mirror of
https://git.yoctoproject.org/poky
synced 2026-03-16 20:29:41 +01:00
curl: fix CVE-2023-46218
(From OE-Core rev: 000b2a380021f2c7fd102b6523a986c2e7ad20ae) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Lee Chee Yang
committed by
Steve Sakoman
Steve Sakoman
parent
91bd70dbea
commit
664c3401c5
52
meta/recipes-support/curl/curl/CVE-2023-46218.patch
Normal file
52
meta/recipes-support/curl/curl/CVE-2023-46218.patch
Normal file
@@ -0,0 +1,52 @@
|
||||
CVE: CVE-2023-46218
|
||||
Upstream-Status: Backport [ https://github.com/curl/curl/commit/2b0994c29a721c91c57 ]
|
||||
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
|
||||
|
||||
From 2b0994c29a721c91c572cff7808c572a24d251eb Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Thu, 23 Nov 2023 08:15:47 +0100
|
||||
Subject: [PATCH] cookie: lowercase the domain names before PSL checks
|
||||
|
||||
Reported-by: Harry Sintonen
|
||||
|
||||
Closes #12387
|
||||
---
|
||||
lib/cookie.c | 24 ++++++++++++++++--------
|
||||
1 file changed, 16 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/lib/cookie.c b/lib/cookie.c
|
||||
index 568cf537ad1b1f..9095cea3e97f22 100644
|
||||
--- a/lib/cookie.c
|
||||
+++ b/lib/cookie.c
|
||||
@@ -1027,15 +1027,23 @@ Curl_cookie_add(struct Curl_easy *data,
|
||||
* dereference it.
|
||||
*/
|
||||
if(data && (domain && co->domain && !Curl_host_is_ipnum(co->domain))) {
|
||||
- const psl_ctx_t *psl = Curl_psl_use(data);
|
||||
- int acceptable;
|
||||
-
|
||||
- if(psl) {
|
||||
- acceptable = psl_is_cookie_domain_acceptable(psl, domain, co->domain);
|
||||
- Curl_psl_release(data);
|
||||
+ bool acceptable = FALSE;
|
||||
+ char lcase[256];
|
||||
+ char lcookie[256];
|
||||
+ size_t dlen = strlen(domain);
|
||||
+ size_t clen = strlen(co->domain);
|
||||
+ if((dlen < sizeof(lcase)) && (clen < sizeof(lcookie))) {
|
||||
+ const psl_ctx_t *psl = Curl_psl_use(data);
|
||||
+ if(psl) {
|
||||
+ /* the PSL check requires lowercase domain name and pattern */
|
||||
+ Curl_strntolower(lcase, domain, dlen + 1);
|
||||
+ Curl_strntolower(lcookie, co->domain, clen + 1);
|
||||
+ acceptable = psl_is_cookie_domain_acceptable(psl, lcase, lcookie);
|
||||
+ Curl_psl_release(data);
|
||||
+ }
|
||||
+ else
|
||||
+ acceptable = !bad_domain(domain, strlen(domain));
|
||||
}
|
||||
- else
|
||||
- acceptable = !bad_domain(domain, strlen(domain));
|
||||
|
||||
if(!acceptable) {
|
||||
infof(data, "cookie '%s' dropped, domain '%s' must not "
|
||||
@@ -13,6 +13,7 @@ SRC_URI = " \
|
||||
https://curl.se/download/${BP}.tar.xz \
|
||||
file://run-ptest \
|
||||
file://disable-tests \
|
||||
file://CVE-2023-46218.patch \
|
||||
"
|
||||
SRC_URI[sha256sum] = "16c62a9c4af0f703d28bda6d7bbf37ba47055ad3414d70dec63e2e6336f2a82d"
|
||||
|
||||
|
||||
Reference in New Issue
Block a user