summaryrefslogtreecommitdiff
path: root/poky/meta/recipes-support/curl/curl/cve-2021-22945.patch
diff options
context:
space:
mode:
Diffstat (limited to 'poky/meta/recipes-support/curl/curl/cve-2021-22945.patch')
-rw-r--r--poky/meta/recipes-support/curl/curl/cve-2021-22945.patch34
1 files changed, 34 insertions, 0 deletions
diff --git a/poky/meta/recipes-support/curl/curl/cve-2021-22945.patch b/poky/meta/recipes-support/curl/curl/cve-2021-22945.patch
new file mode 100644
index 0000000000..2cbe110332
--- /dev/null
+++ b/poky/meta/recipes-support/curl/curl/cve-2021-22945.patch
@@ -0,0 +1,34 @@
+CVE: CVE-2021-22945
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From 92cb3059dab2f9ef3e6ea614dad5c86917d19807 Mon Sep 17 00:00:00 2001
+From: z2_ on hackerone <>
+Date: Tue, 24 Aug 2021 09:50:33 +0200
+Subject: [PATCH 1/3] mqtt: clear the leftovers pointer when sending succeeds
+
+CVE-2021-22945
+
+Bug: https://curl.se/docs/CVE-2021-22945.html
+---
+ lib/mqtt.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/lib/mqtt.c b/lib/mqtt.c
+index f077e6c3d..fcd40b41e 100644
+--- a/lib/mqtt.c
++++ b/lib/mqtt.c
+@@ -128,6 +128,10 @@ static CURLcode mqtt_send(struct Curl_easy *data,
+ mq->sendleftovers = sendleftovers;
+ mq->nsend = nsend;
+ }
++ else {
++ mq->sendleftovers = NULL;
++ mq->nsend = 0;
++ }
+ return result;
+ }
+
+--
+2.25.1
+
generated by cgit v1.2.3 (git 2.39.0) at 2024-06-11 13:52:13 +0300