mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-31 00:39:46 +00:00
Code Issues Projects Releases Wiki Activity

curl: backport openssl fix CN check error code

Browse Source 
Fix out of memory [1]

OpenSSL host verification + hostname in certificate CN only seems broken in 7.82.0

[1] https://github.com/curl/curl/issues/8559

(From OE-Core rev: 7a8d374a3d4bbef336be2b273afc00c93c637ae6)

Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Jose Quaresma
2022-07-01 17:12:05 +01:00
committed by Richard Purdie
parent cacf2eac3d
commit 91df5c1c7b
2 changed files with 39 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-support/curl/curl/0001-openssl-fix-CN-check-error-code.patch
+38
View File
@@ -0,0 +1,38 @@
From 0677924c6ec7e0d68964553fb760f6d407242c54 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 8 Mar 2022 13:38:13 +0100
Subject: [PATCH] openssl: fix CN check error code
Due to a missing 'else' this returns error too easily.
Regressed in: d15692ebb
Reported-by: Kristoffer Gleditsch
Fixes #8559
Closes #8560
Upstream-Status: Backport [https://github.com/curl/curl/commit/911714d617c106ed5d553bf003e34ec94ab6a136]
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
---
lib/vtls/openssl.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 616a510..1bafe96 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -1808,7 +1808,8 @@ CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn,
memcpy(peer_CN, ASN1_STRING_get0_data(tmp), peerlen);
peer_CN[peerlen] = '\0';
}
- result = CURLE_OUT_OF_MEMORY;
+ else
+ result = CURLE_OUT_OF_MEMORY;
}
}
else /* not a UTF8 name */
--
2.34.1
meta/recipes-support/curl/curl_7.82.0.bb
+1
View File
@@ -23,6 +23,7 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \
file://CVE-2022-27779.patch \ file://CVE-2022-27779.patch \
file://CVE-2022-27782-1.patch \ file://CVE-2022-27782-1.patch \
file://CVE-2022-27782-2.patch \ file://CVE-2022-27782-2.patch \
file://0001-openssl-fix-CN-check-error-code.patch \
" "
SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c" SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c"