From ac783c78f47080c3b28b964c1d052079a0c7a21e Mon Sep 17 00:00:00 2001 From: Sona Sarmadi Date: Fri, 2 Mar 2018 09:32:43 +0100 Subject: curl: fixed build error Signed-off-by: Sona Sarmadi Signed-off-by: Martin Borg --- recipes-support/curl/curl/CVE-2017-8817.patch | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/recipes-support/curl/curl/CVE-2017-8817.patch b/recipes-support/curl/curl/CVE-2017-8817.patch index 20ca406..e8429b2 100644 --- a/recipes-support/curl/curl/CVE-2017-8817.patch +++ b/recipes-support/curl/curl/CVE-2017-8817.patch @@ -1,6 +1,6 @@ -From 2dd71516235bb8f98210242c34a1a617caa8c171 Mon Sep 17 00:00:00 2001 +From 438a9ebfe9c4dc850ca2ed858bf5b8c31ce15ef5 Mon Sep 17 00:00:00 2001 From: Sona Sarmadi -Date: Mon, 4 Dec 2017 10:25:14 +0100 +Date: Fri, 2 Mar 2018 08:48:05 +0100 Subject: [PATCH] curl: fix for CVE-2017-8817 wildcardmatch: fix heap buffer overflow in setcharset @@ -20,13 +20,13 @@ Bug: https://curl.haxx.se/docs/adv_2017-ae72.html Signed-off-by: Sona Sarmadi --- lib/curl_fnmatch.c | 9 +++------ - tests/data/Makefile.inc | 1 + + tests/data/Makefile.inc | 2 +- tests/data/test1163 | 52 +++++++++++++++++++++++++++++++++++++++++++++++++ - 3 files changed, 56 insertions(+), 6 deletions(-) + 3 files changed, 56 insertions(+), 7 deletions(-) create mode 100644 tests/data/test1163 diff --git a/lib/curl_fnmatch.c b/lib/curl_fnmatch.c -index e8108bb..2f34335 100644 +index 46d3ada..5dd5323 100644 --- a/lib/curl_fnmatch.c +++ b/lib/curl_fnmatch.c @@ -133,6 +133,9 @@ static int setcharset(unsigned char **p, unsigned char *charset) @@ -39,7 +39,7 @@ index e8108bb..2f34335 100644 switch(state) { case CURLFNM_SCHS_DEFAULT: if(ISALNUM(c)) { /* ASCII value */ -@@ -197,9 +200,6 @@ static int setcharset(unsigned char **p, unsigned char *charset) +@@ -196,9 +199,6 @@ static int setcharset(unsigned char **p, unsigned char *charset) else return SETCHARSET_FAIL; } @@ -49,7 +49,7 @@ index e8108bb..2f34335 100644 else { charset[c] = 1; (*p)++; -@@ -278,9 +278,6 @@ static int setcharset(unsigned char **p, unsigned char *charset) +@@ -277,9 +277,6 @@ static int setcharset(unsigned char **p, unsigned char *charset) else if(c == ']') { return SETCHARSET_OK; } @@ -60,13 +60,14 @@ index e8108bb..2f34335 100644 charset[c] = 1; (*p)++; diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc -index 01ad40d..20aa856 100644 +index 5284654..942f9ee 100644 --- a/tests/data/Makefile.inc +++ b/tests/data/Makefile.inc -@@ -122,6 +122,7 @@ test1128 test1129 test1130 test1131 test1132 test1133 test1134 test1135 \ +@@ -122,7 +122,7 @@ test1128 test1129 test1130 test1131 test1132 test1133 test1134 test1135 \ test1136 test1137 test1138 test1139 test1140 test1141 test1142 test1143 \ test1144 test1145 test1146 \ test1152 \ +-\ +test1163 \ test1200 test1201 test1202 test1203 test1204 test1205 test1206 test1207 \ test1208 test1209 test1210 test1211 test1212 test1213 test1214 test1215 \ -- cgit v1.2.3-54-g00ecf