aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/utils/curl/patches/100-CVE-2017-2629.patch
diff options
context:
space:
mode:
Diffstat (limited to 'package/network/utils/curl/patches/100-CVE-2017-2629.patch')
-rw-r--r--package/network/utils/curl/patches/100-CVE-2017-2629.patch33
1 files changed, 33 insertions, 0 deletions
diff --git a/package/network/utils/curl/patches/100-CVE-2017-2629.patch b/package/network/utils/curl/patches/100-CVE-2017-2629.patch
new file mode 100644
index 0000000000..f2cd869c5b
--- /dev/null
+++ b/package/network/utils/curl/patches/100-CVE-2017-2629.patch
@@ -0,0 +1,33 @@
+From a00a42b4abe8363a46071bb3b43b1b7138f5259b Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Sun, 22 Jan 2017 18:11:55 +0100
+Subject: [PATCH] TLS: make SSL_VERIFYSTATUS work again
+
+The CURLOPT_SSL_VERIFYSTATUS option was not properly handled by libcurl
+and thus even if the status couldn't be verified, the connection would
+be allowed and the user would not be told about the failed verification.
+
+Regression since cb4e2be7c6d42ca
+
+CVE-2017-2629
+Bug: https://curl.haxx.se/docs/adv_20170222.html
+
+Reported-by: Marcus Hoffmann
+---
+ lib/url.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/lib/url.c
++++ b/lib/url.c
+@@ -4141,8 +4141,11 @@ static struct connectdata *allocate_conn
+ conn->bits.ftp_use_epsv = data->set.ftp_use_epsv;
+ conn->bits.ftp_use_eprt = data->set.ftp_use_eprt;
+
++ conn->ssl_config.verifystatus = data->set.ssl.primary.verifystatus;
+ conn->ssl_config.verifypeer = data->set.ssl.primary.verifypeer;
+ conn->ssl_config.verifyhost = data->set.ssl.primary.verifyhost;
++ conn->proxy_ssl_config.verifystatus =
++ data->set.proxy_ssl.primary.verifystatus;
+ conn->proxy_ssl_config.verifypeer = data->set.proxy_ssl.primary.verifypeer;
+ conn->proxy_ssl_config.verifyhost = data->set.proxy_ssl.primary.verifyhost;
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-12 13:45:37 +0000