diff options
Diffstat (limited to 'poky/meta/recipes-support/curl/curl/CVE-2022-27780.patch')
| -rw-r--r-- | poky/meta/recipes-support/curl/curl/CVE-2022-27780.patch | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/poky/meta/recipes-support/curl/curl/CVE-2022-27780.patch b/poky/meta/recipes-support/curl/curl/CVE-2022-27780.patch new file mode 100644 index 0000000000..8820af3f74 --- /dev/null +++ b/poky/meta/recipes-support/curl/curl/CVE-2022-27780.patch @@ -0,0 +1,33 @@ +From 304b7acf73712fa501119b1ca0724f71f3074fe7 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Mon, 9 May 2022 08:19:38 +0200 +Subject: [PATCH] urlapi: reject percent-decoding host name into separator + bytes + +CVE-2022-27780 + +Reported-by: Axel Chong +Bug: https://curl.se/docs/CVE-2022-27780.html +Closes #8826 + +Upstream-Status: Backport [https://github.com/curl/curl/commit/914aaab9153764ef8fa4178215b8ad89d3ac263a] +Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> +--- + lib/urlapi.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/lib/urlapi.c b/lib/urlapi.c +index ff00ee4..00222fc 100644 +--- a/lib/urlapi.c ++++ b/lib/urlapi.c +@@ -678,8 +678,8 @@ static CURLUcode hostname_check(struct Curl_URL *u, char *hostname) + #endif + } + else { +- /* letters from the second string is not ok */ +- len = strcspn(hostname, " \r\n"); ++ /* letters from the second string are not ok */ ++ len = strcspn(hostname, " \r\n\t/:#?!@"); + if(hlen != len) + /* hostname with bad content */ + return CURLUE_BAD_HOSTNAME; |