From: Jose Quaresma <[email protected]> Fix out of memory [1]
OpenSSL host verification + hostname in certificate CN only seems broken in 7.82.0 [1] https://github.com/curl/curl/issues/8559 Signed-off-by: Jose Quaresma <[email protected]> Signed-off-by: Steve Sakoman <[email protected]> --- ...0001-openssl-fix-CN-check-error-code.patch | 38 +++++++++++++++++++ meta/recipes-support/curl/curl_7.82.0.bb | 1 + 2 files changed, 39 insertions(+) create mode 100644 meta/recipes-support/curl/curl/0001-openssl-fix-CN-check-error-code.patch diff --git a/meta/recipes-support/curl/curl/0001-openssl-fix-CN-check-error-code.patch b/meta/recipes-support/curl/curl/0001-openssl-fix-CN-check-error-code.patch new file mode 100644 index 0000000000..c0a2355e5b --- /dev/null +++ b/meta/recipes-support/curl/curl/0001-openssl-fix-CN-check-error-code.patch @@ -0,0 +1,38 @@ +From 0677924c6ec7e0d68964553fb760f6d407242c54 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <[email protected]> +Date: Tue, 8 Mar 2022 13:38:13 +0100 +Subject: [PATCH] openssl: fix CN check error code + +Due to a missing 'else' this returns error too easily. + +Regressed in: d15692ebb + +Reported-by: Kristoffer Gleditsch +Fixes #8559 +Closes #8560 + +Upstream-Status: Backport [https://github.com/curl/curl/commit/911714d617c106ed5d553bf003e34ec94ab6a136] + +Signed-off-by: Jose Quaresma <[email protected]> + +--- + lib/vtls/openssl.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c +index 616a510..1bafe96 100644 +--- a/lib/vtls/openssl.c ++++ b/lib/vtls/openssl.c +@@ -1808,7 +1808,8 @@ CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn, + memcpy(peer_CN, ASN1_STRING_get0_data(tmp), peerlen); + peer_CN[peerlen] = '\0'; + } +- result = CURLE_OUT_OF_MEMORY; ++ else ++ result = CURLE_OUT_OF_MEMORY; + } + } + else /* not a UTF8 name */ +-- +2.34.1 + diff --git a/meta/recipes-support/curl/curl_7.82.0.bb b/meta/recipes-support/curl/curl_7.82.0.bb index ba3fd11820..d5dfe62a39 100644 --- a/meta/recipes-support/curl/curl_7.82.0.bb +++ b/meta/recipes-support/curl/curl_7.82.0.bb @@ -23,6 +23,7 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \ file://CVE-2022-27779.patch \ file://CVE-2022-27782-1.patch \ file://CVE-2022-27782-2.patch \ + file://0001-openssl-fix-CN-check-error-code.patch \ " SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c" -- 2.25.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#167585): https://lists.openembedded.org/g/openembedded-core/message/167585 Mute This Topic: https://lists.openembedded.org/mt/92152723/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
