diff options
Diffstat (limited to 'poky/meta/recipes-support/curl/curl/CVE-2022-27781.patch')
-rw-r--r-- | poky/meta/recipes-support/curl/curl/CVE-2022-27781.patch | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/poky/meta/recipes-support/curl/curl/CVE-2022-27781.patch b/poky/meta/recipes-support/curl/curl/CVE-2022-27781.patch new file mode 100644 index 0000000000..ea1bc22928 --- /dev/null +++ b/poky/meta/recipes-support/curl/curl/CVE-2022-27781.patch @@ -0,0 +1,46 @@ +From 7a1f183039a6a6c9099a114f5e5c94777413c767 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Mon, 9 May 2022 10:07:15 +0200 +Subject: [PATCH] nss: return error if seemingly stuck in a cert loop +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +CVE-2022-27781 + +Reported-by: Florian Kohnhäuser +Bug: https://curl.se/docs/CVE-2022-27781.html +Closes #8822 + +Upstream-Status: Backport [https://github.com/curl/curl/commit/5c7da89d404bf59c8dd82a001119a16d18365917] +Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> +--- + lib/vtls/nss.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c +index 375c78b..86102f7 100644 +--- a/lib/vtls/nss.c ++++ b/lib/vtls/nss.c +@@ -950,6 +950,9 @@ static void display_cert_info(struct Curl_easy *data, + PR_Free(common_name); + } + ++/* A number of certs that will never occur in a real server handshake */ ++#define TOO_MANY_CERTS 300 ++ + static CURLcode display_conn_info(struct connectdata *conn, PRFileDesc *sock) + { + CURLcode result = CURLE_OK; +@@ -986,6 +989,11 @@ static CURLcode display_conn_info(struct connectdata *conn, PRFileDesc *sock) + cert2 = CERT_FindCertIssuer(cert, now, certUsageSSLCA); + while(cert2) { + i++; ++ if(i >= TOO_MANY_CERTS) { ++ CERT_DestroyCertificate(cert2); ++ failf(data, "certificate loop"); ++ return CURLE_SSL_CERTPROBLEM; ++ } + if(cert2->isRoot) { + CERT_DestroyCertificate(cert2); + break; |