From 08bf26bb34f87b6820e07b2858bb4fe49eef9048 Mon Sep 17 00:00:00 2001 From: Baruch Siach Date: Tue, 11 Apr 2017 20:56:12 +0300 Subject: [PATCH] libcurl: apply upstream security patch CVE-2017-7407: --write-out out of buffer read https://curl.haxx.se/docs/adv_20170403.html Signed-off-by: Baruch Siach Signed-off-by: Thomas Petazzoni --- package/libcurl/0001-CVE-2017-7407.patch | 61 ++++++++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 package/libcurl/0001-CVE-2017-7407.patch diff --git a/package/libcurl/0001-CVE-2017-7407.patch b/package/libcurl/0001-CVE-2017-7407.patch new file mode 100644 index 0000000000..3a9fa487a8 --- /dev/null +++ b/package/libcurl/0001-CVE-2017-7407.patch @@ -0,0 +1,61 @@ +From 6019f1795b4e3b72507b84b0e02dc8c32024f562 Mon Sep 17 00:00:00 2001 +From: Dan Fandrich +Date: Sat, 11 Mar 2017 10:59:34 +0100 +Subject: [PATCH] CVE-2017-7407: fixed + +Bug: https://curl.haxx.se/docs/adv_20170403.html + +Reported-by: Brian Carpenter +[baruch: remove tests] +Signed-off-by: Baruch Siach +--- +Patch status: based on upstream suggested patch[1] that combines commits +1890d59905414ab and 8e65877870c1. + +[1] https://curl.haxx.se/CVE-2017-7407.patch + +diff --git a/src/tool_writeout.c b/src/tool_writeout.c +index 2fb77742a..5d92bd278 100644 +--- a/src/tool_writeout.c ++++ b/src/tool_writeout.c +@@ -3,11 +3,11 @@ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * +- * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. ++ * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.haxx.se/docs/copyright.html. + * +@@ -111,11 +111,11 @@ void ourWriteOut(CURL *curl, struct OutStruct *outs, const char *writeinfo) + char *stringp = NULL; + long longinfo; + double doubleinfo; + + while(ptr && *ptr) { +- if('%' == *ptr) { ++ if('%' == *ptr && ptr[1]) { + if('%' == ptr[1]) { + /* an escaped %-letter */ + fputc('%', stream); + ptr += 2; + } +@@ -339,11 +339,11 @@ void ourWriteOut(CURL *curl, struct OutStruct *outs, const char *writeinfo) + fputc(ptr[1], stream); + ptr += 2; + } + } + } +- else if('\\' == *ptr) { ++ else if('\\' == *ptr && ptr[1]) { + switch(ptr[1]) { + case 'r': + fputc('\r', stream); + break; + case 'n': +-- 2.11.0 + -- 2.30.2