From: Neetika Singh <neetika.si...@kpit.com> Applied trivial patch for cve issue CVE-2021-22898
Link: https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde Signed-off-by: Neetika.Singh <neetika.si...@kpit.com> --- .../curl/curl/CVE-2021-22898.patch | 26 +++++++++++++++++++ meta/recipes-support/curl/curl_7.69.1.bb | 1 + 2 files changed, 27 insertions(+) create mode 100644 meta/recipes-support/curl/curl/CVE-2021-22898.patch diff --git a/meta/recipes-support/curl/curl/CVE-2021-22898.patch b/meta/recipes-support/curl/curl/CVE-2021-22898.patch new file mode 100644 index 0000000000..0800e10175 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2021-22898.patch @@ -0,0 +1,26 @@ +From 39ce47f219b09c380b81f89fe54ac586c8db6bde Mon Sep 17 00:00:00 2001 +From: Harry Sintonen <sinto...@iki.fi> +Date: Fri, 7 May 2021 13:09:57 +0200 +Subject: [PATCH] telnet: check sscanf() for correct number of matches + +CVE: CVE-2021-22898 +Upstream-Status: Backport +Link: https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde +Bug: https://curl.se/docs/CVE-2021-22898.html +--- + lib/telnet.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/telnet.c b/lib/telnet.c +index 26e0658ba9cc..fdd137fb0c04 100644 +--- a/lib/telnet.c ++++ b/lib/telnet.c +@@ -922,7 +922,7 @@ static void suboption(struct Curl_easy *data) + size_t tmplen = (strlen(v->data) + 1); + /* Add the variable only if it fits */ + if(len + tmplen < (int)sizeof(temp)-6) { +- if(sscanf(v->data, "%127[^,],%127s", varname, varval)) { ++ if(sscanf(v->data, "%127[^,],%127s", varname, varval) == 2) { + msnprintf((char *)&temp[len], sizeof(temp) - len, + "%c%s%c%s", CURL_NEW_ENV_VAR, varname, + CURL_NEW_ENV_VALUE, varval); diff --git a/meta/recipes-support/curl/curl_7.69.1.bb b/meta/recipes-support/curl/curl_7.69.1.bb index 13ab29cf69..9b510bcf9f 100644 --- a/meta/recipes-support/curl/curl_7.69.1.bb +++ b/meta/recipes-support/curl/curl_7.69.1.bb @@ -19,6 +19,7 @@ SRC_URI = "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \ file://CVE-2020-8286.patch \ file://CVE-2021-22876.patch \ file://CVE-2021-22890.patch \ + file://CVE-2021-22898.patch \ " SRC_URI[md5sum] = "ec5fc263f898a3dfef08e805f1ecca42" -- 2.17.1 This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#154145): https://lists.openembedded.org/g/openembedded-core/message/154145 Mute This Topic: https://lists.openembedded.org/mt/84463746/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
