* [thud][PATCH] curl: Security fix for CVE-2019-5481
@ 2019-10-16 21:10 Muminul Islam
2019-10-16 21:32 ` ✗ patchtest: failure for " Patchwork
2019-10-25 15:52 ` [thud][PATCH] " akuster808
0 siblings, 2 replies; 3+ messages in thread
From: Muminul Islam @ 2019-10-16 21:10 UTC (permalink / raw)
To: openembedded-core
CVE: CVE-2019-5481
Upstream-Status: Backport
Signed-off-by: Muminul Islam <muislam@microsoft.com>
---
.../curl/curl/CVE-2019-5481.patch | 52 +++++++++++++++++++
meta/recipes-support/curl/curl_7.61.0.bb | 1 +
2 files changed, 53 insertions(+)
create mode 100644 meta/recipes-support/curl/curl/CVE-2019-5481.patch
diff --git a/meta/recipes-support/curl/curl/CVE-2019-5481.patch b/meta/recipes-support/curl/curl/CVE-2019-5481.patch
new file mode 100644
index 0000000000..a97a95a268
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2019-5481.patch
@@ -0,0 +1,52 @@
+From f6fa4dffb2b973f3c7f2e8c2b6a7dc94c016f455 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Tue, 3 Sep 2019 22:59:32 +0200
+Subject: [PATCH] security:read_data fix bad realloc()
+Reply-To: muislam@microsoft.com
+
+... that could end up a double-free
+
+CVE-2019-5481
+Bug: https://curl.haxx.se/docs/CVE-2019-5481.html
+
+Signed-off-by: Muminul Islam <muislam@microsoft.com>
+
+CVE: CVE-2019-5481
+
+Upstream-Status: Backport
+
+Upstream commit: https://github.com/curl/curl/commit/9069838b30fb3b48af0123e39f664cea683254a5
+---
+ lib/security.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/lib/security.c b/lib/security.c
+index abf242c38..52cce97d0 100644
+--- a/lib/security.c
++++ b/lib/security.c
+@@ -191,7 +191,6 @@ static CURLcode read_data(struct connectdata *conn,
+ struct krb5buffer *buf)
+ {
+ int len;
+- void *tmp = NULL;
+ CURLcode result;
+
+ result = socket_read(fd, &len, sizeof(len));
+@@ -201,12 +200,11 @@ static CURLcode read_data(struct connectdata *conn,
+ if(len) {
+ /* only realloc if there was a length */
+ len = ntohl(len);
+- tmp = Curl_saferealloc(buf->data, len);
++ buf->data = Curl_saferealloc(buf->data, len);
+ }
+- if(tmp == NULL)
++ if(!len || !buf->data)
+ return CURLE_OUT_OF_MEMORY;
+
+- buf->data = tmp;
+ result = socket_read(fd, buf->data, len);
+ if(result)
+ return result;
+--
+2.23.0
+
diff --git a/meta/recipes-support/curl/curl_7.61.0.bb b/meta/recipes-support/curl/curl_7.61.0.bb
index 3b54774b9d..29aaff20a1 100644
--- a/meta/recipes-support/curl/curl_7.61.0.bb
+++ b/meta/recipes-support/curl/curl_7.61.0.bb
@@ -14,6 +14,7 @@ SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \
file://CVE-2019-5435.patch \
file://CVE-2019-5436.patch \
file://CVE-2019-5482.patch \
+ file://CVE-2019-5481.patch \
"
SRC_URI[md5sum] = "31d0a9f48dc796a7db351898a1e5058a"
--
2.23.0
^ permalink raw reply related [flat|nested] 3+ messages in thread* ✗ patchtest: failure for curl: Security fix for CVE-2019-5481
2019-10-16 21:10 [thud][PATCH] curl: Security fix for CVE-2019-5481 Muminul Islam
@ 2019-10-16 21:32 ` Patchwork
2019-10-25 15:52 ` [thud][PATCH] " akuster808
1 sibling, 0 replies; 3+ messages in thread
From: Patchwork @ 2019-10-16 21:32 UTC (permalink / raw)
To: Muminul Islam; +Cc: openembedded-core
== Series Details ==
Series: curl: Security fix for CVE-2019-5481
Revision: 1
URL : https://patchwork.openembedded.org/series/20507/
State : failure
== Summary ==
Thank you for submitting this patch series to OpenEmbedded Core. This is
an automated response. Several tests have been executed on the proposed
series by patchtest resulting in the following failures:
* Issue Series does not apply on top of target branch [test_series_merge_on_head]
Suggested fix Rebase your series on top of targeted branch
Targeted branch thud (currently at bace400528)
If you believe any of these test results are incorrect, please reply to the
mailing list (openembedded-core@lists.openembedded.org) raising your concerns.
