diff options
author | Thorsten Behrens <Thorsten.Behrens@CIB.de> | 2018-09-22 19:14:00 +0200 |
---|---|---|
committer | Thorsten Behrens <Thorsten.Behrens@CIB.de> | 2019-02-08 16:50:22 +0100 |
commit | 8f6b5ab3ce67c3d4f463133fb9e67be3c2a0e1c8 (patch) | |
tree | 7bb1aa4a136b8b8c81f2272221dd79400deb0834 | |
parent | 3ab1cef64f9becfbfb9935b01cfa3f8d2dbb272a (diff) |
curl: fix CVE-2018-14618
* don't upgrade to new release, just use the patch from git
Change-Id: I1f2af0cb388c6a94a817b765d0a1eff9990f1661
-rw-r--r-- | external/curl/CVE-2018-14618.patch | 34 | ||||
-rw-r--r-- | external/curl/UnpackedTarball_curl.mk | 1 |
2 files changed, 35 insertions, 0 deletions
diff --git a/external/curl/CVE-2018-14618.patch b/external/curl/CVE-2018-14618.patch new file mode 100644 index 000000000000..5d99c9fb3118 --- /dev/null +++ b/external/curl/CVE-2018-14618.patch @@ -0,0 +1,34 @@ +From 57d299a499155d4b327e341c6024e293b0418243 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Mon, 13 Aug 2018 10:35:52 +0200 +Subject: [PATCH] Curl_ntlm_core_mk_nt_hash: return error on too long password + +... since it would cause an integer overflow if longer than (max size_t +/ 2). + +This is CVE-2018-14618 + +Bug: https://curl.haxx.se/docs/CVE-2018-14618.html +Closes #2756 +Reported-by: Zhaoyang Wu +--- + lib/curl_ntlm_core.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/lib/curl_ntlm_core.c b/lib/curl_ntlm_core.c +index e27cab353c..922e85a926 100644 +--- a/lib/curl_ntlm_core.c ++++ b/lib/curl_ntlm_core.c +@@ -557,8 +557,11 @@ CURLcode Curl_ntlm_core_mk_nt_hash(struct Curl_easy *data, + unsigned char *ntbuffer /* 21 bytes */) + { + size_t len = strlen(password); +- unsigned char *pw = len ? malloc(len * 2) : strdup(""); ++ unsigned char *pw; + CURLcode result; ++ if(len > SIZE_T_MAX/2) /* avoid integer overflow */ ++ return CURLE_OUT_OF_MEMORY; ++ pw = len ? malloc(len * 2) : strdup(""); + if(!pw) + return CURLE_OUT_OF_MEMORY; + diff --git a/external/curl/UnpackedTarball_curl.mk b/external/curl/UnpackedTarball_curl.mk index a578a103c350..6ecef5bb4db7 100644 --- a/external/curl/UnpackedTarball_curl.mk +++ b/external/curl/UnpackedTarball_curl.mk @@ -21,6 +21,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,curl,\ external/curl/curl-msvc.patch.1 \ external/curl/curl-msvc-disable-protocols.patch.1 \ external/curl/curl-7.26.0_win-proxy.patch \ + external/curl/CVE-2018-14618.patch \ )) ifeq ($(OS),ANDROID) |