2022 13:38:13 +0100 +Subject: [PATCH] openssl: fix CN check error code + +Due to a missing 'else' this returns error too easily. + +Regressed in: d15692ebb + +Reported-by: Kristoffer Gleditsch +Fixes #8559 +Closes #8560 + +Upstream-Status: Backport [https://github.com/curl/curl/commit/911714d617c106ed5d553bf003e34ec94ab6a136] + +Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io> + +--- + lib/vtls/openssl.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c +index 616a510..1bafe96 100644 +--- a/lib/vtls/openssl.c ++++ b/lib/vtls/openssl.c +@@ -1808,7 +1808,8 @@ CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn, + memcpy(peer_CN, ASN1_STRING_get0_data(tmp), peerlen); + peer_CN[peerlen] = '\0'; + } +- result = CURLE_OUT_OF_MEMORY; ++ else ++ result = CURLE_OUT_OF_MEMORY; + } + } + else /* not a UTF8 name */ +-- +2.34.1 + diff --git a/meta/recipes-support/curl/curl_7.82.0.bb b/meta/recipes-support/curl/curl_7.82.0.bb index ba3fd11820..d5dfe62a39 100644 --- a/meta/recipes-support/curl/curl_7.82.0.bb +++ b/meta/recipes-support/curl/curl_7.82.0.bb @@ -23,6 +23,7 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \ file://CVE-2022-27779.patch \ file://CVE-2022-27782-1.patch \ file://CVE-2022-27782-2.patch \ + file://0001-openssl-fix-CN-check-error-code.patch \ " SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c" |