[kirkstone,05/29] curl: Add patch to fix CVE-2022-43552

Message ID	40c86ed254c7e6ddb974901774a6f6735e75d729.1672594521.git.steve@sakoman.com
State	Accepted, archived
Commit	a0db3ddf6f2efe733271ff7f6c68fda4d215b1bb
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.210.174, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 05/29] curl: Add patch to fix CVE-2022-43552 Date: Sun, 1 Jan 2023 07:37:27 -1000 Message-Id: <40c86ed254c7e6ddb974901774a6f6735e75d729.1672594521.git.steve@sakoman.com> In-Reply-To: <cover.1672594521.git.steve@sakoman.com> References: <cover.1672594521.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[kirkstone,01/29] systemd: CVE-2022-45873 deadlock in systemd-coredump via a crash with a long backtrace \| expand [kirkstone,01/29] systemd: CVE-2022-45873 deadlock in systemd-coredump via a crash with a long back… [kirkstone,02/29] sqlite: fix CVE-2022-46908 safe mode authorizer callback allows disallowed UDFs. [kirkstone,03/29] curl: Correct LICENSE from MIT-open-group to curl [kirkstone,04/29] curl: Add patch to fix CVE-2022-43551 [kirkstone,05/29] curl: Add patch to fix CVE-2022-43552 [kirkstone,06/29] libX11: CVE-2022-3554 & CVE-2022-3555 Fix memory leak [kirkstone,07/29] cairo: update patch for CVE-2019-6461 with upstream solution [kirkstone,08/29] binutils : Fix CVE-2022-4285 [kirkstone,09/29] linux-yocto/5.10: update to v5.10.152 [kirkstone,10/29] linux-yocto/5.10: update to v5.10.154 [kirkstone,11/29] linux-yocto/5.10: update to v5.10.160 [kirkstone,12/29] libpng: upgrade 1.6.38 -> 1.6.39 [kirkstone,13/29] webkitgtk: 2.36.7 -> 2.36.8 [kirkstone,14/29] libnewt: update 0.52.21 -> 0.52.23 [kirkstone,15/29] ruby: merge .inc into .bb [kirkstone,16/29] ruby: update 3.1.2 -> 3.1.3 [kirkstone,17/29] tzdata: update 2022d -> 2022g [kirkstone,18/29] gstreamer1.0: upgrade 1.20.4 -> 1.20.5 [kirkstone,19/29] openssh: remove RRECOMMENDS to rng-tools for sshd package [kirkstone,20/29] baremetal-image: Avoid overriding qemu variables from IMAGE_CLASSES [kirkstone,21/29] go-crosssdk: avoid host contamination by GOCACHE [kirkstone,22/29] libepoxy: remove upstreamed patch [kirkstone,23/29] classes/create-spdx: Add SPDX_PRETTY option [kirkstone,24/29] libxml2: fix test data checksums [kirkstone,25/29] kernel.bbclass: remove empty module directories to prevent QA issues [kirkstone,26/29] devtool/upgrade: correctly handle recipes where S is a subdir of upstream tree [kirkstone,27/29] qemuboot.bbclass: make sure runqemu boots bundled initramfs kernel image [kirkstone,28/29] valgrind: skip the boost_thread test on arm [kirkstone,29/29] oeqa/concurrencytest: Add number of failures to summary output

Message ID

40c86ed254c7e6ddb974901774a6f6735e75d729.1672594521.git.steve@sakoman.com

State

Accepted, archived

Commit

a0db3ddf6f2efe733271ff7f6c68fda4d215b1bb

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 05/29] curl: Add patch to fix CVE-2022-43552
Date: Sun,  1 Jan 2023 07:37:27 -1000
Message-Id: 
 <40c86ed254c7e6ddb974901774a6f6735e75d729.1672594521.git.steve@sakoman.com>
In-Reply-To: <cover.1672594521.git.steve@sakoman.com>
References: <cover.1672594521.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[kirkstone,01/29] systemd: CVE-2022-45873 deadlock in systemd-coredump via a crash with a long backtrace | expand

Commit Message

Steve Sakoman Jan. 1, 2023, 5:37 p.m. UTC

From: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>

Add patch to fix the security issue "curl can be asked to tunnel
virtually all protocols it supports through an HTTP proxy. HTTP proxies
can (and often do) deny such tunnel operations using an appropriate HTTP
error response code." as per below link
Link: https://curl.se/docs/CVE-2022-43552.html

Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../curl/curl/CVE-2022-43552.patch            | 80 +++++++++++++++++++
 meta/recipes-support/curl/curl_7.82.0.bb      |  1 +
 2 files changed, 81 insertions(+)
 create mode 100644 meta/recipes-support/curl/curl/CVE-2022-43552.patch

diff --git a/meta/recipes-support/curl/curl/CVE-2022-43552.patch b/meta/recipes-support/curl/curl/CVE-2022-43552.patch
new file mode 100644
index 0000000000..dfe6d8c6d5
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2022-43552.patch
@@ -0,0 +1,80 @@ 
+From 4f20188ac644afe174be6005ef4f6ffba232b8b2 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 19 Dec 2022 08:38:37 +0100
+Subject: [PATCH] smb/telnet: do not free the protocol struct in *_done()
+
+It is managed by the generic layer.
+
+Reported-by: Trail of Bits
+
+Closes #10112
+
+CVE: CVE-2022-43552
+Upstream-Status: Backport [https://github.com/curl/curl/commit/4f20188ac644afe174be6005ef4f6ffba232b8b2]
+Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
+
+---
+ lib/smb.c    | 14 ++------------
+ lib/telnet.c |  3 ---
+ 2 files changed, 2 insertions(+), 15 deletions(-)
+
+diff --git a/lib/smb.c b/lib/smb.c
+index 2cfe041dff072..48d5a2fe006d5 100644
+--- a/lib/smb.c
++++ b/lib/smb.c
+@@ -58,8 +58,6 @@ static CURLcode smb_connect(struct Curl_easy *data, bool *done);
+ static CURLcode smb_connection_state(struct Curl_easy *data, bool *done);
+ static CURLcode smb_do(struct Curl_easy *data, bool *done);
+ static CURLcode smb_request_state(struct Curl_easy *data, bool *done);
+-static CURLcode smb_done(struct Curl_easy *data, CURLcode status,
+-                         bool premature);
+ static CURLcode smb_disconnect(struct Curl_easy *data,
+                                struct connectdata *conn, bool dead);
+ static int smb_getsock(struct Curl_easy *data, struct connectdata *conn,
+@@ -74,7 +72,7 @@ const struct Curl_handler Curl_handler_smb = {
+   "SMB",                                /* scheme */
+   smb_setup_connection,                 /* setup_connection */
+   smb_do,                               /* do_it */
+-  smb_done,                             /* done */
++  ZERO_NULL,                            /* done */
+   ZERO_NULL,                            /* do_more */
+   smb_connect,                          /* connect_it */
+   smb_connection_state,                 /* connecting */
+@@ -101,7 +99,7 @@ const struct Curl_handler Curl_handler_smbs = {
+   "SMBS",                               /* scheme */
+   smb_setup_connection,                 /* setup_connection */
+   smb_do,                               /* do_it */
+-  smb_done,                             /* done */
++  ZERO_NULL,                            /* done */
+   ZERO_NULL,                            /* do_more */
+   smb_connect,                          /* connect_it */
+   smb_connection_state,                 /* connecting */
+@@ -936,14 +934,6 @@ static CURLcode smb_request_state(struct Curl_easy *data, bool *done)
+   return CURLE_OK;
+ }
+ 
+-static CURLcode smb_done(struct Curl_easy *data, CURLcode status,
+-                         bool premature)
+-{
+-  (void) premature;
+-  Curl_safefree(data->req.p.smb);
+-  return status;
+-}
+-
+ static CURLcode smb_disconnect(struct Curl_easy *data,
+                                struct connectdata *conn, bool dead)
+ {
+diff --git a/lib/telnet.c b/lib/telnet.c
+index 24d3f1efb14c8..22bc81e755222 100644
+--- a/lib/telnet.c
++++ b/lib/telnet.c
+@@ -1248,9 +1248,6 @@ static CURLcode telnet_done(struct Curl_easy *data,
+ 
+   curl_slist_free_all(tn->telnet_vars);
+   tn->telnet_vars = NULL;
+-
+-  Curl_safefree(data->req.p.telnet);
+-
+   return CURLE_OK;
+ }
+ 
diff --git a/meta/recipes-support/curl/curl_7.82.0.bb b/meta/recipes-support/curl/curl_7.82.0.bb
index bd68e40ca4..13f157ead8 100644
--- a/meta/recipes-support/curl/curl_7.82.0.bb
+++ b/meta/recipes-support/curl/curl_7.82.0.bb
@@ -33,6 +33,7 @@  SRC_URI = "https://curl.se/download/${BP}.tar.xz \
            file://CVE-2022-42916.patch \
            file://CVE-2022-42915.patch \
            file://CVE-2022-43551.patch \
+           file://CVE-2022-43552.patch \
            "
 SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c"

[kirkstone,05/29] curl: Add patch to fix CVE-2022-43552

Commit Message

Patch