diff mbox

libcurl: apply upstream security patch

Message ID 1796640bb50f0f0d5f8f24ccd56081cc28a7598f.1491933372.git.baruch@tkos.co.il
State Accepted
Headers show

Commit Message

Baruch Siach April 11, 2017, 5:56 p.m. UTC 
CVE-2017-7407: --write-out out of buffer read

https://curl.haxx.se/docs/adv_20170403.html

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
 package/libcurl/0001-CVE-2017-7407.patch | 61 ++++++++++++++++++++++++++++++++
 1 file changed, 61 insertions(+)
 create mode 100644 package/libcurl/0001-CVE-2017-7407.patch

Comments

Thomas Petazzoni April 12, 2017, 7:14 p.m. UTC | #1 
Hello,

On Tue, 11 Apr 2017 20:56:12 +0300, Baruch Siach wrote:
> CVE-2017-7407: --write-out out of buffer read
> 
> https://curl.haxx.se/docs/adv_20170403.html
> 
> Signed-off-by: Baruch Siach <baruch@tkos.co.il>
> ---
>  package/libcurl/0001-CVE-2017-7407.patch | 61 ++++++++++++++++++++++++++++++++
>  1 file changed, 61 insertions(+)
>  create mode 100644 package/libcurl/0001-CVE-2017-7407.patch

Applied to master, thanks.

Peter: we want this one in the LTS branch I believe.

Thanks!

Thomas
Peter Korsgaard April 24, 2017, 7:22 p.m. UTC | #2 
>>>>> "Thomas" == Thomas Petazzoni <thomas.petazzoni@free-electrons.com> writes:

 > Hello,
 > On Tue, 11 Apr 2017 20:56:12 +0300, Baruch Siach wrote:
 >> CVE-2017-7407: --write-out out of buffer read
 >> 
 >> https://curl.haxx.se/docs/adv_20170403.html
 >> 
 >> Signed-off-by: Baruch Siach <baruch@tkos.co.il>
 >> ---
 >> package/libcurl/0001-CVE-2017-7407.patch | 61 ++++++++++++++++++++++++++++++++
 >> 1 file changed, 61 insertions(+)
 >> create mode 100644 package/libcurl/0001-CVE-2017-7407.patch

 > Applied to master, thanks.

 > Peter: we want this one in the LTS branch I believe.

Committed to 2017.02.x, thanks.
diff mbox

Patch

diff --git a/package/libcurl/0001-CVE-2017-7407.patch b/package/libcurl/0001-CVE-2017-7407.patch
new file mode 100644
index 000000000000..3a9fa487a8e1
--- /dev/null
+++ b/package/libcurl/0001-CVE-2017-7407.patch
@@ -0,0 +1,61 @@ 
+From 6019f1795b4e3b72507b84b0e02dc8c32024f562 Mon Sep 17 00:00:00 2001
+From: Dan Fandrich <dan@coneharvesters.com>
+Date: Sat, 11 Mar 2017 10:59:34 +0100
+Subject: [PATCH] CVE-2017-7407: fixed
+
+Bug: https://curl.haxx.se/docs/adv_20170403.html
+
+Reported-by: Brian Carpenter
+[baruch: remove tests]
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+Patch status: based on upstream suggested patch[1] that combines commits
+1890d59905414ab and 8e65877870c1.
+
+[1] https://curl.haxx.se/CVE-2017-7407.patch
+
+diff --git a/src/tool_writeout.c b/src/tool_writeout.c
+index 2fb77742a..5d92bd278 100644
+--- a/src/tool_writeout.c
++++ b/src/tool_writeout.c
+@@ -3,11 +3,11 @@
+  *  Project                     ___| | | |  _ \| |
+  *                             / __| | | | |_) | |
+  *                            | (__| |_| |  _ <| |___
+  *                             \___|\___/|_| \_\_____|
+  *
+- * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
++ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+  *
+  * This software is licensed as described in the file COPYING, which
+  * you should have received as part of this distribution. The terms
+  * are also available at https://curl.haxx.se/docs/copyright.html.
+  *
+@@ -111,11 +111,11 @@ void ourWriteOut(CURL *curl, struct OutStruct *outs, const char *writeinfo)
+   char *stringp = NULL;
+   long longinfo;
+   double doubleinfo;
+ 
+   while(ptr && *ptr) {
+-    if('%' == *ptr) {
++    if('%' == *ptr && ptr[1]) {
+       if('%' == ptr[1]) {
+         /* an escaped %-letter */
+         fputc('%', stream);
+         ptr += 2;
+       }
+@@ -339,11 +339,11 @@ void ourWriteOut(CURL *curl, struct OutStruct *outs, const char *writeinfo)
+           fputc(ptr[1], stream);
+           ptr += 2;
+         }
+       }
+     }
+-    else if('\\' == *ptr) {
++    else if('\\' == *ptr && ptr[1]) {
+       switch(ptr[1]) {
+       case 'r':
+         fputc('\r', stream);
+         break;
+       case 'n':
+-- 2.11.0
+