diff options
author | 2020-03-30 09:24:26 +0900 | |
---|---|---|
committer | 2020-03-30 09:24:26 +0900 | |
commit | 5b80bfd7bffd4c20d80b7c70a7130529e9a755dd (patch) | |
tree | b4bb18dcd1487dbf1ea8127e5671b7bb2eded033 /external/poky/meta/recipes-support/curl/curl/CVE-2019-5436.patch | |
parent | 706ad73eb02caf8532deaf5d38995bd258725cb8 (diff) |
agl-basesystem
Diffstat (limited to 'external/poky/meta/recipes-support/curl/curl/CVE-2019-5436.patch')
-rw-r--r-- | external/poky/meta/recipes-support/curl/curl/CVE-2019-5436.patch | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/external/poky/meta/recipes-support/curl/curl/CVE-2019-5436.patch b/external/poky/meta/recipes-support/curl/curl/CVE-2019-5436.patch new file mode 100644 index 00000000..05fd8e9b --- /dev/null +++ b/external/poky/meta/recipes-support/curl/curl/CVE-2019-5436.patch @@ -0,0 +1,32 @@ +From 2576003415625d7b5f0e390902f8097830b82275 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Fri, 3 May 2019 22:20:37 +0200 +Subject: [PATCH] tftp: use the current blksize for recvfrom() + +bug: https://curl.haxx.se/docs/CVE-2019-5436.html +Reported-by: l00p3r on hackerone +CVE-2019-5436 + +Upstream-Status: Backport +https://github.com/curl/curl/commit/2576003415625d7b5f0e390902f8097830b82275 +CVE: CVE-2019-5436 +affects: libcurl 7.19.4 to and including 7.64.1 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + lib/tftp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: curl-7.61.0/lib/tftp.c +=================================================================== +--- curl-7.61.0.orig/lib/tftp.c ++++ curl-7.61.0/lib/tftp.c +@@ -1005,7 +1005,7 @@ static CURLcode tftp_connect(struct conn + state->sockfd = state->conn->sock[FIRSTSOCKET]; + state->state = TFTP_STATE_START; + state->error = TFTP_ERR_NONE; +- state->blksize = TFTP_BLKSIZE_DEFAULT; ++ state->blksize = blksize; + state->requested_blksize = blksize; + + ((struct sockaddr *)&state->local_addr)->sa_family = |