aboutsummaryrefslogtreecommitdiffstats
path: root/package/network
diff options
context:
space:
mode:
authorPetr Štetiar <ynezz@true.cz>2020-05-01 10:12:11 +0200
committerPetr Štetiar <ynezz@true.cz>2020-05-01 11:12:31 +0200
commit55591e63bcb21e9bd2327f9a2bc0fd55f14734d6 (patch)
tree7331c679a96bdea92ea0843a00fcaabe0adceba7 /package/network
parent35ea808b97e062eb0deb8dda5a05e95e612de34c (diff)
downloadupstream-55591e63bcb21e9bd2327f9a2bc0fd55f14734d6.tar.gz
upstream-55591e63bcb21e9bd2327f9a2bc0fd55f14734d6.tar.bz2
upstream-55591e63bcb21e9bd2327f9a2bc0fd55f14734d6.zip
curl: backport fix for CVE-2019-15601
On Windows, refuse paths that start with \\ ... as that might cause an unexpected SMB connection to a given host name. Ref: PR#2730 Ref: https://curl.haxx.se/docs/CVE-2019-15601.html Suggested-by: Jerome Benoit <jerome.benoit@sap.com> Signed-off-by: Petr Štetiar <ynezz@true.cz>
Diffstat (limited to 'package/network')
-rw-r--r--package/network/utils/curl/Makefile2
-rw-r--r--package/network/utils/curl/patches/100-file-on-Windows-refuse-paths-that-start-with.patch44
2 files changed, 45 insertions, 1 deletions
diff --git a/package/network/utils/curl/Makefile b/package/network/utils/curl/Makefile
index d4fcf1814a..1c95b9f131 100644
--- a/package/network/utils/curl/Makefile
+++ b/package/network/utils/curl/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=curl
PKG_VERSION:=7.66.0
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://dl.uxnr.de/mirror/curl/ \
diff --git a/package/network/utils/curl/patches/100-file-on-Windows-refuse-paths-that-start-with.patch b/package/network/utils/curl/patches/100-file-on-Windows-refuse-paths-that-start-with.patch
new file mode 100644
index 0000000000..254d678269
--- /dev/null
+++ b/package/network/utils/curl/patches/100-file-on-Windows-refuse-paths-that-start-with.patch
@@ -0,0 +1,44 @@
+From 1b71bc532bde8621fd3260843f8197182a467ff2 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 7 Nov 2019 10:13:01 +0100
+Subject: [PATCH] file: on Windows, refuse paths that start with \\
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+... as that might cause an unexpected SMB connection to a given host
+name.
+
+Reported-by: Fernando Muñoz
+CVE-2019-15601
+Bug: https://curl.haxx.se/docs/CVE-2019-15601.html
+
+Signed-off-by: Petr Štetiar <ynezz@true.cz>
+---
+ lib/file.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/lib/file.c b/lib/file.c
+index d349cd9241cd..166931d7f1ba 100644
+--- a/lib/file.c
++++ b/lib/file.c
+@@ -136,7 +136,7 @@ static CURLcode file_connect(struct connectdata *conn, bool *done)
+ struct Curl_easy *data = conn->data;
+ char *real_path;
+ struct FILEPROTO *file = data->req.protop;
+- int fd;
++ int fd = -1;
+ #ifdef DOS_FILESYSTEM
+ size_t i;
+ char *actual_path;
+@@ -181,7 +181,9 @@ static CURLcode file_connect(struct connectdata *conn, bool *done)
+ return CURLE_URL_MALFORMAT;
+ }
+
+- fd = open_readonly(actual_path, O_RDONLY|O_BINARY);
++ if(strncmp("\\\\", actual_path, 2))
++ /* refuse to open path that starts with two backslashes */
++ fd = open_readonly(actual_path, O_RDONLY|O_BINARY);
+ file->path = actual_path;
+ #else
+ if(memchr(real_path, 0, real_path_len)) {