mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-06-03 01:40:07 +00:00
Code Issues Projects Releases Wiki Activity

curl: fix CVE-2023-46218

Browse Source 
import patch from ubuntu
http://archive.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.68.0-1ubuntu2.21.debian.tar.xz

upstream https://github.com/curl/curl/commit/2b0994c29a721c91c57

(From OE-Core rev: 7bf11847b18d2f9a7e5467d686af817cb504b206)

Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Lee Chee Yang
2023-12-19 13:16:06 +08:00
committed by Steve Sakoman
parent ef0c19babe
commit 39aad83070
2 changed files with 53 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-support/curl/curl/CVE-2023-46218.patch
+52
View File
@@ -0,0 +1,52 @@
CVE: CVE-2023-46218
Upstream-Status: Backport [ import from ubuntu http://archive.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.68.0-1ubuntu2.21.debian.tar.xz upstream https://github.com/curl/curl/commit/2b0994c29a721c91c57 ]
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Backport of:
From 2b0994c29a721c91c572cff7808c572a24d251eb Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 23 Nov 2023 08:15:47 +0100
Subject: [PATCH] cookie: lowercase the domain names before PSL checks
Reported-by: Harry Sintonen
Closes #12387
---
lib/cookie.c | 24 ++++++++++++++++--------
1 file changed, 16 insertions(+), 8 deletions(-)
--- a/lib/cookie.c
+++ b/lib/cookie.c
@@ -967,15 +967,23 @@ Curl_cookie_add(struct Curl_easy *data,
#ifdef USE_LIBPSL
/* Check if the domain is a Public Suffix and if yes, ignore the cookie. */
if(domain && co->domain && !isip(co->domain)) {
- const psl_ctx_t *psl = Curl_psl_use(data);
- int acceptable;
-
- if(psl) {
- acceptable = psl_is_cookie_domain_acceptable(psl, domain, co->domain);
- Curl_psl_release(data);
+ bool acceptable = FALSE;
+ char lcase[256];
+ char lcookie[256];
+ size_t dlen = strlen(domain);
+ size_t clen = strlen(co->domain);
+ if((dlen < sizeof(lcase)) && (clen < sizeof(lcookie))) {
+ const psl_ctx_t *psl = Curl_psl_use(data);
+ if(psl) {
+ /* the PSL check requires lowercase domain name and pattern */
+ Curl_strntolower(lcase, domain, dlen + 1);
+ Curl_strntolower(lcookie, co->domain, clen + 1);
+ acceptable = psl_is_cookie_domain_acceptable(psl, lcase, lcookie);
+ Curl_psl_release(data);
+ }
+ else
+ acceptable = !bad_domain(domain);
}
- else
- acceptable = !bad_domain(domain);
if(!acceptable) {
infof(data, "cookie '%s' dropped, domain '%s' must not "
meta/recipes-support/curl/curl_7.69.1.bb
+1
View File
@@ -57,6 +57,7 @@ SRC_URI = "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \
file://CVE-2023-38546.patch \ file://CVE-2023-38546.patch \
file://CVE-2023-28321.patch \ file://CVE-2023-28321.patch \
file://CVE-2023-28322.patch \ file://CVE-2023-28322.patch \
file://CVE-2023-46218.patch \
" "
SRC_URI[md5sum] = "ec5fc263f898a3dfef08e805f1ecca42" SRC_URI[md5sum] = "ec5fc263f898a3dfef08e805f1ecca42"