summaryrefslogtreecommitdiffstats
path: root/meta/recipes-support/curl/curl/CVE-2018-16839.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-support/curl/curl/CVE-2018-16839.patch')
-rw-r--r--meta/recipes-support/curl/curl/CVE-2018-16839.patch35
1 files changed, 0 insertions, 35 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2018-16839.patch b/meta/recipes-support/curl/curl/CVE-2018-16839.patch
deleted file mode 100644
index bf972d2ed7..0000000000
--- a/meta/recipes-support/curl/curl/CVE-2018-16839.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 55b90532f9190dce40a325b3312d014c66dc3ae1 Mon Sep 17 00:00:00 2001
-From: Changqing Li <changqing.li@windriver.com>
-Date: Thu, 1 Nov 2018 15:27:35 +0800
-Subject: [PATCH] Curl_auth_create_plain_message: fix too-large-input-check
-
-CVE-2018-16839
-Reported-by: Harry Sintonen
-Bug: https://curl.haxx.se/docs/CVE-2018-16839.html
-
-Upstream-Status: Backport [https://github.com/curl/curl/commit
-/f3a24d7916b9173c69a3e0ee790102993833d6c5?diff=unified]
-
-CVE: CVE-2018-16839
-
-Signed-off-by: Changqing Li <changqing.li@windriver.com>
----
- lib/vauth/cleartext.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/lib/vauth/cleartext.c b/lib/vauth/cleartext.c
-index 5d61ce6..1367143 100644
---- a/lib/vauth/cleartext.c
-+++ b/lib/vauth/cleartext.c
-@@ -74,7 +74,7 @@ CURLcode Curl_auth_create_plain_message(struct Curl_easy *data,
- plen = strlen(passwdp);
-
- /* Compute binary message length. Check for overflows. */
-- if((ulen > SIZE_T_MAX/2) || (plen > (SIZE_T_MAX/2 - 2)))
-+ if((ulen > SIZE_T_MAX/4) || (plen > (SIZE_T_MAX/2 - 2)))
- return CURLE_OUT_OF_MEMORY;
- plainlen = 2 * ulen + plen + 2;
-
---
-2.7.4
-
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-04-25 03:34:00 +0000