diff options
Diffstat (limited to 'meta/recipes-support/curl/curl/CVE-2018-16839.patch')
-rw-r--r-- | meta/recipes-support/curl/curl/CVE-2018-16839.patch | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2018-16839.patch b/meta/recipes-support/curl/curl/CVE-2018-16839.patch new file mode 100644 index 0000000000..bf972d2ed7 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2018-16839.patch @@ -0,0 +1,35 @@ +From 55b90532f9190dce40a325b3312d014c66dc3ae1 Mon Sep 17 00:00:00 2001 +From: Changqing Li <changqing.li@windriver.com> +Date: Thu, 1 Nov 2018 15:27:35 +0800 +Subject: [PATCH] Curl_auth_create_plain_message: fix too-large-input-check + +CVE-2018-16839 +Reported-by: Harry Sintonen +Bug: https://curl.haxx.se/docs/CVE-2018-16839.html + +Upstream-Status: Backport [https://github.com/curl/curl/commit +/f3a24d7916b9173c69a3e0ee790102993833d6c5?diff=unified] + +CVE: CVE-2018-16839 + +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + lib/vauth/cleartext.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/vauth/cleartext.c b/lib/vauth/cleartext.c +index 5d61ce6..1367143 100644 +--- a/lib/vauth/cleartext.c ++++ b/lib/vauth/cleartext.c +@@ -74,7 +74,7 @@ CURLcode Curl_auth_create_plain_message(struct Curl_easy *data, + plen = strlen(passwdp); + + /* Compute binary message length. Check for overflows. */ +- if((ulen > SIZE_T_MAX/2) || (plen > (SIZE_T_MAX/2 - 2))) ++ if((ulen > SIZE_T_MAX/4) || (plen > (SIZE_T_MAX/2 - 2))) + return CURLE_OUT_OF_MEMORY; + plainlen = 2 * ulen + plen + 2; + +-- +2.7.4 + |