diff options
Diffstat (limited to 'meta-openbmc-mods/meta-common/recipes-support/curl/curl')
7 files changed, 34 insertions, 607 deletions
diff --git a/meta-openbmc-mods/meta-common/recipes-support/curl/curl/0001-replace-krb5-config-with-pkg-config.patch b/meta-openbmc-mods/meta-common/recipes-support/curl/curl/0001-replace-krb5-config-with-pkg-config.patch deleted file mode 100644 index a7db1b3c9..000000000 --- a/meta-openbmc-mods/meta-common/recipes-support/curl/curl/0001-replace-krb5-config-with-pkg-config.patch +++ /dev/null @@ -1,44 +0,0 @@ -From ed70f0623708b8a6c1f58a5d243d87c5ff45b24d Mon Sep 17 00:00:00 2001 -From: Roy Li <rongqing.li@windriver.com> -Date: Tue, 26 Apr 2016 13:13:01 +0800 -Subject: [PATCH] replace krb5-config with pkg-config - -Upstream-Status: Pending - -Signed-off-by: Roy Li <rongqing.li@windriver.com> - ---- - configure.ac | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 5569a26..56b0380 100755 ---- a/configure.ac -+++ b/configure.ac -@@ -1290,7 +1290,7 @@ AC_ARG_WITH(gssapi, - fi - ]) - --: ${KRB5CONFIG:="$GSSAPI_ROOT/bin/krb5-config"} -+KRB5CONFIG=`which pkg-config` - - save_CPPFLAGS="$CPPFLAGS" - AC_MSG_CHECKING([if GSS-API support is requested]) -@@ -1301,7 +1301,7 @@ if test x"$want_gss" = xyes; then - if test -n "$host_alias" -a -f "$GSSAPI_ROOT/bin/$host_alias-krb5-config"; then - GSSAPI_INCS=`$GSSAPI_ROOT/bin/$host_alias-krb5-config --cflags gssapi` - elif test -f "$KRB5CONFIG"; then -- GSSAPI_INCS=`$KRB5CONFIG --cflags gssapi` -+ GSSAPI_INCS=`$KRB5CONFIG --cflags mit-krb5-gssapi` - elif test "$GSSAPI_ROOT" != "yes"; then - GSSAPI_INCS="-I$GSSAPI_ROOT/include" - fi -@@ -1394,7 +1394,7 @@ if test x"$want_gss" = xyes; then - elif test -f "$KRB5CONFIG"; then - dnl krb5-config doesn't have --libs-only-L or similar, put everything - dnl into LIBS -- gss_libs=`$KRB5CONFIG --libs gssapi` -+ gss_libs=`$KRB5CONFIG --libs mit-krb5-gssapi` - LIBS="$gss_libs $LIBS" - else - case $host in diff --git a/meta-openbmc-mods/meta-common/recipes-support/curl/curl/CVE-2022-32205-cookie-apply-limits.patch b/meta-openbmc-mods/meta-common/recipes-support/curl/curl/CVE-2022-32205-cookie-apply-limits.patch deleted file mode 100644 index dc7b59f7f..000000000 --- a/meta-openbmc-mods/meta-common/recipes-support/curl/curl/CVE-2022-32205-cookie-apply-limits.patch +++ /dev/null @@ -1,171 +0,0 @@ -From 48d7064a49148f03942380967da739dcde1cdc24 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg <daniel@haxx.se> -Date: Sun, 26 Jun 2022 11:00:48 +0200 -Subject: [PATCH] cookie: apply limits - -- Send no more than 150 cookies per request -- Cap the max length used for a cookie: header to 8K -- Cap the max number of received Set-Cookie: headers to 50 - -Bug: https://curl.se/docs/CVE-2022-32205.html -CVE-2022-32205 -Reported-by: Harry Sintonen -Closes #9048 ---- - lib/cookie.c | 14 ++++++++++++-- - lib/cookie.h | 21 +++++++++++++++++++-- - lib/http.c | 13 +++++++++++-- - lib/urldata.h | 1 + - 4 files changed, 43 insertions(+), 6 deletions(-) - -diff --git a/lib/cookie.c b/lib/cookie.c -index a308346a777bc..a1ab89532033b 100644 ---- a/lib/cookie.c -+++ b/lib/cookie.c -@@ -482,6 +482,10 @@ Curl_cookie_add(struct Curl_easy *data, - (void)data; - #endif - -+ DEBUGASSERT(MAX_SET_COOKIE_AMOUNT <= 255); /* counter is an unsigned char */ -+ if(data->req.setcookies >= MAX_SET_COOKIE_AMOUNT) -+ return NULL; -+ - /* First, alloc and init a new struct for it */ - co = calloc(1, sizeof(struct Cookie)); - if(!co) -@@ -821,7 +825,7 @@ Curl_cookie_add(struct Curl_easy *data, - freecookie(co); - return NULL; - } -- -+ data->req.setcookies++; - } - else { - /* -@@ -1375,7 +1379,8 @@ static struct Cookie *dup_cookie(struct Cookie *src) - * - * It shall only return cookies that haven't expired. - */ --struct Cookie *Curl_cookie_getlist(struct CookieInfo *c, -+struct Cookie *Curl_cookie_getlist(struct Curl_easy *data, -+ struct CookieInfo *c, - const char *host, const char *path, - bool secure) - { -@@ -1430,6 +1435,11 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c, - mainco = newco; - - matches++; -+ if(matches >= MAX_COOKIE_SEND_AMOUNT) { -+ infof(data, "Included max number of cookies (%u) in request!", -+ matches); -+ break; -+ } - } - else - goto fail; -diff --git a/lib/cookie.h b/lib/cookie.h -index 453dfced8a342..abc0a2e8a01ad 100644 ---- a/lib/cookie.h -+++ b/lib/cookie.h -@@ -83,10 +83,26 @@ struct CookieInfo { - */ - #define MAX_COOKIE_LINE 5000 - --/* This is the maximum length of a cookie name or content we deal with: */ -+/* Maximum length of an incoming cookie name or content we deal with. Longer -+ cookies are ignored. */ - #define MAX_NAME 4096 - #define MAX_NAME_TXT "4095" - -+/* Maximum size for an outgoing cookie line libcurl will use in an http -+ request. This is the default maximum length used in some versions of Apache -+ httpd. */ -+#define MAX_COOKIE_HEADER_LEN 8190 -+ -+/* Maximum number of cookies libcurl will send in a single request, even if -+ there might be more cookies that match. One reason to cap the number is to -+ keep the maximum HTTP request within the maximum allowed size. */ -+#define MAX_COOKIE_SEND_AMOUNT 150 -+ -+/* Maximum number of Set-Cookie: lines accepted in a single response. If more -+ such header lines are received, they are ignored. This value must be less -+ than 256 since an unsigned char is used to count. */ -+#define MAX_SET_COOKIE_AMOUNT 50 -+ - struct Curl_easy; - /* - * Add a cookie to the internal list of cookies. The domain and path arguments -@@ -99,7 +115,8 @@ struct Cookie *Curl_cookie_add(struct Curl_easy *data, - const char *domain, const char *path, - bool secure); - --struct Cookie *Curl_cookie_getlist(struct CookieInfo *c, const char *host, -+struct Cookie *Curl_cookie_getlist(struct Curl_easy *data, -+ struct CookieInfo *c, const char *host, - const char *path, bool secure); - void Curl_cookie_freelist(struct Cookie *cookies); - void Curl_cookie_clearall(struct CookieInfo *cookies); -diff --git a/lib/http.c b/lib/http.c -index 5284475ba92c4..258722a602e40 100644 ---- a/lib/http.c -+++ b/lib/http.c -@@ -2711,12 +2711,14 @@ CURLcode Curl_http_bodysend(struct Curl_easy *data, struct connectdata *conn, - } - - #if !defined(CURL_DISABLE_COOKIES) -+ - CURLcode Curl_http_cookies(struct Curl_easy *data, - struct connectdata *conn, - struct dynbuf *r) - { - CURLcode result = CURLE_OK; - char *addcookies = NULL; -+ bool linecap = FALSE; - if(data->set.str[STRING_COOKIE] && - !Curl_checkheaders(data, STRCONST("Cookie"))) - addcookies = data->set.str[STRING_COOKIE]; -@@ -2734,7 +2736,7 @@ CURLcode Curl_http_cookies(struct Curl_easy *data, - !strcmp(host, "127.0.0.1") || - !strcmp(host, "[::1]") ? TRUE : FALSE; - Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE); -- co = Curl_cookie_getlist(data->cookies, host, data->state.up.path, -+ co = Curl_cookie_getlist(data, data->cookies, host, data->state.up.path, - secure_context); - Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE); - } -@@ -2748,6 +2750,13 @@ CURLcode Curl_http_cookies(struct Curl_easy *data, - if(result) - break; - } -+ if((Curl_dyn_len(r) + strlen(co->name) + strlen(co->value) + 1) >= -+ MAX_COOKIE_HEADER_LEN) { -+ infof(data, "Restricted outgoing cookies due to header size, " -+ "'%s' not sent", co->name); -+ linecap = TRUE; -+ break; -+ } - result = Curl_dyn_addf(r, "%s%s=%s", count?"; ":"", - co->name, co->value); - if(result) -@@ -2758,7 +2767,7 @@ CURLcode Curl_http_cookies(struct Curl_easy *data, - } - Curl_cookie_freelist(store); - } -- if(addcookies && !result) { -+ if(addcookies && !result && !linecap) { - if(!count) - result = Curl_dyn_addn(r, STRCONST("Cookie: ")); - if(!result) { -diff --git a/lib/urldata.h b/lib/urldata.h -index 17fe25720be33..bcb4d460c2fe6 100644 ---- a/lib/urldata.h -+++ b/lib/urldata.h -@@ -698,6 +698,7 @@ struct SingleRequest { - #ifndef CURL_DISABLE_DOH - struct dohdata *doh; /* DoH specific data for this request */ - #endif -+ unsigned char setcookies; - BIT(header); /* incoming data has HTTP header */ - BIT(content_range); /* set TRUE if Content-Range: was found */ - BIT(upload_done); /* set to TRUE when doing chunked transfer-encoding diff --git a/meta-openbmc-mods/meta-common/recipes-support/curl/curl/CVE-2022-32206-return-error-on-too-many-compression-steps.patch b/meta-openbmc-mods/meta-common/recipes-support/curl/curl/CVE-2022-32206-return-error-on-too-many-compression-steps.patch deleted file mode 100644 index bdf3ba35e..000000000 --- a/meta-openbmc-mods/meta-common/recipes-support/curl/curl/CVE-2022-32206-return-error-on-too-many-compression-steps.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 3a09fbb7f264c67c438d01a30669ce325aa508e2 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg <daniel@haxx.se> -Date: Mon, 16 May 2022 16:28:13 +0200 -Subject: [PATCH] content_encoding: return error on too many compression steps - -The max allowed steps is arbitrarily set to 5. - -Bug: https://curl.se/docs/CVE-2022-32206.html -CVE-2022-32206 -Reported-by: Harry Sintonen -Closes #9049 ---- - lib/content_encoding.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/lib/content_encoding.c b/lib/content_encoding.c -index c5591ca48ac78..95ba48a2dd563 100644 ---- a/lib/content_encoding.c -+++ b/lib/content_encoding.c -@@ -1028,12 +1028,16 @@ static const struct content_encoding *find_encoding(const char *name, - return NULL; - } - -+/* allow no more than 5 "chained" compression steps */ -+#define MAX_ENCODE_STACK 5 -+ - /* Set-up the unencoding stack from the Content-Encoding header value. - * See RFC 7231 section 3.1.2.2. */ - CURLcode Curl_build_unencoding_stack(struct Curl_easy *data, - const char *enclist, int maybechunked) - { - struct SingleRequest *k = &data->req; -+ int counter = 0; - - do { - const char *name; -@@ -1068,6 +1072,11 @@ CURLcode Curl_build_unencoding_stack(struct Curl_easy *data, - if(!encoding) - encoding = &error_encoding; /* Defer error at stack use. */ - -+ if(++counter >= MAX_ENCODE_STACK) { -+ failf(data, "Reject response due to %u content encodings", -+ counter); -+ return CURLE_BAD_CONTENT_ENCODING; -+ } - /* Stack the unencoding stage. */ - writer = new_unencoding_writer(data, encoding, k->writer_stack); - if(!writer) diff --git a/meta-openbmc-mods/meta-common/recipes-support/curl/curl/CVE-2022-32207-fopen-add-Curl_fopen-for-better-overwriting-of-fi.patch b/meta-openbmc-mods/meta-common/recipes-support/curl/curl/CVE-2022-32207-fopen-add-Curl_fopen-for-better-overwriting-of-fi.patch deleted file mode 100644 index 9b4c128d9..000000000 --- a/meta-openbmc-mods/meta-common/recipes-support/curl/curl/CVE-2022-32207-fopen-add-Curl_fopen-for-better-overwriting-of-fi.patch +++ /dev/null @@ -1,280 +0,0 @@ -From 20f9dd6bae50b7223171b17ba7798946e74f877f Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg <daniel@haxx.se> -Date: Wed, 25 May 2022 10:09:53 +0200 -Subject: [PATCH] fopen: add Curl_fopen() for better overwriting of files - -Bug: https://curl.se/docs/CVE-2022-32207.html -CVE-2022-32207 -Reported-by: Harry Sintonen -Closes #9050 ---- - CMakeLists.txt | 1 + - configure.ac | 1 + - lib/Makefile.inc | 2 + - lib/cookie.c | 19 ++----- - lib/curl_config.h.cmake | 3 ++ - lib/fopen.c | 113 ++++++++++++++++++++++++++++++++++++++++ - lib/fopen.h | 30 +++++++++++ - 7 files changed, 154 insertions(+), 15 deletions(-) - create mode 100644 lib/fopen.c - create mode 100644 lib/fopen.h - -diff --git a/CMakeLists.txt b/CMakeLists.txt -index 45d763d5a9c1d..ad20777f3d688 100644 ---- a/CMakeLists.txt -+++ b/CMakeLists.txt -@@ -1067,6 +1067,7 @@ elseif(HAVE_LIBSOCKET) - set(CMAKE_REQUIRED_LIBRARIES socket) - endif() - -+check_symbol_exists(fchmod "${CURL_INCLUDES}" HAVE_FCHMOD) - check_symbol_exists(basename "${CURL_INCLUDES}" HAVE_BASENAME) - check_symbol_exists(socket "${CURL_INCLUDES}" HAVE_SOCKET) - check_symbol_exists(select "${CURL_INCLUDES}" HAVE_SELECT) -diff --git a/configure.ac b/configure.ac -index b0245b99a669f..de2dee5a484ed 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -3438,6 +3438,7 @@ AC_CHECK_DECLS([getpwuid_r], [], [AC_DEFINE(HAVE_DECL_GETPWUID_R_MISSING, 1, "Se - - - AC_CHECK_FUNCS([fnmatch \ -+ fchmod \ - geteuid \ - getpass_r \ - getppid \ -diff --git a/lib/Makefile.inc b/lib/Makefile.inc -index 533e16df97020..9bd8e324bd1c1 100644 ---- a/lib/Makefile.inc -+++ b/lib/Makefile.inc -@@ -137,6 +137,7 @@ LIB_CFILES = \ - escape.c \ - file.c \ - fileinfo.c \ -+ fopen.c \ - formdata.c \ - ftp.c \ - ftplistparser.c \ -@@ -270,6 +271,7 @@ LIB_HFILES = \ - escape.h \ - file.h \ - fileinfo.h \ -+ fopen.h \ - formdata.h \ - ftp.h \ - ftplistparser.h \ -diff --git a/lib/cookie.c b/lib/cookie.c -index a1ab89532033b..cb57b86387191 100644 ---- a/lib/cookie.c -+++ b/lib/cookie.c -@@ -99,8 +99,8 @@ Example set of cookies: - #include "curl_get_line.h" - #include "curl_memrchr.h" - #include "parsedate.h" --#include "rand.h" - #include "rename.h" -+#include "fopen.h" - - /* The last 3 #include files should be in this order */ - #include "curl_printf.h" -@@ -1641,20 +1641,9 @@ static CURLcode cookie_output(struct Curl_easy *data, - use_stdout = TRUE; - } - else { -- unsigned char randsuffix[9]; -- -- if(Curl_rand_hex(data, randsuffix, sizeof(randsuffix))) -- return 2; -- -- tempstore = aprintf("%s.%s.tmp", filename, randsuffix); -- if(!tempstore) -- return CURLE_OUT_OF_MEMORY; -- -- out = fopen(tempstore, FOPEN_WRITETEXT); -- if(!out) { -- error = CURLE_WRITE_ERROR; -+ error = Curl_fopen(data, filename, &out, &tempstore); -+ if(error) - goto error; -- } - } - - fputs("# Netscape HTTP Cookie File\n" -@@ -1701,7 +1690,7 @@ static CURLcode cookie_output(struct Curl_easy *data, - if(!use_stdout) { - fclose(out); - out = NULL; -- if(Curl_rename(tempstore, filename)) { -+ if(tempstore && Curl_rename(tempstore, filename)) { - unlink(tempstore); - error = CURLE_WRITE_ERROR; - goto error; -diff --git a/lib/curl_config.h.cmake b/lib/curl_config.h.cmake -index cd4b568d89948..eb2c62b971453 100644 ---- a/lib/curl_config.h.cmake -+++ b/lib/curl_config.h.cmake -@@ -159,6 +159,9 @@ - /* Define to 1 if you have the <assert.h> header file. */ - #cmakedefine HAVE_ASSERT_H 1 - -+/* Define to 1 if you have the `fchmod' function. */ -+#cmakedefine HAVE_FCHMOD 1 -+ - /* Define to 1 if you have the `basename' function. */ - #cmakedefine HAVE_BASENAME 1 - -diff --git a/lib/fopen.c b/lib/fopen.c -new file mode 100644 -index 0000000000000..ad3691ba9d158 ---- /dev/null -+++ b/lib/fopen.c -@@ -0,0 +1,113 @@ -+/*************************************************************************** -+ * _ _ ____ _ -+ * Project ___| | | | _ \| | -+ * / __| | | | |_) | | -+ * | (__| |_| | _ <| |___ -+ * \___|\___/|_| \_\_____| -+ * -+ * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. -+ * -+ * This software is licensed as described in the file COPYING, which -+ * you should have received as part of this distribution. The terms -+ * are also available at https://curl.se/docs/copyright.html. -+ * -+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell -+ * copies of the Software, and permit persons to whom the Software is -+ * furnished to do so, under the terms of the COPYING file. -+ * -+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -+ * KIND, either express or implied. -+ * -+ * SPDX-License-Identifier: curl -+ * -+ ***************************************************************************/ -+ -+#include "curl_setup.h" -+ -+#if !defined(CURL_DISABLE_COOKIES) || !defined(CURL_DISABLE_ALTSVC) || \ -+ !defined(CURL_DISABLE_HSTS) -+ -+#ifdef HAVE_FCNTL_H -+#include <fcntl.h> -+#endif -+ -+#include "urldata.h" -+#include "rand.h" -+#include "fopen.h" -+/* The last 3 #include files should be in this order */ -+#include "curl_printf.h" -+#include "curl_memory.h" -+#include "memdebug.h" -+ -+/* -+ * Curl_fopen() opens a file for writing with a temp name, to be renamed -+ * to the final name when completed. If there is an existing file using this -+ * name at the time of the open, this function will clone the mode from that -+ * file. if 'tempname' is non-NULL, it needs a rename after the file is -+ * written. -+ */ -+CURLcode Curl_fopen(struct Curl_easy *data, const char *filename, -+ FILE **fh, char **tempname) -+{ -+ CURLcode result = CURLE_WRITE_ERROR; -+ unsigned char randsuffix[9]; -+ char *tempstore = NULL; -+ struct_stat sb; -+ int fd = -1; -+ *tempname = NULL; -+ -+ if(stat(filename, &sb) == -1 || !S_ISREG(sb.st_mode)) { -+ /* a non-regular file, fallback to direct fopen() */ -+ *fh = fopen(filename, FOPEN_WRITETEXT); -+ if(*fh) -+ return CURLE_OK; -+ goto fail; -+ } -+ -+ result = Curl_rand_hex(data, randsuffix, sizeof(randsuffix)); -+ if(result) -+ goto fail; -+ -+ tempstore = aprintf("%s.%s.tmp", filename, randsuffix); -+ if(!tempstore) { -+ result = CURLE_OUT_OF_MEMORY; -+ goto fail; -+ } -+ -+ result = CURLE_WRITE_ERROR; -+ fd = open(tempstore, O_WRONLY | O_CREAT | O_EXCL, 0600); -+ if(fd == -1) -+ goto fail; -+ -+#ifdef HAVE_FCHMOD -+ { -+ struct_stat nsb; -+ if((fstat(fd, &nsb) != -1) && -+ (nsb.st_uid == sb.st_uid) && (nsb.st_gid == sb.st_gid)) { -+ /* if the user and group are the same, clone the original mode */ -+ if(fchmod(fd, sb.st_mode) == -1) -+ goto fail; -+ } -+ } -+#endif -+ -+ *fh = fdopen(fd, FOPEN_WRITETEXT); -+ if(!*fh) -+ goto fail; -+ -+ *tempname = tempstore; -+ return CURLE_OK; -+ -+fail: -+ if(fd != -1) { -+ close(fd); -+ unlink(tempstore); -+ } -+ -+ free(tempstore); -+ -+ *tempname = NULL; -+ return result; -+} -+ -+#endif /* ! disabled */ -diff --git a/lib/fopen.h b/lib/fopen.h -new file mode 100644 -index 0000000000000..289e55f2afd24 ---- /dev/null -+++ b/lib/fopen.h -@@ -0,0 +1,30 @@ -+#ifndef HEADER_CURL_FOPEN_H -+#define HEADER_CURL_FOPEN_H -+/*************************************************************************** -+ * _ _ ____ _ -+ * Project ___| | | | _ \| | -+ * / __| | | | |_) | | -+ * | (__| |_| | _ <| |___ -+ * \___|\___/|_| \_\_____| -+ * -+ * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. -+ * -+ * This software is licensed as described in the file COPYING, which -+ * you should have received as part of this distribution. The terms -+ * are also available at https://curl.se/docs/copyright.html. -+ * -+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell -+ * copies of the Software, and permit persons to whom the Software is -+ * furnished to do so, under the terms of the COPYING file. -+ * -+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -+ * KIND, either express or implied. -+ * -+ * SPDX-License-Identifier: curl -+ * -+ ***************************************************************************/ -+ -+CURLcode Curl_fopen(struct Curl_easy *data, const char *filename, -+ FILE **fh, char **tempname); -+ -+#endif diff --git a/meta-openbmc-mods/meta-common/recipes-support/curl/curl/CVE-2022-32208-krb5-return-error-properly-on-decode-errors.patch b/meta-openbmc-mods/meta-common/recipes-support/curl/curl/CVE-2022-32208-krb5-return-error-properly-on-decode-errors.patch deleted file mode 100644 index be9f52d86..000000000 --- a/meta-openbmc-mods/meta-common/recipes-support/curl/curl/CVE-2022-32208-krb5-return-error-properly-on-decode-errors.patch +++ /dev/null @@ -1,64 +0,0 @@ -From 6ecdf5136b52af747e7bda08db9a748256b1cd09 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg <daniel@haxx.se> -Date: Thu, 9 Jun 2022 09:27:24 +0200 -Subject: [PATCH] krb5: return error properly on decode errors - -Bug: https://curl.se/docs/CVE-2022-32208.html -CVE-2022-32208 -Reported-by: Harry Sintonen -Closes #9051 ---- - lib/krb5.c | 18 +++++++++++------- - 1 file changed, 11 insertions(+), 7 deletions(-) - -diff --git a/lib/krb5.c b/lib/krb5.c -index e289595c9e1dd..517491c4658bf 100644 ---- a/lib/krb5.c -+++ b/lib/krb5.c -@@ -142,11 +142,8 @@ krb5_decode(void *app_data, void *buf, int len, - enc.value = buf; - enc.length = len; - maj = gss_unwrap(&min, *context, &enc, &dec, NULL, NULL); -- if(maj != GSS_S_COMPLETE) { -- if(len >= 4) -- strcpy(buf, "599 "); -+ if(maj != GSS_S_COMPLETE) - return -1; -- } - - memcpy(buf, dec.value, dec.length); - len = curlx_uztosi(dec.length); -@@ -508,6 +505,7 @@ static CURLcode read_data(struct connectdata *conn, - { - int len; - CURLcode result; -+ int nread; - - result = socket_read(fd, &len, sizeof(len)); - if(result) -@@ -516,7 +514,10 @@ static CURLcode read_data(struct connectdata *conn, - if(len) { - /* only realloc if there was a length */ - len = ntohl(len); -- buf->data = Curl_saferealloc(buf->data, len); -+ if(len > CURL_MAX_INPUT_LENGTH) -+ len = 0; -+ else -+ buf->data = Curl_saferealloc(buf->data, len); - } - if(!len || !buf->data) - return CURLE_OUT_OF_MEMORY; -@@ -524,8 +525,11 @@ static CURLcode read_data(struct connectdata *conn, - result = socket_read(fd, buf->data, len); - if(result) - return result; -- buf->size = conn->mech->decode(conn->app_data, buf->data, len, -- conn->data_prot, conn); -+ nread = conn->mech->decode(conn->app_data, buf->data, len, -+ conn->data_prot, conn); -+ if(nread < 0) -+ return CURLE_RECV_ERROR; -+ buf->size = (size_t)nread; - buf->index = 0; - return CURLE_OK; - } diff --git a/meta-openbmc-mods/meta-common/recipes-support/curl/curl/disable-tests b/meta-openbmc-mods/meta-common/recipes-support/curl/curl/disable-tests new file mode 100644 index 000000000..92056bd8c --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-support/curl/curl/disable-tests @@ -0,0 +1,28 @@ +# These CRL test (alt-avc) are failing +356 +412 +413 +# These CRL tests are scanning docs +971 +1119 +1132 +1135 +# These CRL tests are scnning headers +1167 +# These CRL tests are scanning man pages +1139 +1140 +1173 +1177 +# This CRL test is looking for m4 files +1165 +# This CRL test is looking for src files +1185 +# These CRL tests need --libcurl option to be enabled +1400 +1401 +1402 +1403 +1404 +1405 +1465 diff --git a/meta-openbmc-mods/meta-common/recipes-support/curl/curl/run-ptest b/meta-openbmc-mods/meta-common/recipes-support/curl/curl/run-ptest new file mode 100644 index 000000000..614e82292 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-support/curl/curl/run-ptest @@ -0,0 +1,6 @@ +#!/bin/sh +cd tests +./runtests.pl -a -n -s | sed \ + -e 's|\([^ ]* *\) \([^ ]* *\)...OK|PASS: \1 \2|' \ + -e 's|\([^ ]* *\) \([^ ]* *\)...FAILED|FAIL: \1 \2|' \ + -e 's/Warning: test[0-9]\+ not present in tests\/data\/Makefile.inc//' |