CVE: CVE-2019-5481 Upstream-Status: Backport
Signed-off-by: Muminul Islam <muis...@microsoft.com> --- .../curl/curl/CVE-2019-5481.patch | 52 +++++++++++++++++++ meta/recipes-support/curl/curl_7.61.0.bb | 1 + 2 files changed, 53 insertions(+) create mode 100644 meta/recipes-support/curl/curl/CVE-2019-5481.patch diff --git a/meta/recipes-support/curl/curl/CVE-2019-5481.patch b/meta/recipes-support/curl/curl/CVE-2019-5481.patch new file mode 100644 index 0000000000..a97a95a268 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2019-5481.patch @@ -0,0 +1,52 @@ +From f6fa4dffb2b973f3c7f2e8c2b6a7dc94c016f455 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <dan...@haxx.se> +Date: Tue, 3 Sep 2019 22:59:32 +0200 +Subject: [PATCH] security:read_data fix bad realloc() +Reply-To: muis...@microsoft.com + +... that could end up a double-free + +CVE-2019-5481 +Bug: https://curl.haxx.se/docs/CVE-2019-5481.html + +Signed-off-by: Muminul Islam <muis...@microsoft.com> + +CVE: CVE-2019-5481 + +Upstream-Status: Backport + +Upstream commit: https://github.com/curl/curl/commit/9069838b30fb3b48af0123e39f664cea683254a5 +--- + lib/security.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/lib/security.c b/lib/security.c +index abf242c38..52cce97d0 100644 +--- a/lib/security.c ++++ b/lib/security.c +@@ -191,7 +191,6 @@ static CURLcode read_data(struct connectdata *conn, + struct krb5buffer *buf) + { + int len; +- void *tmp = NULL; + CURLcode result; + + result = socket_read(fd, &len, sizeof(len)); +@@ -201,12 +200,11 @@ static CURLcode read_data(struct connectdata *conn, + if(len) { + /* only realloc if there was a length */ + len = ntohl(len); +- tmp = Curl_saferealloc(buf->data, len); ++ buf->data = Curl_saferealloc(buf->data, len); + } +- if(tmp == NULL) ++ if(!len || !buf->data) + return CURLE_OUT_OF_MEMORY; + +- buf->data = tmp; + result = socket_read(fd, buf->data, len); + if(result) + return result; +-- +2.23.0 + diff --git a/meta/recipes-support/curl/curl_7.61.0.bb b/meta/recipes-support/curl/curl_7.61.0.bb index 3b54774b9d..29aaff20a1 100644 --- a/meta/recipes-support/curl/curl_7.61.0.bb +++ b/meta/recipes-support/curl/curl_7.61.0.bb @@ -14,6 +14,7 @@ SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \ file://CVE-2019-5435.patch \ file://CVE-2019-5436.patch \ file://CVE-2019-5482.patch \ + file://CVE-2019-5481.patch \ " SRC_URI[md5sum] = "31d0a9f48dc796a7db351898a1e5058a" -- 2.23.0 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core