meta/recipes-support/curl/curl/CVE-2022-32221.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

From 75c04a3e75e8e3025a17ca3033ca307da9691cd0 Mon Sep 17 00:00:00 2001
From: Vivek Kumbhar <vkumbhar@mvista.com>
Date: Fri, 11 Nov 2022 10:49:58 +0530
Subject: [PATCH] CVE-2022-32221

Upstream-Status: Backport [https://github.com/curl/curl/commit/a64e3e59938abd7d6]
CVE: CVE-2022-32221
Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>

setopt: when POST is set, reset the 'upload' field.
---
 lib/setopt.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/setopt.c b/lib/setopt.c
index bebb2e4..4d96f6b 100644
--- a/lib/setopt.c
+++ b/lib/setopt.c
@@ -486,6 +486,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
     }
     else
       data->set.httpreq = HTTPREQ_GET;
+    data->set.upload = FALSE;
     break;
 
   case CURLOPT_COPYPOSTFIELDS:
-- 
2.25.1