openembedded-core@lists.openembedded.org | [kirkstone][PATCH 3/3] curl: Fix CVE-2022-42915

Home Messages Hashtags Subgroups

Date Date 1 - 1 of 1

[kirkstone][PATCH 3/3] curl: Fix CVE-2022-42915

BINDU #173957 From: Bhabu Bindu <bhabu.bindu@...> HTTP proxy double-free Link: https://security-tracker.debian.org/tracker/CVE-2022-42915 Signed-off-by: Bhabu Bindu <bhabu.bindu@...> --- .../curl/curl/CVE-2022-42915.patch \| 53 +++++++++++++++++++ meta/recipes-support/curl/curl_7.82.0.bb \| 1 + 2 files changed, 54 insertions(+) create mode 100644 meta/recipes-support/curl/curl/CVE-2022-42915.patch diff --git a/meta/recipes-support/curl/curl/CVE-2022-42915.patch b/meta/recipes-support/curl/curl/CVE-2022-42915.patch new file mode 100644 index 0000000000..0f37a80e09 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2022-42915.patch @@ -0,0 +1,53 @@ +From 55e1875729f9d9fc7315cec611bffbd2c817ad89 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@...> +Date: Thu, 6 Oct 2022 14:13:36 +0200 +Subject: [PATCH] http_proxy: restore the protocol pointer on error + +Reported-by: Trail of Bits + +Closes #9790 + +CVE: CVE-2022-42915 +Upstream-Status: Backport [https://github.com/curl/curl/commit/55e1875729f9d9fc7315cec611bffbd2c817ad89] +Signed-off-by: Bhabu Bindu <bhabu.bindu@...> +--- + lib/http_proxy.c \| 6 ++---- + lib/url.c \| 9 --------- + 2 files changed, 2 insertions(+), 13 deletions(-) + +diff --git a/lib/http_proxy.c b/lib/http_proxy.c +index 1f87f6c62aa40..cc20b3a801941 100644 +--- a/lib/http_proxy.c ++++ b/lib/http_proxy.c +@@ -212,10 +212,8 @@ void Curl_connect_done(struct Curl_easy data) + Curl_dyn_free(&s->rcvbuf); + Curl_dyn_free(&s->req); + +- / restore the protocol pointer, if not already done / +- if(s->prot_save) +- data->req.p.http = s->prot_save; +- s->prot_save = NULL; ++ / restore the protocol pointer / ++ data->req.p.http = s->prot_save; + data->info.httpcode = 0; / clear it as it might've been used for the + proxy / + data->req.ignorebody = FALSE; +diff --git a/lib/url.c b/lib/url.c +index 690c53c81a3c1..be5ffca2d8b20 100644 +--- a/lib/url.c ++++ b/lib/url.c +@@ -751,15 +751,6 @@ static void conn_shutdown(struct Curl_easy data, struct connectdata conn) + DEBUGASSERT(data); + infof(data, "Closing connection %ld", conn->connection_id); + +-#ifndef USE_HYPER +- if(conn->connect_state && conn->connect_state->prot_save) { +- / If this was closed with a CONNECT in progress, cleanup this temporary +- struct arrangement / +- data->req.p.http = NULL; +- Curl_safefree(conn->connect_state->prot_save); +- } +-#endif +- + / possible left-overs from the async name resolvers */ + Curl_resolver_cancel(data); diff --git a/meta/recipes-support/curl/curl_7.82.0.bb b/meta/recipes-support/curl/curl_7.82.0.bb index 4d49ac33eb..b0192143fb 100644 --- a/meta/recipes-support/curl/curl_7.82.0.bb +++ b/meta/recipes-support/curl/curl_7.82.0.bb @@ -31,6 +31,7 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \ file://CVE-2022-35252.patch \ file://CVE-2022-32221.patch \ file://CVE-2022-42916.patch \ + file://CVE-2022-42915.patch \ " SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c" -- 2.17.1
More All Messages By This Member

1 - 1 of 1

1

Previous Topic Next Topic

Home Hashtags Subgroups Terms