diff options
| author | Chris Novakovic <chris@chrisn.me.uk> | 2021-05-27 00:59:49 +0100 |
|---|---|---|
| committer | Chris Novakovic <chris@chrisn.me.uk> | 2021-05-27 00:59:49 +0100 |
| commit | 3a564fc3f9e238b7e5c91f21aab204c14ba1e570 (patch) | |
| tree | 144321be1a90c22fa9d683749287a615a9efd26a | |
| parent | ca087996b58a77a9e3c1aaee70ad8645a7caa612 (diff) | |
main/curl: remediate CVE-2021-22898
Cherry-pick the fix for CVE-2021-22898 from upstream:
https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde
| -rw-r--r-- | main/curl/APKBUILD | 8 | ||||
| -rw-r--r-- | main/curl/CVE-2021-22898.patch | 25 |
2 files changed, 31 insertions, 2 deletions
diff --git a/main/curl/APKBUILD b/main/curl/APKBUILD index e1a31ba8a0f..3d1db090c12 100644 --- a/main/curl/APKBUILD +++ b/main/curl/APKBUILD @@ -4,7 +4,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=curl pkgver=7.66.0 -pkgrel=3 +pkgrel=4 pkgdesc="URL retrival utility and library" url="https://curl.haxx.se/" arch="all" @@ -20,9 +20,12 @@ source="https://curl.haxx.se/download/$pkgname-$pkgver.tar.xz CVE-2020-8231.patch CVE-2020-8285.patch CVE-2020-8286.patch + CVE-2021-22898.patch " # secfixes: +# 7.66.0-r4: +# - CVE-2021-22898 # 7.66.0-r3: # - CVE-2020-8285 # - CVE-2020-8286 @@ -141,4 +144,5 @@ sha512sums="81170e7e4fa9d99ee2038d96d7f2ab10dcf52435331c818c7565c1a733891720f845 964b6bece2d748ac5dca6afe4689341e677b3c0961237485167157567526a898b8371104a7e075cd3c255ead50ea8658d8760d4a2eab4e5de11558372c4d189c CVE-2020-8177.patch d5f4421e5ac6f89220d00fb156c803edbb64679e9064ca8328269eea3582ee7780f77522b5069a1288cc09e968567175c94139249cc337906243c95d0bc3e684 CVE-2020-8231.patch 2765302f147ad29b7187d334edfb66076ab81088583dd681ba37aed96eee6a5108ca8281fe185e60494d4aeda003216319d15e05a341f5796698452816fe0f97 CVE-2020-8285.patch -6c42a589a8bc7b588dcd2c3e656a221000608841b6347c66e640ba818f6ff73fcfaf1ae1948dcbd446689559f54476b0ca5e340fb00f44da1defb7c2573d4a8c CVE-2020-8286.patch" +6c42a589a8bc7b588dcd2c3e656a221000608841b6347c66e640ba818f6ff73fcfaf1ae1948dcbd446689559f54476b0ca5e340fb00f44da1defb7c2573d4a8c CVE-2020-8286.patch +c52275bc8ce1463b5a05c5387144b743462a2f551853134254317023ad39445eb53119d88bfb58d17aaa6e5f86985c2f2b540980337eaca1f385ac15818546e6 CVE-2021-22898.patch" diff --git a/main/curl/CVE-2021-22898.patch b/main/curl/CVE-2021-22898.patch new file mode 100644 index 00000000000..ea4d2cb37e8 --- /dev/null +++ b/main/curl/CVE-2021-22898.patch @@ -0,0 +1,25 @@ +From 39ce47f219b09c380b81f89fe54ac586c8db6bde Mon Sep 17 00:00:00 2001 +From: Harry Sintonen <sintonen@iki.fi> +Date: Fri, 7 May 2021 13:09:57 +0200 +Subject: [PATCH] telnet: check sscanf() for correct number of matches + +CVE-2021-22898 + +Bug: https://curl.se/docs/CVE-2021-22898.html +--- + lib/telnet.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/telnet.c b/lib/telnet.c +index 26e0658ba9cc..fdd137fb0c04 100644 +--- a/lib/telnet.c ++++ b/lib/telnet.c +@@ -922,7 +922,7 @@ static void suboption(struct Curl_easy *data) + size_t tmplen = (strlen(v->data) + 1); + /* Add the variable only if it fits */ + if(len + tmplen < (int)sizeof(temp)-6) { +- if(sscanf(v->data, "%127[^,],%127s", varname, varval)) { ++ if(sscanf(v->data, "%127[^,],%127s", varname, varval) == 2) { + msnprintf((char *)&temp[len], sizeof(temp) - len, + "%c%s%c%s", CURL_NEW_ENV_VAR, varname, + CURL_NEW_ENV_VALUE, varval); |