diff options
Diffstat (limited to 'poky/meta/recipes-support/curl/curl/CVE-2022-27779.patch')
-rw-r--r-- | poky/meta/recipes-support/curl/curl/CVE-2022-27779.patch | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/poky/meta/recipes-support/curl/curl/CVE-2022-27779.patch b/poky/meta/recipes-support/curl/curl/CVE-2022-27779.patch new file mode 100644 index 0000000000..235be900a3 --- /dev/null +++ b/poky/meta/recipes-support/curl/curl/CVE-2022-27779.patch @@ -0,0 +1,42 @@ +From 33dac5777fe5f9c8d2d7d340144b1685cd511d11 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Mon, 9 May 2022 16:47:06 +0200 +Subject: [PATCH] cookies: make bad_domain() not consider a trailing dot fine + +The check for a dot in the domain must not consider a single trailing +dot to be fine, as then TLD + trailing dot is fine and curl will accept +setting cookies for it. + +CVE-2022-27779 + +Reported-by: Axel Chong +Bug: https://curl.se/docs/CVE-2022-27779.html +Closes #8820 + +Upstream-Status: Backport [https://github.com/curl/curl/commit/7e92d12b4e6911f424678a133b19de670e183a59] +Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> +--- + lib/cookie.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/lib/cookie.c b/lib/cookie.c +index d418efa..1b8c8f9 100644 +--- a/lib/cookie.c ++++ b/lib/cookie.c +@@ -427,7 +427,15 @@ static void remove_expired(struct CookieInfo *cookies) + /* Make sure domain contains a dot or is localhost. */ + static bool bad_domain(const char *domain) + { +- return !strchr(domain, '.') && !strcasecompare(domain, "localhost"); ++ if(strcasecompare(domain, "localhost")) ++ return FALSE; ++ else { ++ /* there must be a dot present, but that dot must not be a trailing dot */ ++ char *dot = strchr(domain, '.'); ++ if(dot) ++ return dot[1] ? FALSE : TRUE; ++ } ++ return TRUE; + } + + /* |