[OE-core] [thud][PATCH] curl: Security fix for CVE-2019-5481
Muminul Islam
misla011 at fiu.edu
Wed Oct 16 21:10:35 UTC 2019
CVE: CVE-2019-5481
Upstream-Status: Backport
Signed-off-by: Muminul Islam <muislam at microsoft.com>
---
.../curl/curl/CVE-2019-5481.patch | 52 +++++++++++++++++++
meta/recipes-support/curl/curl_7.61.0.bb | 1 +
2 files changed, 53 insertions(+)
create mode 100644 meta/recipes-support/curl/curl/CVE-2019-5481.patch
diff --git a/meta/recipes-support/curl/curl/CVE-2019-5481.patch b/meta/recipes-support/curl/curl/CVE-2019-5481.patch
new file mode 100644
index 0000000000..a97a95a268
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2019-5481.patch
@@ -0,0 +1,52 @@
+From f6fa4dffb2b973f3c7f2e8c2b6a7dc94c016f455 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel at haxx.se>
+Date: Tue, 3 Sep 2019 22:59:32 +0200
+Subject: [PATCH] security:read_data fix bad realloc()
+Reply-To: muislam at microsoft.com
+
+... that could end up a double-free
+
+CVE-2019-5481
+Bug: https://curl.haxx.se/docs/CVE-2019-5481.html
+
+Signed-off-by: Muminul Islam <muislam at microsoft.com>
+
+CVE: CVE-2019-5481
+
+Upstream-Status: Backport
+
+Upstream commit: https://github.com/curl/curl/commit/9069838b30fb3b48af0123e39f664cea683254a5
+---
+ lib/security.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/lib/security.c b/lib/security.c
+index abf242c38..52cce97d0 100644
+--- a/lib/security.c
++++ b/lib/security.c
+@@ -191,7 +191,6 @@ static CURLcode read_data(struct connectdata *conn,
+ struct krb5buffer *buf)
+ {
+ int len;
+- void *tmp = NULL;
+ CURLcode result;
+
+ result = socket_read(fd, &len, sizeof(len));
+@@ -201,12 +200,11 @@ static CURLcode read_data(struct connectdata *conn,
+ if(len) {
+ /* only realloc if there was a length */
+ len = ntohl(len);
+- tmp = Curl_saferealloc(buf->data, len);
++ buf->data = Curl_saferealloc(buf->data, len);
+ }
+- if(tmp == NULL)
++ if(!len || !buf->data)
+ return CURLE_OUT_OF_MEMORY;
+
+- buf->data = tmp;
+ result = socket_read(fd, buf->data, len);
+ if(result)
+ return result;
+--
+2.23.0
+
diff --git a/meta/recipes-support/curl/curl_7.61.0.bb b/meta/recipes-support/curl/curl_7.61.0.bb
index 3b54774b9d..29aaff20a1 100644
--- a/meta/recipes-support/curl/curl_7.61.0.bb
+++ b/meta/recipes-support/curl/curl_7.61.0.bb
@@ -14,6 +14,7 @@ SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \
file://CVE-2019-5435.patch \
file://CVE-2019-5436.patch \
file://CVE-2019-5482.patch \
+ file://CVE-2019-5481.patch \
"
SRC_URI[md5sum] = "31d0a9f48dc796a7db351898a1e5058a"
--
2.23.0
More information about the Openembedded-core
mailing list