diff options
Diffstat (limited to 'main/curl/CVE-2022-27781.patch')
-rw-r--r-- | main/curl/CVE-2022-27781.patch | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/main/curl/CVE-2022-27781.patch b/main/curl/CVE-2022-27781.patch new file mode 100644 index 00000000000..91dd127f778 --- /dev/null +++ b/main/curl/CVE-2022-27781.patch @@ -0,0 +1,44 @@ +Patch-Source: https://github.com/curl/curl/commit/5c7da89d404bf59c8dd82a001119a16d18365917 +From 5c7da89d404bf59c8dd82a001119a16d18365917 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Mon, 9 May 2022 10:07:15 +0200 +Subject: [PATCH] nss: return error if seemingly stuck in a cert loop +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +CVE-2022-27781 + +Reported-by: Florian Kohnhäuser +Bug: https://curl.se/docs/CVE-2022-27781.html +Closes #8822 +--- + lib/vtls/nss.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c +index 5b7de9f818952..569c0628feb5c 100644 +--- a/lib/vtls/nss.c ++++ b/lib/vtls/nss.c +@@ -983,6 +983,9 @@ static void display_cert_info(struct Curl_easy *data, + PR_Free(common_name); + } + ++/* A number of certs that will never occur in a real server handshake */ ++#define TOO_MANY_CERTS 300 ++ + static CURLcode display_conn_info(struct Curl_easy *data, PRFileDesc *sock) + { + CURLcode result = CURLE_OK; +@@ -1018,6 +1021,11 @@ static CURLcode display_conn_info(struct Curl_easy *data, PRFileDesc *sock) + cert2 = CERT_FindCertIssuer(cert, now, certUsageSSLCA); + while(cert2) { + i++; ++ if(i >= TOO_MANY_CERTS) { ++ CERT_DestroyCertificate(cert2); ++ failf(data, "certificate loop"); ++ return CURLE_SSL_CERTPROBLEM; ++ } + if(cert2->isRoot) { + CERT_DestroyCertificate(cert2); + break; |