diff options
Diffstat (limited to 'meta-openbmc-mods/meta-common/recipes-support/curl/curl/CVE-2022-32208-krb5-return-error-properly-on-decode-errors.patch')
| -rw-r--r-- | meta-openbmc-mods/meta-common/recipes-support/curl/curl/CVE-2022-32208-krb5-return-error-properly-on-decode-errors.patch | 64 |
1 files changed, 0 insertions, 64 deletions
diff --git a/meta-openbmc-mods/meta-common/recipes-support/curl/curl/CVE-2022-32208-krb5-return-error-properly-on-decode-errors.patch b/meta-openbmc-mods/meta-common/recipes-support/curl/curl/CVE-2022-32208-krb5-return-error-properly-on-decode-errors.patch deleted file mode 100644 index be9f52d86..000000000 --- a/meta-openbmc-mods/meta-common/recipes-support/curl/curl/CVE-2022-32208-krb5-return-error-properly-on-decode-errors.patch +++ /dev/null @@ -1,64 +0,0 @@ -From 6ecdf5136b52af747e7bda08db9a748256b1cd09 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg <daniel@haxx.se> -Date: Thu, 9 Jun 2022 09:27:24 +0200 -Subject: [PATCH] krb5: return error properly on decode errors - -Bug: https://curl.se/docs/CVE-2022-32208.html -CVE-2022-32208 -Reported-by: Harry Sintonen -Closes #9051 ---- - lib/krb5.c | 18 +++++++++++------- - 1 file changed, 11 insertions(+), 7 deletions(-) - -diff --git a/lib/krb5.c b/lib/krb5.c -index e289595c9e1dd..517491c4658bf 100644 ---- a/lib/krb5.c -+++ b/lib/krb5.c -@@ -142,11 +142,8 @@ krb5_decode(void *app_data, void *buf, int len, - enc.value = buf; - enc.length = len; - maj = gss_unwrap(&min, *context, &enc, &dec, NULL, NULL); -- if(maj != GSS_S_COMPLETE) { -- if(len >= 4) -- strcpy(buf, "599 "); -+ if(maj != GSS_S_COMPLETE) - return -1; -- } - - memcpy(buf, dec.value, dec.length); - len = curlx_uztosi(dec.length); -@@ -508,6 +505,7 @@ static CURLcode read_data(struct connectdata *conn, - { - int len; - CURLcode result; -+ int nread; - - result = socket_read(fd, &len, sizeof(len)); - if(result) -@@ -516,7 +514,10 @@ static CURLcode read_data(struct connectdata *conn, - if(len) { - /* only realloc if there was a length */ - len = ntohl(len); -- buf->data = Curl_saferealloc(buf->data, len); -+ if(len > CURL_MAX_INPUT_LENGTH) -+ len = 0; -+ else -+ buf->data = Curl_saferealloc(buf->data, len); - } - if(!len || !buf->data) - return CURLE_OUT_OF_MEMORY; -@@ -524,8 +525,11 @@ static CURLcode read_data(struct connectdata *conn, - result = socket_read(fd, buf->data, len); - if(result) - return result; -- buf->size = conn->mech->decode(conn->app_data, buf->data, len, -- conn->data_prot, conn); -+ nread = conn->mech->decode(conn->app_data, buf->data, len, -+ conn->data_prot, conn); -+ if(nread < 0) -+ return CURLE_RECV_ERROR; -+ buf->size = (size_t)nread; - buf->index = 0; - return CURLE_OK; - } |