diff options
| author |   Anuj Mittal <anuj.mittal@intel.com> | 2020-02-05 12:12:43 +0800 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2020-02-11 23:04:29 +0000 |
| commit | 30f4f40c4c92b000fa3356fae0504da233b0f601 (patch) | |
| tree | 991cb367f16a0c21262afbe5c3f55891a4c18cb5 /meta/recipes-support/curl | |
| parent | be8838387b5dd06abd81cc478d3c2ab9c95930bc (diff) | |
| download | openembedded-core-contrib-30f4f40c4c92b000fa3356fae0504da233b0f601.tar.gz | |
curl: fix CVE-2019-15601
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Diffstat (limited to 'meta/recipes-support/curl')
| -rw-r--r-- | meta/recipes-support/curl/curl/CVE-2019-15601.patch | 46 | ||||
| -rw-r--r-- | meta/recipes-support/curl/curl_7.66.0.bb | 1 |
2 files changed, 47 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2019-15601.patch b/meta/recipes-support/curl/curl/CVE-2019-15601.patch new file mode 100644 index 0000000000..7bfaae7b21 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2019-15601.patch @@ -0,0 +1,46 @@ +Upstream-Status: Backport [https://github.com/curl/curl/commit/1b71bc532bde8621fd3260843f8197182a467ff2] +CVE: CVE-2019-15601 +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> + +From 1b71bc532bde8621fd3260843f8197182a467ff2 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Thu, 7 Nov 2019 10:13:01 +0100 +Subject: [PATCH] file: on Windows, refuse paths that start with \\ +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +... as that might cause an unexpected SMB connection to a given host +name. + +Reported-by: Fernando Muñoz +CVE-2019-15601 +Bug: https://curl.haxx.se/docs/CVE-2019-15601.html +--- + lib/file.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/lib/file.c b/lib/file.c +index d349cd9241..166931d7f1 100644 +--- a/lib/file.c ++++ b/lib/file.c +@@ -136,7 +136,7 @@ static CURLcode file_connect(struct connectdata *conn, bool *done) + struct Curl_easy *data = conn->data; + char *real_path; + struct FILEPROTO *file = data->req.protop; +- int fd; ++ int fd = -1; + #ifdef DOS_FILESYSTEM + size_t i; + char *actual_path; +@@ -181,7 +181,9 @@ static CURLcode file_connect(struct connectdata *conn, bool *done) + return CURLE_URL_MALFORMAT; + } + +- fd = open_readonly(actual_path, O_RDONLY|O_BINARY); ++ if(strncmp("\\\\", actual_path, 2)) ++ /* refuse to open path that starts with two backslashes */ ++ fd = open_readonly(actual_path, O_RDONLY|O_BINARY); + file->path = actual_path; + #else + if(memchr(real_path, 0, real_path_len)) { diff --git a/meta/recipes-support/curl/curl_7.66.0.bb b/meta/recipes-support/curl/curl_7.66.0.bb index d1975f2460..a54e0536e9 100644 --- a/meta/recipes-support/curl/curl_7.66.0.bb +++ b/meta/recipes-support/curl/curl_7.66.0.bb @@ -7,6 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=be5d9e1419c4363f4b32037a2d3b7ffa" SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \ file://0001-replace-krb5-config-with-pkg-config.patch \ + file://CVE-2019-15601.patch \ " SRC_URI[md5sum] = "c238aa394e3aa47ca4fcb0491774149f" |