From: Muminul Islam <misla011@fiu.edu>
To: openembedded-core@lists.openembedded.org
Subject: [thud][PATCH] curl: Security fix for CVE-2019-5481
Date: Wed, 16 Oct 2019 21:10:35 +0000 [thread overview]
Message-ID: <20191016211035.2270-1-muislam@microsoft.com> (raw)
CVE: CVE-2019-5481
Upstream-Status: Backport
Signed-off-by: Muminul Islam <muislam@microsoft.com>
---
.../curl/curl/CVE-2019-5481.patch | 52 +++++++++++++++++++
meta/recipes-support/curl/curl_7.61.0.bb | 1 +
2 files changed, 53 insertions(+)
create mode 100644 meta/recipes-support/curl/curl/CVE-2019-5481.patch
diff --git a/meta/recipes-support/curl/curl/CVE-2019-5481.patch b/meta/recipes-support/curl/curl/CVE-2019-5481.patch
new file mode 100644
index 0000000000..a97a95a268
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2019-5481.patch
@@ -0,0 +1,52 @@
+From f6fa4dffb2b973f3c7f2e8c2b6a7dc94c016f455 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Tue, 3 Sep 2019 22:59:32 +0200
+Subject: [PATCH] security:read_data fix bad realloc()
+Reply-To: muislam@microsoft.com
+
+... that could end up a double-free
+
+CVE-2019-5481
+Bug: https://curl.haxx.se/docs/CVE-2019-5481.html
+
+Signed-off-by: Muminul Islam <muislam@microsoft.com>
+
+CVE: CVE-2019-5481
+
+Upstream-Status: Backport
+
+Upstream commit: https://github.com/curl/curl/commit/9069838b30fb3b48af0123e39f664cea683254a5
+---
+ lib/security.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/lib/security.c b/lib/security.c
+index abf242c38..52cce97d0 100644
+--- a/lib/security.c
++++ b/lib/security.c
+@@ -191,7 +191,6 @@ static CURLcode read_data(struct connectdata *conn,
+ struct krb5buffer *buf)
+ {
+ int len;
+- void *tmp = NULL;
+ CURLcode result;
+
+ result = socket_read(fd, &len, sizeof(len));
+@@ -201,12 +200,11 @@ static CURLcode read_data(struct connectdata *conn,
+ if(len) {
+ /* only realloc if there was a length */
+ len = ntohl(len);
+- tmp = Curl_saferealloc(buf->data, len);
++ buf->data = Curl_saferealloc(buf->data, len);
+ }
+- if(tmp == NULL)
++ if(!len || !buf->data)
+ return CURLE_OUT_OF_MEMORY;
+
+- buf->data = tmp;
+ result = socket_read(fd, buf->data, len);
+ if(result)
+ return result;
+--
+2.23.0
+
diff --git a/meta/recipes-support/curl/curl_7.61.0.bb b/meta/recipes-support/curl/curl_7.61.0.bb
index 3b54774b9d..29aaff20a1 100644
--- a/meta/recipes-support/curl/curl_7.61.0.bb
+++ b/meta/recipes-support/curl/curl_7.61.0.bb
@@ -14,6 +14,7 @@ SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \
file://CVE-2019-5435.patch \
file://CVE-2019-5436.patch \
file://CVE-2019-5482.patch \
+ file://CVE-2019-5481.patch \
"
SRC_URI[md5sum] = "31d0a9f48dc796a7db351898a1e5058a"
--
2.23.0
next reply other threads:[~2019-10-16 21:10 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-16 21:10 Muminul Islam [this message]
2019-10-16 21:32 ` ✗ patchtest: failure for curl: Security fix for CVE-2019-5481 Patchwork
2019-10-25 15:52 ` [thud][PATCH] " akuster808
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191016211035.2270-1-muislam@microsoft.com \
--to=misla011@fiu.edu \
--cc=muislam@microsoft.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox