diff options
author | Petr Štetiar <ynezz@true.cz> | 2020-05-01 10:12:11 +0200 |
---|---|---|
committer | Petr Štetiar <ynezz@true.cz> | 2020-05-01 11:12:31 +0200 |
commit | 55591e63bcb21e9bd2327f9a2bc0fd55f14734d6 (patch) | |
tree | 7331c679a96bdea92ea0843a00fcaabe0adceba7 | |
parent | 35ea808b97e062eb0deb8dda5a05e95e612de34c (diff) | |
download | upstream-55591e63bcb21e9bd2327f9a2bc0fd55f14734d6.tar.gz upstream-55591e63bcb21e9bd2327f9a2bc0fd55f14734d6.tar.bz2 upstream-55591e63bcb21e9bd2327f9a2bc0fd55f14734d6.zip |
curl: backport fix for CVE-2019-15601
On Windows, refuse paths that start with \\ ... as that might cause an
unexpected SMB connection to a given host name.
Ref: PR#2730
Ref: https://curl.haxx.se/docs/CVE-2019-15601.html
Suggested-by: Jerome Benoit <jerome.benoit@sap.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
-rw-r--r-- | package/network/utils/curl/Makefile | 2 | ||||
-rw-r--r-- | package/network/utils/curl/patches/100-file-on-Windows-refuse-paths-that-start-with.patch | 44 |
2 files changed, 45 insertions, 1 deletions
diff --git a/package/network/utils/curl/Makefile b/package/network/utils/curl/Makefile index d4fcf1814a..1c95b9f131 100644 --- a/package/network/utils/curl/Makefile +++ b/package/network/utils/curl/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=curl PKG_VERSION:=7.66.0 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://dl.uxnr.de/mirror/curl/ \ diff --git a/package/network/utils/curl/patches/100-file-on-Windows-refuse-paths-that-start-with.patch b/package/network/utils/curl/patches/100-file-on-Windows-refuse-paths-that-start-with.patch new file mode 100644 index 0000000000..254d678269 --- /dev/null +++ b/package/network/utils/curl/patches/100-file-on-Windows-refuse-paths-that-start-with.patch @@ -0,0 +1,44 @@ +From 1b71bc532bde8621fd3260843f8197182a467ff2 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Thu, 7 Nov 2019 10:13:01 +0100 +Subject: [PATCH] file: on Windows, refuse paths that start with \\ +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +... as that might cause an unexpected SMB connection to a given host +name. + +Reported-by: Fernando Muñoz +CVE-2019-15601 +Bug: https://curl.haxx.se/docs/CVE-2019-15601.html + +Signed-off-by: Petr Štetiar <ynezz@true.cz> +--- + lib/file.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/lib/file.c b/lib/file.c +index d349cd9241cd..166931d7f1ba 100644 +--- a/lib/file.c ++++ b/lib/file.c +@@ -136,7 +136,7 @@ static CURLcode file_connect(struct connectdata *conn, bool *done) + struct Curl_easy *data = conn->data; + char *real_path; + struct FILEPROTO *file = data->req.protop; +- int fd; ++ int fd = -1; + #ifdef DOS_FILESYSTEM + size_t i; + char *actual_path; +@@ -181,7 +181,9 @@ static CURLcode file_connect(struct connectdata *conn, bool *done) + return CURLE_URL_MALFORMAT; + } + +- fd = open_readonly(actual_path, O_RDONLY|O_BINARY); ++ if(strncmp("\\\\", actual_path, 2)) ++ /* refuse to open path that starts with two backslashes */ ++ fd = open_readonly(actual_path, O_RDONLY|O_BINARY); + file->path = actual_path; + #else + if(memchr(real_path, 0, real_path_len)) { |