main/curl: security upgrade - fixes #64373.1-stable

CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8620, CVE-2016-8621 CVE-2016-8622, CVE-2016-8623, CVE-2016-8624
author: Sergey Lukin <sergej.lukin@gmail.com> 2016-12-09 08:23:32 +0000
committer: Timo Teräs <timo.teras@iki.fi> 2016-12-26 09:46:12 +0000
commit: ba3dc3d210189d8b88c35c3b6850f54f8041f3fa (patch)
tree: b1ecf74c7594105573debcf6ccfd2f67522c03c6 /main/curl/CVE-2016-8617.patch
parent: f7fb6eb9c7b2bdc8ac41b605df86bb2fa114e89a (diff)
1 files changed, 36 insertions, 0 deletions
diff --git a/main/curl/CVE-2016-8617.patch b/main/curl/CVE-2016-8617.patch
new file mode 100644
index 00000000000..66c7f9ac61a
--- /dev/null
+++ b/main/curl/CVE-2016-8617.patch
@@ -0,0 +1,36 @@
+From 3599341dd611303ee9544839d30f603f606d1082 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Wed, 28 Sep 2016 00:05:12 +0200
+Subject: [PATCH] base64: check for integer overflow on large input
+
+CVE-2016-8617
+
+Bug: https://curl.haxx.se/docs/adv_20161102C.html
+Reported-by: Cure53
+---
+ lib/base64.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/lib/base64.c b/lib/base64.c
+index ad25459..204a227 100644
+--- a/lib/base64.c
++++ b/lib/base64.c
+@@ -188,10 +188,15 @@ static CURLcode base64_encode(const char *table64,
+   *outlen = 0;
+ 
+   if(!insize)
+     insize = strlen(indata);
+ 
++#if SIZEOF_SIZE_T == 4
++  if(insize > UINT_MAX/4)
++    return CURLE_OUT_OF_MEMORY;
++#endif
++
+   base64data = output = malloc(insize * 4 / 3 + 4);
+   if(!output)
+     return CURLE_OUT_OF_MEMORY;
+ 
+   /*
+-- 
+2.9.3
+
author	Sergey Lukin <sergej.lukin@gmail.com>	2016-12-09 08:23:32 +0000
committer	Timo Teräs <timo.teras@iki.fi>	2016-12-26 09:46:12 +0000
commit	ba3dc3d210189d8b88c35c3b6850f54f8041f3fa (patch)
tree	b1ecf74c7594105573debcf6ccfd2f67522c03c6 /main/curl/CVE-2016-8617.patch
parent	f7fb6eb9c7b2bdc8ac41b605df86bb2fa114e89a (diff)