[oe-commits] [openembedded-core] 03/30: curl: fix CVE-2019-15601
git at git.openembedded.org
git at git.openembedded.org
Tue Feb 11 23:05:56 UTC 2020
This is an automated email from the git hooks/post-receive script.
rpurdie pushed a commit to branch zeus
in repository openembedded-core.
commit 30f4f40c4c92b000fa3356fae0504da233b0f601
Author: Anuj Mittal <anuj.mittal at intel.com>
AuthorDate: Wed Feb 5 12:12:43 2020 +0800
curl: fix CVE-2019-15601
Signed-off-by: Anuj Mittal <anuj.mittal at intel.com>
---
.../recipes-support/curl/curl/CVE-2019-15601.patch | 46 ++++++++++++++++++++++
meta/recipes-support/curl/curl_7.66.0.bb | 1 +
2 files changed, 47 insertions(+)
diff --git a/meta/recipes-support/curl/curl/CVE-2019-15601.patch b/meta/recipes-support/curl/curl/CVE-2019-15601.patch
new file mode 100644
index 0000000..7bfaae7
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2019-15601.patch
@@ -0,0 +1,46 @@
+Upstream-Status: Backport [https://github.com/curl/curl/commit/1b71bc532bde8621fd3260843f8197182a467ff2]
+CVE: CVE-2019-15601
+Signed-off-by: Anuj Mittal <anuj.mittal at intel.com>
+
+From 1b71bc532bde8621fd3260843f8197182a467ff2 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel at haxx.se>
+Date: Thu, 7 Nov 2019 10:13:01 +0100
+Subject: [PATCH] file: on Windows, refuse paths that start with \\
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+... as that might cause an unexpected SMB connection to a given host
+name.
+
+Reported-by: Fernando Muñoz
+CVE-2019-15601
+Bug: https://curl.haxx.se/docs/CVE-2019-15601.html
+---
+ lib/file.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/lib/file.c b/lib/file.c
+index d349cd9241..166931d7f1 100644
+--- a/lib/file.c
++++ b/lib/file.c
+@@ -136,7 +136,7 @@ static CURLcode file_connect(struct connectdata *conn, bool *done)
+ struct Curl_easy *data = conn->data;
+ char *real_path;
+ struct FILEPROTO *file = data->req.protop;
+- int fd;
++ int fd = -1;
+ #ifdef DOS_FILESYSTEM
+ size_t i;
+ char *actual_path;
+@@ -181,7 +181,9 @@ static CURLcode file_connect(struct connectdata *conn, bool *done)
+ return CURLE_URL_MALFORMAT;
+ }
+
+- fd = open_readonly(actual_path, O_RDONLY|O_BINARY);
++ if(strncmp("\\\\", actual_path, 2))
++ /* refuse to open path that starts with two backslashes */
++ fd = open_readonly(actual_path, O_RDONLY|O_BINARY);
+ file->path = actual_path;
+ #else
+ if(memchr(real_path, 0, real_path_len)) {
diff --git a/meta/recipes-support/curl/curl_7.66.0.bb b/meta/recipes-support/curl/curl_7.66.0.bb
index d1975f2..a54e053 100644
--- a/meta/recipes-support/curl/curl_7.66.0.bb
+++ b/meta/recipes-support/curl/curl_7.66.0.bb
@@ -7,6 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=be5d9e1419c4363f4b32037a2d3b7ffa"
SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \
file://0001-replace-krb5-config-with-pkg-config.patch \
+ file://CVE-2019-15601.patch \
"
SRC_URI[md5sum] = "c238aa394e3aa47ca4fcb0491774149f"
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Openembedded-commits
mailing list