mirror of
https://git.yoctoproject.org/poky
synced 2026-04-25 15:32:13 +02:00
curl: fix CVE-2019-15601
(From OE-Core rev: 30f4f40c4c92b000fa3356fae0504da233b0f601) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Anuj Mittal
committed by
Richard Purdie
Richard Purdie
parent
5865fb9194
commit
d447876b4f
46
meta/recipes-support/curl/curl/CVE-2019-15601.patch
Normal file
46
meta/recipes-support/curl/curl/CVE-2019-15601.patch
Normal file
@@ -0,0 +1,46 @@
|
||||
Upstream-Status: Backport [https://github.com/curl/curl/commit/1b71bc532bde8621fd3260843f8197182a467ff2]
|
||||
CVE: CVE-2019-15601
|
||||
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
||||
|
||||
From 1b71bc532bde8621fd3260843f8197182a467ff2 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Thu, 7 Nov 2019 10:13:01 +0100
|
||||
Subject: [PATCH] file: on Windows, refuse paths that start with \\
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
... as that might cause an unexpected SMB connection to a given host
|
||||
name.
|
||||
|
||||
Reported-by: Fernando Muñoz
|
||||
CVE-2019-15601
|
||||
Bug: https://curl.haxx.se/docs/CVE-2019-15601.html
|
||||
---
|
||||
lib/file.c | 6 ++++--
|
||||
1 file changed, 4 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/lib/file.c b/lib/file.c
|
||||
index d349cd9241..166931d7f1 100644
|
||||
--- a/lib/file.c
|
||||
+++ b/lib/file.c
|
||||
@@ -136,7 +136,7 @@ static CURLcode file_connect(struct connectdata *conn, bool *done)
|
||||
struct Curl_easy *data = conn->data;
|
||||
char *real_path;
|
||||
struct FILEPROTO *file = data->req.protop;
|
||||
- int fd;
|
||||
+ int fd = -1;
|
||||
#ifdef DOS_FILESYSTEM
|
||||
size_t i;
|
||||
char *actual_path;
|
||||
@@ -181,7 +181,9 @@ static CURLcode file_connect(struct connectdata *conn, bool *done)
|
||||
return CURLE_URL_MALFORMAT;
|
||||
}
|
||||
|
||||
- fd = open_readonly(actual_path, O_RDONLY|O_BINARY);
|
||||
+ if(strncmp("\\\\", actual_path, 2))
|
||||
+ /* refuse to open path that starts with two backslashes */
|
||||
+ fd = open_readonly(actual_path, O_RDONLY|O_BINARY);
|
||||
file->path = actual_path;
|
||||
#else
|
||||
if(memchr(real_path, 0, real_path_len)) {
|
||||
@@ -7,6 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=be5d9e1419c4363f4b32037a2d3b7ffa"
|
||||
|
||||
SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \
|
||||
file://0001-replace-krb5-config-with-pkg-config.patch \
|
||||
file://CVE-2019-15601.patch \
|
||||
"
|
||||
|
||||
SRC_URI[md5sum] = "c238aa394e3aa47ca4fcb0491774149f"
|
||||
|
||||
Reference in New Issue
Block a user