diff options
author | Mingli Yu <mingli.yu@windriver.com> | 2021-08-04 12:04:48 +0800 |
---|---|---|
committer | Anuj Mittal <anuj.mittal@intel.com> | 2021-08-09 10:19:38 +0800 |
commit | 8a01fe853c151ba787802b8d5895273c6da8bc78 (patch) | |
tree | 0eac5a0c6ebde6e214702591d9a1e3ff7b844648 /meta/recipes-support/curl/curl/CVE-2021-22926.patch | |
parent | ee0340c35f811dd1c0926480673a7fec7bbb985b (diff) | |
download | openembedded-core-contrib-8a01fe853c151ba787802b8d5895273c6da8bc78.tar.gz |
curl: fix CVES
Backport patches to fix below CVEs:
CVE-2021-22901
CVE-2021-22924
CVE-2021-22926
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Diffstat (limited to 'meta/recipes-support/curl/curl/CVE-2021-22926.patch')
-rw-r--r-- | meta/recipes-support/curl/curl/CVE-2021-22926.patch | 79 |
1 files changed, 79 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2021-22926.patch b/meta/recipes-support/curl/curl/CVE-2021-22926.patch new file mode 100644 index 0000000000..3a803bcc98 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2021-22926.patch @@ -0,0 +1,79 @@ +From 6180ef7c19defa9f77ae166acb8b63ed98a9c09a Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Wed, 4 Aug 2021 03:05:45 +0000 +Subject: [PATCH] sectransp: check for client certs by name first, then file + +CVE-2021-22926 + +Bug: https://curl.se/docs/CVE-2021-22926.html + +Assisted-by: Daniel Gustafsson +Reported-by: Harry Sintonen + +CVE: CVE-2021-22926 + +Upstream-Status: Backport [https://github.com/curl/curl/commit/fd9b40bf8dfd43edcbc0d254d613d95a11061c05] + +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + lib/vtls/sectransp.c | 33 +++++++++++++++++++-------------- + 1 file changed, 19 insertions(+), 14 deletions(-) + +diff --git a/lib/vtls/sectransp.c b/lib/vtls/sectransp.c +index 37b41f8..f8effde 100644 +--- a/lib/vtls/sectransp.c ++++ b/lib/vtls/sectransp.c +@@ -32,6 +32,7 @@ + #include "curl_base64.h" + #include "strtok.h" + #include "multiif.h" ++#include "strcase.h" + + #ifdef USE_SECTRANSP + +@@ -1648,24 +1649,28 @@ static CURLcode sectransp_connect_step1(struct Curl_easy *data, + bool is_cert_file = (!is_cert_data) && is_file(ssl_cert); + SecIdentityRef cert_and_key = NULL; + +- /* User wants to authenticate with a client cert. Look for it: +- If we detect that this is a file on disk, then let's load it. +- Otherwise, assume that the user wants to use an identity loaded +- from the Keychain. */ +- if(is_cert_file || is_cert_data) { ++ /* User wants to authenticate with a client cert. Look for it. Assume that ++ the user wants to use an identity loaded from the Keychain. If not, try ++ it as a file on disk */ ++ ++ if(!is_cert_data) ++ err = CopyIdentityWithLabel(ssl_cert, &cert_and_key); ++ else ++ err = !noErr; ++ if((err != noErr) && (is_cert_file || is_cert_data)) { + if(!SSL_SET_OPTION(cert_type)) +- infof(data, "WARNING: SSL: Certificate type not set, assuming " +- "PKCS#12 format.\n"); +- else if(strncmp(SSL_SET_OPTION(cert_type), "P12", +- strlen(SSL_SET_OPTION(cert_type))) != 0) +- infof(data, "WARNING: SSL: The Security framework only supports " +- "loading identities that are in PKCS#12 format.\n"); ++ infof(data, "SSL: Certificate type not set, assuming " ++ "PKCS#12 format."); ++ else if(!strcasecompare(SSL_SET_OPTION(cert_type), "P12")) { ++ failf(data, "SSL: The Security framework only supports " ++ "loading identities that are in PKCS#12 format."); ++ return CURLE_SSL_CERTPROBLEM; ++ } + + err = CopyIdentityFromPKCS12File(ssl_cert, ssl_cert_blob, +- SSL_SET_OPTION(key_passwd), &cert_and_key); ++ SSL_SET_OPTION(key_passwd), ++ &cert_and_key); + } +- else +- err = CopyIdentityWithLabel(ssl_cert, &cert_and_key); + + if(err == noErr && cert_and_key) { + SecCertificateRef cert = NULL; +-- +2.31.1 + |