diff mbox series

[kirkstone,25/30] curl: backport openssl fix CN check error code

Message ID 7a8d374a3d4bbef336be2b273afc00c93c637ae6.1656876825.git.steve@sakoman.com
State Accepted, archived
Commit 7a8d374a3d4bbef336be2b273afc00c93c637ae6
Headers show
Series [kirkstone,01/30] unzip: Port debian fixes for two CVEs | expand

Commit Message

Steve Sakoman July 3, 2022, 7:36 p.m. UTC 
From: Jose Quaresma <quaresma.jose@gmail.com>

Fix out of memory [1]

OpenSSL host verification + hostname in certificate CN only seems broken in 7.82.0

[1] https://github.com/curl/curl/issues/8559

Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...0001-openssl-fix-CN-check-error-code.patch | 38 +++++++++++++++++++
 meta/recipes-support/curl/curl_7.82.0.bb      |  1 +
 2 files changed, 39 insertions(+)
 create mode 100644 meta/recipes-support/curl/curl/0001-openssl-fix-CN-check-error-code.patch
diff mbox series

Patch

diff --git a/meta/recipes-support/curl/curl/0001-openssl-fix-CN-check-error-code.patch b/meta/recipes-support/curl/curl/0001-openssl-fix-CN-check-error-code.patch
new file mode 100644
index 0000000000..c0a2355e5b
--- /dev/null
+++ b/meta/recipes-support/curl/curl/0001-openssl-fix-CN-check-error-code.patch
@@ -0,0 +1,38 @@ 
+From 0677924c6ec7e0d68964553fb760f6d407242c54 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Tue, 8 Mar 2022 13:38:13 +0100
+Subject: [PATCH] openssl: fix CN check error code
+
+Due to a missing 'else' this returns error too easily.
+
+Regressed in: d15692ebb
+
+Reported-by: Kristoffer Gleditsch
+Fixes #8559
+Closes #8560
+
+Upstream-Status: Backport [https://github.com/curl/curl/commit/911714d617c106ed5d553bf003e34ec94ab6a136]
+
+Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
+
+---
+ lib/vtls/openssl.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
+index 616a510..1bafe96 100644
+--- a/lib/vtls/openssl.c
++++ b/lib/vtls/openssl.c
+@@ -1808,7 +1808,8 @@ CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn,
+               memcpy(peer_CN, ASN1_STRING_get0_data(tmp), peerlen);
+               peer_CN[peerlen] = '\0';
+             }
+-            result = CURLE_OUT_OF_MEMORY;
++            else
++              result = CURLE_OUT_OF_MEMORY;
+           }
+         }
+         else /* not a UTF8 name */
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/curl/curl_7.82.0.bb b/meta/recipes-support/curl/curl_7.82.0.bb
index ba3fd11820..d5dfe62a39 100644
--- a/meta/recipes-support/curl/curl_7.82.0.bb
+++ b/meta/recipes-support/curl/curl_7.82.0.bb
@@ -23,6 +23,7 @@  SRC_URI = "https://curl.se/download/${BP}.tar.xz \
            file://CVE-2022-27779.patch \
            file://CVE-2022-27782-1.patch \
            file://CVE-2022-27782-2.patch \
+           file://0001-openssl-fix-CN-check-error-code.patch \
            "
 SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c"