mirror of
https://git.yoctoproject.org/poky
synced 2026-01-29 21:08:42 +01:00
curl: Fix CVE-2022-42915
HTTP proxy double-free Link: https://security-tracker.debian.org/tracker/CVE-2022-42915 (From OE-Core rev: 4754f33d7ec96f72351853463540c8b1a3f4bc0c) Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Bhabu Bindu
committed by
Richard Purdie
Richard Purdie
parent
b1ea1218bd
commit
bfec99ed33
53
meta/recipes-support/curl/curl/CVE-2022-42915.patch
Normal file
53
meta/recipes-support/curl/curl/CVE-2022-42915.patch
Normal file
@@ -0,0 +1,53 @@
|
||||
From 55e1875729f9d9fc7315cec611bffbd2c817ad89 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Thu, 6 Oct 2022 14:13:36 +0200
|
||||
Subject: [PATCH] http_proxy: restore the protocol pointer on error
|
||||
|
||||
Reported-by: Trail of Bits
|
||||
|
||||
Closes #9790
|
||||
|
||||
CVE: CVE-2022-42915
|
||||
Upstream-Status: Backport [https://github.com/curl/curl/commit/55e1875729f9d9fc7315cec611bffbd2c817ad89]
|
||||
Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com>
|
||||
---
|
||||
lib/http_proxy.c | 6 ++----
|
||||
lib/url.c | 9 ---------
|
||||
2 files changed, 2 insertions(+), 13 deletions(-)
|
||||
|
||||
diff --git a/lib/http_proxy.c b/lib/http_proxy.c
|
||||
index 1f87f6c62aa40..cc20b3a801941 100644
|
||||
--- a/lib/http_proxy.c
|
||||
+++ b/lib/http_proxy.c
|
||||
@@ -212,10 +212,8 @@ void Curl_connect_done(struct Curl_easy *data)
|
||||
Curl_dyn_free(&s->rcvbuf);
|
||||
Curl_dyn_free(&s->req);
|
||||
|
||||
- /* restore the protocol pointer, if not already done */
|
||||
- if(s->prot_save)
|
||||
- data->req.p.http = s->prot_save;
|
||||
- s->prot_save = NULL;
|
||||
+ /* restore the protocol pointer */
|
||||
+ data->req.p.http = s->prot_save;
|
||||
data->info.httpcode = 0; /* clear it as it might've been used for the
|
||||
proxy */
|
||||
data->req.ignorebody = FALSE;
|
||||
diff --git a/lib/url.c b/lib/url.c
|
||||
index 690c53c81a3c1..be5ffca2d8b20 100644
|
||||
--- a/lib/url.c
|
||||
+++ b/lib/url.c
|
||||
@@ -751,15 +751,6 @@ static void conn_shutdown(struct Curl_easy *data, struct connectdata *conn)
|
||||
DEBUGASSERT(data);
|
||||
infof(data, "Closing connection %ld", conn->connection_id);
|
||||
|
||||
-#ifndef USE_HYPER
|
||||
- if(conn->connect_state && conn->connect_state->prot_save) {
|
||||
- /* If this was closed with a CONNECT in progress, cleanup this temporary
|
||||
- struct arrangement */
|
||||
- data->req.p.http = NULL;
|
||||
- Curl_safefree(conn->connect_state->prot_save);
|
||||
- }
|
||||
-#endif
|
||||
-
|
||||
/* possible left-overs from the async name resolvers */
|
||||
Curl_resolver_cancel(data);
|
||||
@@ -31,6 +31,7 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \
|
||||
file://CVE-2022-35252.patch \
|
||||
file://CVE-2022-32221.patch \
|
||||
file://CVE-2022-42916.patch \
|
||||
file://CVE-2022-42915.patch \
|
||||
"
|
||||
SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c"
|
||||
|
||||
|
||||
Reference in New Issue
Block a user