diff options
| author |   Armin Kuster <akuster@mvista.com> | 2021-01-07 17:25:46 +0530 |
|---|---|---|
| committer |   Anuj Mittal <anuj.mittal@intel.com> | 2021-04-29 11:57:07 +0800 |
| commit | 524870aad285debb67f6cd134b6465a06738906e (patch) | |
| tree | 78aea95481205bb44120e21bb3f336aca3a70428 /meta/recipes-support/curl/curl/CVE-2020-8177.patch | |
| parent | 9bfaa690e030362e31eacf45a9023991fe372c23 (diff) | |
| download | openembedded-core-contrib-anujm/zeus.tar.gz | |
curl: Security fixes for CVE-2020-{8169/8177}anujm/zeus
Source: https://curl.haxx.se/
MR: 104472, 104458
Type: Security Fix
Disposition: Backport from https://github.com/curl/curl/commit/{600a8cded447cd/8236aba58542c5f}
ChangeID: 1300924f7a64b22375b4326daeef0b686481e30c
Description:
- Affected versions: curl 7.20.0 to and including 7.70.0
- Not affected versions: curl < 7.20.0 and curl >= 7.71.0
Fixes both CVE-2020-8169 and CVE-2020-8177
(From OE-Core rev: f42702baee57ab3d1b7ab7833e72c7d56ad4ee94)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Sana Kazi <sanak@kpit.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Diffstat (limited to 'meta/recipes-support/curl/curl/CVE-2020-8177.patch')
| -rw-r--r-- | meta/recipes-support/curl/curl/CVE-2020-8177.patch | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2020-8177.patch b/meta/recipes-support/curl/curl/CVE-2020-8177.patch new file mode 100644 index 0000000000..81ec59848c --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2020-8177.patch @@ -0,0 +1,67 @@ +From 8236aba58542c5f89f1d41ca09d84579efb05e22 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Sun, 31 May 2020 23:09:59 +0200 +Subject: [PATCH] tool_getparam: -i is not OK if -J is used + +Reported-by: sn on hackerone +Bug: https://curl.haxx.se/docs/CVE-2020-8177.html + +Upstream-Status: Backport +CVE:CVE-2020-8177 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + src/tool_cb_hdr.c | 22 ++++------------------ + src/tool_getparam.c | 5 +++++ + 2 files changed, 9 insertions(+), 18 deletions(-) + +Index: curl-7.69.1/src/tool_cb_hdr.c +=================================================================== +--- curl-7.69.1.orig/src/tool_cb_hdr.c ++++ curl-7.69.1/src/tool_cb_hdr.c +@@ -134,25 +134,11 @@ + filename = parse_filename(p, len); + if(filename) { + if(outs->stream) { +- int rc; +- /* already opened and possibly written to */ +- if(outs->fopened) +- fclose(outs->stream); +- outs->stream = NULL; ++ /* indication of problem, get out! */ ++ free(filename); ++ return failure; ++ } + +- /* rename the initial file name to the new file name */ +- rc = rename(outs->filename, filename); +- if(rc != 0) { +- warnf(outs->config->global, "Failed to rename %s -> %s: %s\n", +- outs->filename, filename, strerror(errno)); +- } +- if(outs->alloc_filename) +- Curl_safefree(outs->filename); +- if(rc != 0) { +- free(filename); +- return failure; +- } +- } + outs->is_cd_filename = TRUE; + outs->s_isreg = TRUE; + outs->fopened = FALSE; +Index: curl-7.69.1/src/tool_getparam.c +=================================================================== +--- curl-7.69.1.orig/src/tool_getparam.c ++++ curl-7.69.1/src/tool_getparam.c +@@ -1807,6 +1807,11 @@ ParameterError getparameter(const char * + } + break; + case 'i': ++ if(config->content_disposition) { ++ warnf(global, ++ "--include and --remote-header-name cannot be combined.\n"); ++ return PARAM_BAD_USE; ++ } + config->show_headers = toggle; /* show the headers as well in the + general output stream */ + break; |