Google Git
Sign in
cos / third_party / overlays / portage-stable / 5e2b0c8637e1766f746e8a1ef518d49ba5b66c18^! / .
commit5e2b0c8637e1766f746e8a1ef518d49ba5b66c18[log] [tgz]
authorSam Kunz <samkunz@google.com>Fri Oct 15 22:22:58 2021 +0000
committerCOS Cherry Picker <cloud-image-release@prod.google.com>Mon Oct 18 12:21:07 2021 -0700
tree470b6da63355a43ae3ef389c98ac9d5c46afafb1
parentf08bf9f762e71355bd788ca6a7b9b0ed2924dec0 [diff]
Lakitu: curl: backport fix for CVE-2021-22945

Backport fix to clear leftovers pointer when sending succeeds in mqtt.c
adapted from net-misc/curl upstream commit 43157490a5054bd.

BUG=b/202379149
TEST=presubmit, validation tests
RELEASE_NOTE=Fixed CVE-2021-22945 in net-misc/curl

cos-patch: security-high
Change-Id: Ie204b2d7d45a145f583c7781163394418633d6c1
Reviewed-on: https://cos-review.googlesource.com/c/third_party/overlays/portage-stable/+/24050
Reviewed-by: Vaibhav Rustagi <vaibhavrustagi@google.com>
Main-Branch-Verified: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com>
Tested-by: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com>

diff --git a/net-misc/curl/curl-7.74.0-r2.ebuild b/net-misc/curl/curl-7.74.0-r3.ebuild
similarity index 97%
rename from net-misc/curl/curl-7.74.0-r2.ebuild
rename to net-misc/curl/curl-7.74.0-r3.ebuild
index 073cde3..b855932 100644
--- a/net-misc/curl/curl-7.74.0-r2.ebuild
+++ b/net-misc/curl/curl-7.74.0-r3.ebuild

@@ -106,6 +106,10 @@
 	eapply "${FILESDIR}"/${PN}-respect-cflags-3.patch
 	eapply "${FILESDIR}"/${PN}-fix-gnutls-nettle.patch
 
+	# lakitu: apply upstream patch to resolve CVE-2021-22945
+	# https://github.com/curl/curl/commit/43157490a5054bd
+	eapply "${FILESDIR}"/${PN}-mqtt-clear-leftover-pointer-on-send-success.patch
+
 	sed -i '/LD_LIBRARY_PATH=/d' configure.ac || die #382241
 	sed -i '/CURL_MAC_CFLAGS/d' configure.ac || die #637252
 

diff --git a/net-misc/curl/files/curl-mqtt-clear-leftover-pointer-on-send-success.patch b/net-misc/curl/files/curl-mqtt-clear-leftover-pointer-on-send-success.patch
new file mode 100644
index 0000000..c23a5f8
--- /dev/null
+++ b/net-misc/curl/files/curl-mqtt-clear-leftover-pointer-on-send-success.patch

@@ -0,0 +1,15 @@
+diff --git a/lib/mqtt.c b/lib/mqtt.c
+index e324ec3dd..edcd6d72c 100644
+--- a/lib/mqtt.c
++++ b/lib/mqtt.c
+@@ -124,6 +124,10 @@ static CURLcode mqtt_send(struct connectdata *conn,
+     mq->sendleftovers = sendleftovers;
+     mq->nsend = nsend;
+   }
++  else {
++    mq->sendleftovers = NULL;
++    mq->nsend = 0;
++  }
+   return result;
+ }
+