Otherwise we would appreciate you correcting the issues and submitting a new
version of the patchset if applicable. Please ensure you add/increment the
version number when sending the new version (i.e. [PATCH] -> [PATCH v2] ->
[PATCH v3] -> ...).
---
Guidelines: https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines
Test framework: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest
Test suite: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest-oe
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [thud][PATCH] curl: Security fix for CVE-2019-5481
2019-10-16 21:10 [thud][PATCH] curl: Security fix for CVE-2019-5481 Muminul Islam
2019-10-16 21:32 ` ✗ patchtest: failure for " Patchwork
@ 2019-10-25 15:52 ` akuster808
1 sibling, 0 replies; 3+ messages in thread
From: akuster808 @ 2019-10-25 15:52 UTC (permalink / raw)
To: muislam, openembedded-core
On 10/16/19 2:10 PM, Muminul Islam wrote:
> CVE: CVE-2019-5481
>
> Upstream-Status: Backport
Warrior needs to be fixed before I can get this in mainline thud.
- Armin
>
> Signed-off-by: Muminul Islam <muislam@microsoft.com>
> ---
> .../curl/curl/CVE-2019-5481.patch | 52 +++++++++++++++++++
> meta/recipes-support/curl/curl_7.61.0.bb | 1 +
> 2 files changed, 53 insertions(+)
> create mode 100644 meta/recipes-support/curl/curl/CVE-2019-5481.patch
>
> diff --git a/meta/recipes-support/curl/curl/CVE-2019-5481.patch b/meta/recipes-support/curl/curl/CVE-2019-5481.patch
> new file mode 100644
> index 0000000000..a97a95a268
> --- /dev/null
> +++ b/meta/recipes-support/curl/curl/CVE-2019-5481.patch
> @@ -0,0 +1,52 @@
> +From f6fa4dffb2b973f3c7f2e8c2b6a7dc94c016f455 Mon Sep 17 00:00:00 2001
> +From: Daniel Stenberg <daniel@haxx.se>
> +Date: Tue, 3 Sep 2019 22:59:32 +0200
> +Subject: [PATCH] security:read_data fix bad realloc()
> +Reply-To: muislam@microsoft.com
> +
> +... that could end up a double-free
> +
> +CVE-2019-5481
> +Bug: https://curl.haxx.se/docs/CVE-2019-5481.html
> +
> +Signed-off-by: Muminul Islam <muislam@microsoft.com>
> +
> +CVE: CVE-2019-5481
> +
> +Upstream-Status: Backport
> +
> +Upstream commit: https://github.com/curl/curl/commit/9069838b30fb3b48af0123e39f664cea683254a5
> +---
> + lib/security.c | 6 ++----
> + 1 file changed, 2 insertions(+), 4 deletions(-)
> +
> +diff --git a/lib/security.c b/lib/security.c
> +index abf242c38..52cce97d0 100644
> +--- a/lib/security.c
> ++++ b/lib/security.c
> +@@ -191,7 +191,6 @@ static CURLcode read_data(struct connectdata *conn,
> + struct krb5buffer *buf)
> + {
> + int len;
> +- void *tmp = NULL;
> + CURLcode result;
> +
> + result = socket_read(fd, &len, sizeof(len));
> +@@ -201,12 +200,11 @@ static CURLcode read_data(struct connectdata *conn,
> + if(len) {
> + /* only realloc if there was a length */
> + len = ntohl(len);
> +- tmp = Curl_saferealloc(buf->data, len);
> ++ buf->data = Curl_saferealloc(buf->data, len);
> + }
> +- if(tmp == NULL)
> ++ if(!len || !buf->data)
> + return CURLE_OUT_OF_MEMORY;
> +
> +- buf->data = tmp;
> + result = socket_read(fd, buf->data, len);
> + if(result)
> + return result;
> +--
> +2.23.0
> +
> diff --git a/meta/recipes-support/curl/curl_7.61.0.bb b/meta/recipes-support/curl/curl_7.61.0.bb
> index 3b54774b9d..29aaff20a1 100644
> --- a/meta/recipes-support/curl/curl_7.61.0.bb
> +++ b/meta/recipes-support/curl/curl_7.61.0.bb
> @@ -14,6 +14,7 @@ SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \
> file://CVE-2019-5435.patch \
> file://CVE-2019-5436.patch \
> file://CVE-2019-5482.patch \
> + file://CVE-2019-5481.patch \
> "
>
> SRC_URI[md5sum] = "31d0a9f48dc796a7db351898a1e5058a"
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-10-25 15:53 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-10-16 21:10 [thud][PATCH] curl: Security fix for CVE-2019-5481 Muminul Islam
2019-10-16 21:32 ` ✗ patchtest: failure for " Patchwork
2019-10-25 15:52 ` [thud][PATCH] " akuster808
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox