1 files changed, 42 insertions, 0 deletions

diff --git a/poky/meta/recipes-support/curl/curl/CVE-2022-27779.patch b/poky/meta/recipes-support/curl/curl/CVE-2022-27779.patch
new file mode 100644
index 0000000000..235be900a3
--- /dev/null
+++ b/poky/meta/recipes-support/curl/curl/CVE-2022-27779.patch
@@ -0,0 +1,42 @@
+From 33dac5777fe5f9c8d2d7d340144b1685cd511d11 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 9 May 2022 16:47:06 +0200
+Subject: [PATCH] cookies: make bad_domain() not consider a trailing dot fine
+
+The check for a dot in the domain must not consider a single trailing
+dot to be fine, as then TLD + trailing dot is fine and curl will accept
+setting cookies for it.
+
+CVE-2022-27779
+
+Reported-by: Axel Chong
+Bug: https://curl.se/docs/CVE-2022-27779.html
+Closes #8820
+
+Upstream-Status: Backport [https://github.com/curl/curl/commit/7e92d12b4e6911f424678a133b19de670e183a59]
+Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
+---
+ lib/cookie.c | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/lib/cookie.c b/lib/cookie.c
+index d418efa..1b8c8f9 100644
+--- a/lib/cookie.c
++++ b/lib/cookie.c
+@@ -427,7 +427,15 @@ static void remove_expired(struct CookieInfo *cookies)
+ /* Make sure domain contains a dot or is localhost. */
+ static bool bad_domain(const char *domain)
+ {
+-  return !strchr(domain, '.') && !strcasecompare(domain, "localhost");
++  if(strcasecompare(domain, "localhost"))
++    return FALSE;
++  else {
++    /* there must be a dot present, but that dot must not be a trailing dot */
++    char *dot = strchr(domain, '.');
++    if(dot)
++      return dot[1] ? FALSE : TRUE;
++  }
++  return TRUE;
+ }
+ 
+ /*