diff options
| author | Hauke Mehrtens <hauke@hauke-m.de> | 2018-08-10 21:39:06 +0200 |
|---|---|---|
| committer | Hauke Mehrtens <hauke@hauke-m.de> | 2018-08-10 22:56:31 +0200 |
| commit | 9bc43f3e65bc8e0bb3d0c5ea8ff906111197afb9 (patch) | |
| tree | 6c855135e0208b15092012d4c86363d19de846f6 /package/network/utils/curl/patches/112-CVE-2018-1000121.patch | |
| parent | b3983323a1f25c936ddfcc129c454b282e90eeed (diff) | |
| download | upstream-9bc43f3e65bc8e0bb3d0c5ea8ff906111197afb9.tar.gz upstream-9bc43f3e65bc8e0bb3d0c5ea8ff906111197afb9.tar.bz2 upstream-9bc43f3e65bc8e0bb3d0c5ea8ff906111197afb9.zip | |
curl: fix some security problems
This fixes the following security problems:
* CVE-2017-1000254: FTP PWD response parser out of bounds read
* CVE-2017-1000257: IMAP FETCH response out of bounds read
* CVE-2018-1000005: HTTP/2 trailer out-of-bounds read
* CVE-2018-1000007: HTTP authentication leak in redirects
* CVE-2018-1000120: FTP path trickery leads to NIL byte out of bounds write
* CVE-2018-1000121: LDAP NULL pointer dereference
* CVE-2018-1000122: RTSP RTP buffer over-read
* CVE-2018-1000301: RTSP bad headers buffer over-read
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Diffstat (limited to 'package/network/utils/curl/patches/112-CVE-2018-1000121.patch')
| -rw-r--r-- | package/network/utils/curl/patches/112-CVE-2018-1000121.patch | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/package/network/utils/curl/patches/112-CVE-2018-1000121.patch b/package/network/utils/curl/patches/112-CVE-2018-1000121.patch new file mode 100644 index 0000000000..8fdb3377d3 --- /dev/null +++ b/package/network/utils/curl/patches/112-CVE-2018-1000121.patch @@ -0,0 +1,37 @@ +From 8f341a5d6f15381492ca2013325d485b6d8d1c13 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Tue, 6 Mar 2018 23:02:16 +0100 +Subject: [PATCH] openldap: check ldap_get_attribute_ber() results for NULL + before using + +CVE-2018-1000121 +Reported-by: Dario Weisser +Bug: https://curl.haxx.se/docs/adv_2018-97a2.html +--- + lib/openldap.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/lib/openldap.c ++++ b/lib/openldap.c +@@ -443,7 +443,7 @@ static ssize_t ldap_recv(struct connectd + + for(ent = ldap_first_message(li->ld, msg); ent; + ent = ldap_next_message(li->ld, ent)) { +- struct berval bv, *bvals, **bvp = &bvals; ++ struct berval bv, *bvals; + int binary = 0, msgtype; + CURLcode writeerr; + +@@ -505,9 +505,9 @@ static ssize_t ldap_recv(struct connectd + } + data->req.bytecount += bv.bv_len + 5; + +- for(rc = ldap_get_attribute_ber(li->ld, ent, ber, &bv, bvp); +- rc == LDAP_SUCCESS; +- rc = ldap_get_attribute_ber(li->ld, ent, ber, &bv, bvp)) { ++ for(rc = ldap_get_attribute_ber(li->ld, ent, ber, &bv, &bvals); ++ (rc == LDAP_SUCCESS) && bvals; ++ rc = ldap_get_attribute_ber(li->ld, ent, ber, &bv, &bvals)) { + int i; + + if(bv.bv_val == NULL) break; |