From: Muminul Islam <misla011@fiu.edu>
To: openembedded-core@lists.openembedded.org
Subject: [thud][PATCH] curl: Security fix for CVE-2019-5481
Date: Wed, 16 Oct 2019 21:10:35 +0000 [thread overview]
Message-ID: <20191016211035.2270-1-muislam@microsoft.com> (raw)
CVE: CVE-2019-5481
Upstream-Status: Backport
Signed-off-by: Muminul Islam <muislam@microsoft.com>
---
.../curl/curl/CVE-2019-5481.patch | 52 +++++++++++++++++++
meta/recipes-support/curl/curl_7.61.0.bb | 1 +
2 files changed, 53 insertions(+)
create mode 100644 meta/recipes-support/curl/curl/CVE-2019-5481.patch
diff --git a/meta/recipes-support/curl/curl/CVE-2019-5481.patch b/meta/recipes-support/curl/curl/CVE-2019-5481.patch
new file mode 100644
index 0000000000..a97a95a268
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2019-5481.patch
@@ -0,0 +1,52 @@
+From f6fa4dffb2b973f3c7f2e8c2b6a7dc94c016f455 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Tue, 3 Sep 2019 22:59:32 +0200
+Subject: [PATCH] security:read_data fix bad realloc()
+Reply-To: muislam@microsoft.com
+
+... that could end up a double-free
+
+CVE-2019-5481
+Bug: https://curl.haxx.se/docs/CVE-2019-5481.html
+
+Signed-off-by: Muminul Islam <muislam@microsoft.com>
+
+CVE: CVE-2019-5481
+
+Upstream-Status: Backport
+
+Upstream commit: https://github.com/curl/curl/commit/9069838b30fb3b48af0123e39f664cea683254a5
+---
+ lib/security.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/lib/security.c b/lib/security.c
+index abf242c38..52cce97d0 100644
+--- a/lib/security.c
++++ b/lib/security.c
+@@ -191,7 +191,6 @@ static CURLcode read_data(struct connectdata *conn,
+ struct krb5buffer *buf)
+ {
+ int len;
+- void *tmp = NULL;
+ CURLcode result;
+
+ result = socket_read(fd, &len, sizeof(len));
+@@ -201,12 +200,11 @@ static CURLcode read_data(struct connectdata *conn,
+ if(len) {
+ /* only realloc if there was a length */
+ len = ntohl(len);
+- tmp = Curl_saferealloc(buf->data, len);
++ buf->data = Curl_saferealloc(buf->data, len);
+ }
+- if(tmp == NULL)
++ if(!len || !buf->data)
+ return CURLE_OUT_OF_MEMORY;
+
+- buf->data = tmp;
+ result = socket_read(fd, buf->data, len);
+ if(result)
+ return result;
+--
+2.23.0
+
diff --git a/meta/recipes-support/curl/curl_7.61.0.bb b/meta/recipes-support/curl/curl_7.61.0.bb
index 3b54774b9d..29aaff20a1 100644
--- a/meta/recipes-support/curl/curl_7.61.0.bb
+++ b/meta/recipes-support/curl/curl_7.61.0.bb
@@ -14,6 +14,7 @@ SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \
file://CVE-2019-5435.patch \
file://CVE-2019-5436.patch \
file://CVE-2019-5482.patch \
+ file://CVE-2019-5481.patch \
"
SRC_URI[md5sum] = "31d0a9f48dc796a7db351898a1e5058a"
--
2.23.0
next reply other threads:[~2019-10-16 21:10 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-16 21:10 Muminul Islam [this message]
2019-10-16 21:32 ` ✗ patchtest: failure for curl: Security fix for CVE-2019-5481 Patchwork
2019-10-25 15:52 ` [thud][PATCH] " akuster808
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191016211035.2270-1-muislam@microsoft.com \
--to=misla011@fiu.edu \
--cc=muislam@microsoft.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.